hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,922 Commits 1,741 Branches 165 Tags
bf64fee4bdda45c09ce02b8b1a5de0bf3e92ccd0
Commit Graph

2922 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
6d1eab8a4b JS: support flow out of "this" in constructor call 2019-01-16 11:09:38 +00:00
Taus
370a9e491c Merge pull request #761 from markshannon/python-fix-regex-test-depth 
Python tests: Increase import depth to ensure sre_constants module is imported
 2019-01-16 11:38:02 +01:00
Mark Shannon
b4e8808582 Python, Exec used query: Remove restriction that call to exec function must be Python 3. For upcoming unified parser. 2019-01-16 10:19:35 +00:00
Tom Hvitved
b2f99dbbc7 C#: Teach data flow library about CFG splitting 
Data flow nodes for expressions do not take CFG splitting into account. Example:

```
if (b)
    x = tainted;
x = x.ToLower();
if (!b)
    Use(x);
```

Flow is incorrectly reported from `tainted` to `x` in `Use(x)`, because the step
from `tainted` to `x.ToLower()` throws away the information that `b = true`.

The solution is to remember the splitting in data flow expression nodes, that is,
to represent the exact control flow node instead of just the expression. With that
we get flow from `tainted` to `[b = true] x.ToLower()`, but not from `tainted` to
`[b = false] x.ToLower()`.

The data flow API remains unchanged, but in order for analyses to fully benefit from
CFG splitting, sanitizers in particular should be CFG-based instead of expression-based:

```
if (b)
   x = tainted;
   if (IsInvalid(x))
       return;
Use(x);
```

