hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,467 Commits 1,683 Branches 158 Tags
a25c5d70904cb06fdf108e49fcb166435a07e7bd
Commit Graph

9467 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
a25c5d7090 outlining a predicate to give hints about join ordering 2020-01-17 13:42:08 +01:00
Erik Krogh Kristensen
6ad62e32e0 copyPropertyStep works interprocedurally 2020-01-17 12:24:29 +01:00
Erik Krogh Kristensen
06e898f53b only use .getALocalSource in copyPropertyStep 2020-01-16 16:04:45 +01:00
Erik Krogh Kristensen
9998059d59 add pragma to fix performance (same issue as in #2512) 2020-01-16 14:16:04 +01:00
Erik Krogh Kristensen
a76ab39a39 no longer need for .getALocalSource() in custom load/store 2020-01-15 16:00:57 +01:00
Erik Krogh Kristensen
e08fc08337 don't use pseudo-properties for resolved promise data-flow 2020-01-15 14:56:58 +01:00
Erik Krogh Kristensen
830100d2ed support interprocedural flow with custom load/store steps 2020-01-15 14:23:17 +01:00
Erik Krogh Kristensen
d09bce5cd7 custom load/store steps to implement promise flow 2020-01-14 21:37:55 +01:00
Erik Krogh Kristensen
c50de3a7e8 update expected output of tests 2020-01-10 17:49:24 +01:00
Erik Krogh Kristensen
ec5896abba add additional data-flow edges to data-flow related to promises 2020-01-10 14:12:53 +01:00
Anders Schack-Mulligen
ad92d6fe0f Merge pull request #2607 from yo-h/java-alert-suppression-block-comment 
Java: allow single-line `/* ... */` comments for alert suppression
 2020-01-10 11:05:23 +01:00
yo-h
7ffa517803 Merge pull request #2584 from aschackmull/java/nonnull-final-field 
Java: Include non-null final fields in clearlyNotNull.
 2020-01-09 18:48:45 -05:00
semmle-qlci
f1f69ef85d Merge pull request #2589 from esbena/js/ignore-duplicate-params-for-empty-functions 
Approved by erik-krogh
 2020-01-09 11:58:04 +00:00
Robert Marsh
9b361f1701 Merge pull request #2601 from dbartol/dbartol/OpcodeProperties 
C++: Consolidate opcode properties onto `Opcode` class
 2020-01-08 11:05:41 -08:00
Geoffrey White
cf5dd85944 Merge pull request #2577 from MathiasVP/multiplication-overflow-not-possible-due-to-type-width 
Multiplication overflow not possible due to type width
 2020-01-08 17:18:33 +00:00
shati-patel
ad0ad3a3e4 Merge pull request #2612 from jf205/recent-changes 
CodeQL docs: port recent fixes to rc/1.23
 2020-01-08 16:36:27 +00:00
james
2407eb103a docs: fix list 
(cherry picked from commit 618a3f91d8)
 2020-01-08 16:16:39 +00:00
Rasmus Wriedt Larsen
cdcca630f3 docs: remove extra comma in dataflow articles 
(cherry picked from commit e882060839)
 2020-01-08 16:16:39 +00:00
Rasmus Wriedt Larsen
24e551905e docs: Fix Python taint tracking links 
at some point we moved security/TaintTracking.qll to dataflow/TaintTracking.qll

