hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,984 Commits 1,741 Branches 165 Tags
a1f210df67bcfd03ddc26123194ff06f5c49cefa
Commit Graph

1984 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
a1f210df67 JavaScript: Address review comments. 2018-12-05 14:10:06 +00:00
Max Schaefer
22502e7a10 JavaScript: Add query help for FileAccessToHttp query. 2018-12-05 13:12:52 +00:00
Max Schaefer
92c1e655dd JavaScript: Add query help for HttpToFileAccess query. 2018-12-05 12:58:38 +00:00
semmle-qlci
3d058a2895 Merge pull request #603 from xiemaisi/js/fix-inconsistent-new 
Approved by asger-semmle, esben-semmle
 2018-12-03 16:48:55 +00:00
Geoffrey White
436ee553a6 Merge pull request #589 from jbj/1.19-change-notes 
C++: add missing 1.19 change notes
 2018-12-03 15:56:18 +00:00
Taus
76b1bbc56a Merge pull request #565 from markshannon/python-analysis-queries-qhelp 
Python: Delete some misleading qhelp and rename a couple of queries.
 2018-12-03 14:42:03 +01:00
Max Schaefer
8627ddbe4b JavaScript: Adjust alert message. 2018-12-03 12:38:00 +00:00
Jonas Jensen
8f60c09804 C++: Clarify cpp/virtual-destructor changelog 2018-12-03 13:04:24 +01:00
Geoffrey White
a3a5829fd0 Merge pull request #598 from jbj/AlwaysTrueUponEntryLoop-perf 
C++: data flow AlwaysTrueUponEntryLoop perf fix
 2018-12-03 10:59:50 +00:00
Max Schaefer
1a3e3baf80 JavaScript: Add change note. 2018-12-03 09:06:48 +00:00
Jonas Jensen
d14cf34cc6 C++: data flow AlwaysTrueUponEntryLoop perf fix 
The predicate `AlwaysTrueUponEntryLoop.getARelevantVariable` was very
sensitive to join ordering, and with the 1.19 QL engine it got an
unfortunate join order that made it explode on certain snapshots. With
this change, it goes from taking minutes to taking less than a second on
a libretro-uae snapshot.
 2018-12-01 10:07:08 +01:00
Max Schaefer
3351650895 JavaScript: Make InconsistentNew give fewer results. 2018-11-30 16:13:46 +00:00
Max Schaefer
b17518a5eb JavaScript: Refactor InconsistentNew to improve performance. 
All the filtering is now done in `getALikelyCallee`, to which I have also added an additional parameter that improves the join in the `select` clause.

I've also simplified the alert message to no longer use `toString`, which isn't meant for alert messages anyway. (This is an old query.)
 2018-11-30 15:40:45 +00:00
Jonas Jensen
148c79a0e6 C++: Deprecate RecursionPrevention 2018-11-30 15:41:43 +01:00
Jonas Jensen
9532ee5177 C++: Add more detail to change notes for libraries 2018-11-30 14:29:08 +01:00
Jonas Jensen
b793807af5 C++: Complete change notes for Dave's PRs 2018-11-30 13:44:40 +01:00
Mark Shannon
d933152a54 Merge pull request #573 from felicity-semmle/1.19/python-change-notes 
Python: finalize change notes for 1.19
 2018-11-30 12:30:57 +00:00
Jonas Jensen
9daefa3613 C++: Complete change notes for my own PRs 2018-11-30 13:09:27 +01:00
semmle-qlci
608d84cfa3 Merge pull request #561 from asger-semmle/useless-conditional-change-note 
Approved by esben-semmle
 2018-11-30 11:37:51 +00:00
Geoffrey White
453529e3bf Merge pull request #575 from jbj/UnsafeCreateProcessCall-nullValue 
C++: Avoid using nullValue predicate (rc/1.19)
 2018-11-30 09:54:17 +00:00
Jonas Jensen
dd3791490a Merge pull request #580 from geoffw0/av-79-perf 
CPP: Fix performance issue with AV Rule 79.ql.
 2018-11-30 08:39:38 +01:00
Felicity Chapman
586eaef270 Update for feedback 2018-11-29 18:20:34 +00:00
Mark Shannon
9aa59fd419 Fix spelling. 2018-11-29 18:11:57 +00:00
Jonas Jensen
b98452ddb1 Merge pull request #474 from rdmarsh2/rdmarsh/cpp/call-side-effect 
C++: Initital aliased SSA with Chi nodes and function side effects
 2018-11-29 18:31:29 +01:00
Geoffrey White
4744cece7b Merge pull request #576 from jbj/bbEntryReachesLocally-perf 
C++: Fix performance of bbEntryReachesLocally (1.19)
 2018-11-29 17:12:47 +00:00
Asger F
f85e30aa6c Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code 
JavaScript: Add new query `HardcodedDataInterpretedAsCode`.
 2018-11-29 17:07:48 +00:00
Taus
1956cd802f Merge pull request #577 from markshannon/python-fix-performance-regression-dependencies 
Python: Fix performance regression in dependency analysis
 2018-11-29 16:41:58 +01:00
Geoffrey White
e09ce77678 CPP: Fix performance issue with AV Rule 79.ql. 2018-11-29 15:16:01 +00:00
Mark Shannon
8414d46a87 Python: Fix accidentally introduced cartesian product. 2018-11-29 14:19:47 +00:00
Jonas Jensen
62d478eab3 C++: Fix performance of bbEntryReachesLocally 
This predicate was fast with the queries and engine from 1.18. With the
queries from `master` it got a bad join order in the
`UninitializedLocal.ql` query, which made it take 2m34s on Wireshark.
This commit decomposes `bbEntryReachesLocally` into two predicates that
together take only 4s.
 2018-11-29 15:11:32 +01:00
Jonas Jensen
8654ebcbbd C++: Avoid using nullValue predicate 
The `nullValue` predicate performs a slow custom data-flow analysis to
find possible null values. It's so slow that it timed out after 1200s on
Wireshark.