If the call to `IsInvalid()` is a sanitizer, then defining an expression node to be
a sanitizer using `GuardedExpr` will be too conservative (`x` in `Use(x)` is in fact
not guarded). However, `[b = true] x` in `[b = true] Use(x)` is guarded, and to help
defining guard-based sanitizers, the class `GuardedDataFlowNode` has been introduced.
 2019-01-16 10:39:27 +01:00
Tom Hvitved
f768abb0e6 C#: Add data flow test with CFG splitting 2019-01-16 10:29:26 +01:00
Tom Hvitved
abb3f71ec8 C#: Add GuardedControlFlowNode 2019-01-16 10:29:26 +01:00
Tom Hvitved
f323049b9d C#: CFG for expressions without enclosing callables, e.g. field initializers 2019-01-16 10:29:26 +01:00
Tom Hvitved
901f389a7d C#: Add CFG tests for field/property initializers 2019-01-16 10:29:26 +01:00
Max Schaefer
4a7e0fe104 Merge pull request #766 from asger-semmle/ts-compiler-3.2 
TS: Support TypeScript 3.2
 2019-01-16 08:49:45 +00:00
Jonas Jensen
502b7cfe33 C++: Don't use C-style varargs in test.cpp sink 
As we prepare to clarify how conversions are treated, we don't want a
`sink(...)` declaration where it's non-obvious which conversions are
applied to arguments.
 2019-01-16 09:47:58 +01:00
semmle-qlci
5bc17923b1 Merge pull request #665 from asger-semmle/js-property-concat-sanitizer 
Approved by esben-semmle, xiemaisi
 2019-01-16 08:44:55 +00:00
semmle-qlci
cf3a4ac956 Merge pull request #767 from esben-semmle/js/unknown-bound-event-handler-receiver 
Approved by xiemaisi
 2019-01-16 08:36:11 +00:00
semmle-qlci
8655e5ae17 Merge pull request #768 from xiemaisi/js/call-summaries 
Approved by asger-semmle
 2019-01-16 08:35:31 +00:00
semmle-qlci
06d7953167 Merge pull request #771 from jbj/sync-files-after-range-analysis 
Approved by rdmarsh2
 2019-01-15 19:14:50 +00:00
Jonas Jensen
0f2c7005fc C++: Sync files that should be identical 
These files had come out of sync due to 89148a9ec7 and 8c9c316e1b. I
synced the files by replaying the changes that those commits made in
`aliased_ssa/` to the two other copies.
 2019-01-15 16:01:54 +01:00
Calum Grant
6cc4c2d31f Merge pull request #762 from hvitved/csharp/autoformat/libraries 
C#: Autoformat QLL files
 2019-01-15 12:19:50 +00:00
Calum Grant
d4d5c47adb Merge pull request #749 from hvitved/csharp/remove-def-use 
C#: Remove `DefUse.qll`
 2019-01-15 10:52:39 +00:00
Jonas Jensen
d252a40853 C++: Speed up Expr.getFullyConverted slightly 
This change cuts around 15% of the run time off this predicate. It's a
workaround for QL-796.
 2019-01-15 11:45:07 +01:00
Nick Rolfe
371c09d4e5 Merge pull request #740 from ian-semmle/inline_ns 
C++: Add inline namespace support
 2019-01-15 10:00:32 +00:00
Max Schaefer
0877ec845a JavaScript: Add change note. 2019-01-15 09:03:11 +00:00
Max Schaefer
0360df6e05 JavaScript: Improve terminology and comments. 2019-01-15 09:01:39 +00:00
Jonas Jensen
9751a91087 C++: Accept changes to alert message in test 2019-01-14 21:43:57 +01:00
Jonas Jensen
08db4cd959 Merge pull request #744 from geoffw0/format 
CPP: Autoformat some untidy files
 2019-01-14 21:31:17 +01:00
Jonas Jensen
b966a872f3 Merge pull request #758 from Semmle/gvn-comment 
C++: fix wording in GVN qldoc comment
 2019-01-14 21:26:43 +01:00
Asger F
19dab71a6c TS: change note 2019-01-14 18:26:09 +00:00
Asger F
a7b0f7e2ce TS: upgrade script, version string, stats 2019-01-14 18:26:09 +00:00
Asger F
3ed9575529 TS: add support for bigints 2019-01-14 18:26:09 +00:00
Asger F
1c6deb65cd TS: update test expectation 2019-01-14 18:15:30 +00:00
Asger F
5fc4147a23 TS: bump TypeScript compiler dependency to 3.2.1 2019-01-14 15:56:50 +00:00
Asger F
f4c89601ff JS: fix typo 2019-01-14 15:34:01 +00:00
Asger F
ad6add383c JS: improve concatenation-sanitizer for property injection 2019-01-14 15:34:01 +00:00
Mark Shannon
05a52bf746 Merge pull request #756 from taus-semmle/python-move-query-suites 
Python: Move query suites to public repo.
 2019-01-14 15:26:42 +00:00
Tom Hvitved
f90b0fd16f C#: Convert some multi-line comments 2019-01-14 14:08:54 +01:00
Tom Hvitved
b81d2ca8fa C#: Autoformat QLL files 2019-01-14 14:08:54 +01:00
Mark Shannon
c9a929fb23 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-14 11:18:36 +00:00
Tom Hvitved
bbc49dce40 Merge pull request #755 from calumgrant/cs/extractor-alerts 
C#: Fix some LGTM alerts on the extractor
 2019-01-14 10:47:44 +01:00
semmle-qlci
b78fcd39be Merge pull request #745 from hvitved/csharp/query/missed-readonly-modifier 
Approved by calumgrant
 2019-01-14 08:43:59 +00:00
semmle-qlci
3fe9f92817 Merge pull request #746 from hvitved/csharp/is-valid-explicit-params-type 
Approved by calumgrant
 2019-01-14 08:43:30 +00:00
semmle-qlci
201f68d751 Merge pull request #757 from hvitved/csharp/autoformat/queries 
Approved by calumgrant
 2019-01-14 08:42:21 +00:00
semmle-qlci
955bad0618 Merge pull request #640 from asger-semmle/lodash-case 
Approved by esben-semmle
 2019-01-14 07:59:59 +00:00
semmle-qlci
7bb8edd16d Merge pull request #720 from esben-semmle/js/more-flow-parsing 
Approved by xiemaisi
 2019-01-14 07:58:28 +00:00
Esben Sparre Andreasen
7f5dd1a4e8 JS: change notes for improved js/unbound-event-handler-receiver 2019-01-14 08:48:15 +01:00
Esben Sparre Andreasen
b35c4b2a9a JS: support FP pattern for js/unbound-event-handler-receiver 2019-01-14 08:47:37 +01:00
semmle-qlci
9c41b214ee Merge pull request #748 from esben-semmle/js/fix/js/useless-assignment-to-property 
Approved by xiemaisi
 2019-01-13 21:40:35 +00:00
Esben Sparre Andreasen
73af2adde0 JS: change notes for improved support for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen
64346e1321 JS: bump extractor version for improved support for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen
c26ae26f53 JS: support explicit type arguments for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen
45a4026385 JS: support additional export statements for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen
c6f9a043ca JS: support additional import statements for Flow 2019-01-13 22:10:56 +01:00
Robert Marsh
eabc674bb3 Merge pull request #747 from jbj/cfg-remove-cfg.ql 
C++: Delete library-tests/qlcfg/cfg.ql
 2019-01-11 11:57:26 -08:00