(cherry picked from commit f44ce7d647)
 2020-01-08 16:16:39 +00:00
james
97d3d1fca3 docs: fix ast node link 
(cherry picked from commit cff5df0779)
 2020-01-08 16:16:39 +00:00
shati-patel
3cfc7d2e54 Merge pull request #2611 from jf205/mergeback-123 
Merge rc/1.23 into master
 2020-01-08 16:12:47 +00:00
Dave Bartolomeo
6c8de44800 Merge pull request #2604 from geoffw0/returnthis 
CPP: Exclude template classes from cpp/assignment-does-not-return-this
 2020-01-08 09:12:22 -07:00
james
490e13060c Merge branch 'rc/1.23' into mergeback-123 2020-01-08 16:00:19 +00:00
shati-patel
e103527d32 Merge pull request #2610 from jf205/python-link 
docs: fix link in Python topic
 2020-01-08 15:48:37 +00:00
james
cff5df0779 docs: fix ast node link 2020-01-08 15:30:04 +00:00
Max Schaefer
308da0774d Merge pull request #2525 from asger-semmle/promise-missing-await 
JS: New query: missing await
 2020-01-08 15:29:45 +00:00
Max Schaefer
de15ecf47b Merge pull request #2593 from asger-semmle/regexp-always-matches 
JS: Add RegExpAlwaysMatches query
 2020-01-08 15:21:39 +00:00
James Fletcher
8e700081f1 Merge pull request #2609 from RasmusWL/doc-fix-python-taint-links 
docs: Fix Python taint tracking links
 2020-01-08 15:21:07 +00:00
Rasmus Wriedt Larsen
f44ce7d647 docs: Fix Python taint tracking links 
at some point we moved security/TaintTracking.qll to dataflow/TaintTracking.qll
 2020-01-08 16:10:27 +01:00
yo-h
1078424f79 Java: allow single-line /* ... */ comments for alert suppression 2020-01-08 09:19:25 -05:00
shati-patel
9b4f6af007 Merge pull request #2605 from RasmusWL/small-doc-fix 
docs: remove extra comma in dataflow articles
 2020-01-08 14:01:41 +00:00
Rasmus Wriedt Larsen
e882060839 docs: remove extra comma in dataflow articles 2020-01-08 14:53:31 +01:00
Geoffrey White
b6e1f35ff6 CPP: Generalize the fix to all template code. 2020-01-08 13:36:59 +00:00
Geoffrey White
8044fefb1f CPP: Change note. 2020-01-08 13:19:11 +00:00
Geoffrey White
527d29ba23 CPP: Exclude template classes from the query. 2020-01-08 13:16:38 +00:00
Geoffrey White
d527dbe47a CPP: Add test case. 2020-01-08 13:13:06 +00:00
Asger Feldthaus
775e63d9c0 JS: Fix qhelp validation error 2020-01-08 10:38:10 +00:00
Asger F
ef79023e52 Update javascript/ql/src/Expressions/MissingAwait.qhelp 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-01-08 10:23:30 +00:00
Tom Hvitved
85f6e5fe22 Merge pull request #2450 from calumgrant/cs/expr-nullability 
C#: Expression nullability
 2020-01-08 09:50:03 +01:00
Mathias Vorreiter Pedersen
100ace532f C++: Fixed handling of false negative. Query now supports global variables 2020-01-07 22:57:21 +01:00
Mathias Vorreiter Pedersen
db08076fed C++: Fixed false negative 2020-01-07 22:20:04 +01:00
Mathias Vorreiter Pedersen
229da0a9c0 C++: Add testcase demonstrating false negative 2020-01-07 22:12:34 +01:00
Dave Bartolomeo
690d23d15e C++: Fix formatting 2020-01-07 13:23:36 -07:00
Dave Bartolomeo
9df37399f8 C++: Consolidate opcode properties onto Opcode class 
Previously, we had several predicates on `Instruction` and `Operand` whose values were determined solely by the opcode of the instruction. For large snapshots, this meant that we would populate large tables mapping each of the millions of `Instruction`s to the appropriate value, times three (once for each IR flavor).

This change moves all of these opcode properties onto `Opcode` itself, with inline wrapper predicates on `Instruction` and `Operand` where necessary. On smaller snapshots, like ChakraCore, performance is a wash, but this did speed up Wireshark by about 4%.

Even ignoring the modest performance benefit, having these properties defined on `Opcode` seems like a better organization than having them on `Instruction` and `Operand`.
 2020-01-07 13:17:27 -07:00
Calum Grant
bc1b2c3ead C#: Address review comment 2020-01-07 18:39:52 +00:00
Calum Grant
d0d7ed620c C#: Update comments in test file to reflect fixed test output. 2020-01-07 18:39:52 +00:00
Calum Grant
359dea2c2b C#: Fixed test output. 2020-01-07 18:39:52 +00:00
Calum Grant
bcd8dca780 C#: When creating conditionally accessed expressions, use the typeinfo from the conditional expression to ensure correct flow state and type nullability. 2020-01-07 18:39:51 +00:00
Calum Grant
85c9459b35 C#: Add more tests showing incorrect extraction. 2020-01-07 18:39:51 +00:00
Calum Grant
10181e93e2 C#: Update QLtest output 2020-01-07 18:39:51 +00:00