In `UnsafeCreateProcessCall.ql`, the values found with `nullValue` were
used as sources in another data-flow analysis. By using the `NullValue`
class as sink instead of `nullValue`, we avoid the slow-down of doing
data flow twice. The `NullValue` class is essentially the base case of
`nullValue`. Confusing names, yes.
 2018-11-29 13:33:45 +01:00
Max Schaefer
73ce0f17d6 JavaScript: Americanise change note spelling. 2018-11-29 11:23:47 +00:00
Max Schaefer
8637eaf100 JavaScript: Address review comments. 2018-11-29 10:48:44 +00:00
Felicity Chapman
f6fe8d5a28 Text updates for consistency and clarity 2018-11-29 10:20:13 +00:00
mc
83d4fb6711 Merge pull request #559 from xiemaisi/js/invalid-dynamic-method-call 
JavaScript: Documentation review for new query `UnvalidatedDynamicMethodCall`.
 2018-11-29 09:59:53 +00:00
Max Schaefer
5f16406ad7 JavaScript: Add new query HardcodedDataInterpretedAsCode. 2018-11-29 09:52:31 +00:00
Max Schaefer
94a5722c2a JavaScript: Model taint propagation through new Buffer and Buffer.from. 2018-11-29 09:52:31 +00:00
Max Schaefer
4091cf410d JavaScript: Improve detection of require calls. 2018-11-29 09:52:31 +00:00
Max Schaefer
506236994f JavaScript: Address doc review comments. 2018-11-29 09:49:13 +00:00
Dave Bartolomeo
40864f9ebb C++: Fix GVN test expectation 2018-11-28 14:07:23 -08:00
Dave Bartolomeo
d7938362dd C++: Rename Chi IPA types to match classes 2018-11-28 10:33:04 -08:00
Taus
595e6fcbf8 Merge pull request #550 from markshannon/python-weak-crypto 
Python: Query for use of weak crypto keys.
 2018-11-28 18:21:27 +01:00
Mark Shannon
a345727f71 Python fix up tags in qhelp. 2018-11-28 17:14:07 +00:00
Mark Shannon
b3eaa46f14 Python: Use consistent abbreviations in weak-crypto query message. 2018-11-28 16:58:22 +00:00
Mark Shannon
4f0a666a43 Python: Tweak name of new query and add change note. 2018-11-28 16:58:22 +00:00
Mark Shannon
3c4c8cf7d3 Python: Add qhelp for new query. 2018-11-28 16:57:34 +00:00
Mark Shannon
1065ad0ce7 Python: Weak crypto query. 2018-11-28 16:57:34 +00:00
Mark Shannon
2bf98b805d Python: Delete some misleading qhelp and rename a couple of queries. 2018-11-28 16:53:38 +00:00
Taus
c75fa28510 Merge pull request #538 from markshannon/python-jinja2-autoescape 
Python: New query to check for use of jinja2 templates without auto-escaping
 2018-11-28 17:32:17 +01:00
Mark Shannon
21246dcbf2 Python: clean up change notes and query help. 2018-11-28 15:02:47 +00:00