hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,525 Commits 1,690 Branches 160 Tags
d1e681381268c2fe954db9948ca52f2c07c440c4
Commit Graph

25525 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
d1e6813812 Make side effects for constructor calls use same mechanism as other arguments 
This commit is yet another step to fixing the order of IR side effect instructions. Instead of having a special `StructorCallSideEffects` class for the call itself, I've introduced a `TranslatedStructorCallQualifierSideEffect` class that shares a bunch of common code with `TranslatedArgumentExprSideEffect`, but handles the case where there's no `Expr` for the qualifier of the constructor call. Because this class uses the same ordering as regular argument side effects, these side effects now appear in the correct order, reads before writes.

The test expectations have changed to reflect the new, correct order.
 2021-09-03 16:58:32 -04:00
Dave Bartolomeo
ba72a1cde7 Make TranslatedSideEffect abstract 
This is step two of fixing the ordering of call side effects. This commit refactors the existing `TranslatedSideEffect` class into an abstract `TranslatedSideEffect` class, which contains functionality common to all kinds of side effect, and a concrete `TranslatedArgumentSideEffect` class, which is the implementation of argument side effects. A future commit will add additional concrete classes for conservative call side effects and allocation side effects.

This change has zero diffs to the generated IR.
 2021-09-03 11:31:14 -04:00
Dave Bartolomeo
47e16b0480 Move logic for determining CallSideEffect opcode out of TranslatedCall. 
This is the first step to fixing the order of side effects on call instructions. The goal is to move all side effects (argument side effects, allocation side effects, and conservative call side effects) to be treated as elements in a single sequence of side effects, which will then be handled in a single place similar to how we already handle argument side effects.
 2021-09-03 09:58:31 -04:00
Shati Patel
d22620f72f Merge pull request #6575 from shati-patel/docs-copyright-year 
Docs: Auto-update copyright year
 2021-09-02 18:43:07 +01:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Taus
e4fd749a46 Merge pull request #6547 from github/RasmusWL/cwe328-weak-hash 
Python: Add CWE-328 to `py/weak-sensitive-data-hashing`
 2021-09-02 11:42:31 +02:00
Tamás Vajk
82f61ca015 Merge pull request #6577 from tamasvajk/fix/cil-modified-pointer 
C#: Temporarily extract modified pointers as unmodified during CIL ex…
 2021-09-02 10:48:51 +02:00
Jonas Jensen
1ba26237a7 Merge pull request #6585 from rvermeulen/patch-3 
Update qldoc for the Access class
 2021-09-02 10:17:36 +02:00
Erik Krogh Kristensen
1ad204d89e make after and TState private in ReDoSUtil 2021-09-02 09:15:43 +02:00
Erik Krogh Kristensen
df04c5044c use concat instead of strictconcat in RegexTreeView.qll 2021-09-02 08:54:39 +02:00
Andrew Eisenberg
10f6cab77e Merge pull request #6583 from github/aeisenberg/query-suite-docs 
Docs: Update documentation for query suites
 2021-09-01 10:33:22 -07:00
Remco Vermeulen
7310590f90 Update qldoc FunctionAccess class 
The `FunctionAccess` class doesn't capture accesses of functions in function call expressions.
This update makes that explicit.
 2021-09-01 15:36:00 +02:00
Remco Vermeulen
ffd2a388a9 Update qldoc for the Access class 
The access class does not capture function accesses that are part of a function call expression.
This updates makes that explicit
 2021-09-01 15:30:33 +02:00
Chris Smowton
dccdc3be5a Merge pull request #6582 from github/smowton/admin/mention-multiple-sort-criteria 
Expression docs: mention multiple sort criteria
 2021-09-01 12:22:23 +01:00
Tamás Vajk
e9ff6e8755 Merge pull request #6578 from tamasvajk/fix/cil-local-decoding 
C#: Handle non-critical exception in CIL local variable extraction
 2021-09-01 12:52:53 +02:00
Erik Krogh Kristensen
a3289fabe1 sync ReDoSUtil with python 2021-09-01 12:47:06 +02:00
Erik Krogh Kristensen
537450606e use a consistent comment about the ignore case flag 2021-09-01 12:46:50 +02:00
Erik Krogh Kristensen
ff74fe1e03 rename hasChildThatMatchesIgnoringCasing to hasChildThatMatchesIgnoringCasingFlags 2021-09-01 12:45:20 +02:00
Erik Krogh Kristensen
75a3f34e86 use if-else in ReDoSUtil::getCanonicalizationFlags 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 12:44:02 +02:00
CodeQL CI
29bcd7ca6f Merge pull request #6572 from erik-krogh/live-server 
Approved by esbena
 2021-09-01 12:41:23 +02:00
Tamás Vajk
50a9b18c92 Merge pull request #6579 from tamasvajk/fix/cil-type-args 
C#: Fix completely broken type argument extraction in NoMetadataHandleType
 2021-09-01 12:16:15 +02:00
Chris Smowton
303e02fb8a Fix typo 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-01 10:45:47 +01:00
Erik Krogh Kristensen
f8d46677b9 add RequestExpr as an alias to NodeJSLib::RequestExpr in Connect.qll 2021-09-01 10:11:05 +02:00
Erik Krogh Kristensen
98d018ce26 remove redundant extends clause 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 10:09:40 +02:00
Andrew Eisenberg
21c168e229 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-08-31 14:47:28 -07:00
Andrew Eisenberg
0923d1fdc1 Docs: Update documentation for query suites 
Adds some clarification around the `qlpack` directive.
The semantics has changed. This provides a new example
and some description.
 2021-08-31 13:39:04 -07:00
Chris Smowton
c92b7828cb Merge pull request #6580 from smowton/smowton/admin/guava-models-mistakes 
Fix minor mistakes in old Guava models
 2021-08-31 19:44:23 +01:00
Chris Smowton
a47efc4348 Expression docs: mention multiple sort criteria 2021-08-31 19:18:03 +01:00
Shati Patel
a80a367de4 Merge pull request #6354 from Optixal/docs-js-isuncertain 
JS: Fixed description of `isUncertain()` predicate in CodeQL Language Guides: CodeQL Library for JavaScript
 2021-08-31 19:13:40 +01:00
Sauyon Lee
7156dee270 Merge pull request #6521 from sauyon/java/test-gen-improvements 
Java: generate more realistic tests
 2021-08-31 10:06:08 -07:00
Chris Smowton
7977d9c253 Fix minor mistakes in old Guava models 
Also add tests for the affected functions
 2021-08-31 15:26:09 +01:00
Chris Smowton
b38a23daee Fix test cases featuring primitive arrays 
Previously we couldn't print the name of types like `byte[]` for example.
 2021-08-31 15:12:47 +01:00
Tamas Vajk
b267d26ff8 C#: Fix completely broken type argument extraction in NoMetadataHandleType 2021-08-31 14:34:27 +02:00
Tamas Vajk
d6ae19c87d C#: Handle non-critical exception in CIL local variable extraction 2021-08-31 14:29:53 +02:00
Tamas Vajk
0ba334bb22 C#: Temporarily extract modified pointers as unmodified during CIL extraction 2021-08-31 14:26:36 +02:00
Erik Krogh Kristensen
28dce6e95a fix non-monotonic recursion in js/missing-rate-limiting 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
83252e5ba2 change note 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
cecb6c7bdd add model for live-server 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
b509627113 add tests for connect 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
3d6ab81ab8 refactor the tests for connect 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
c6399dbdf4 simplify the connect model by reusing NodeJSLib::RouteHandler 2021-08-31 14:23:23 +02:00
Chris Smowton
f94d8c341d Abbreviate multi-column min 2021-08-31 11:57:49 +01:00
Chris Smowton
510f5abb9a Add missing qldoc 2021-08-31 11:56:03 +01:00
Chris Smowton
5dddc48e60 autoformat 2021-08-31 11:53:13 +01:00
Tom Hvitved
c8a5397085 Merge pull request #6513 from hvitved/csharp/cfg/shared 
C#: Make CFG library shared
esbena/dca-test-build/run/R-1186042660 		2021-08-31 11:55:43 +02:00
CodeQL CI
cf9ab83dee Merge pull request #6498 from bananabr/main 
Approved by asgerf
 2021-08-31 08:46:11 +02:00
CodeQL CI
c3e122f5fc Merge pull request #6569 from erik-krogh/packageJsonModule 
Approved by asgerf
 2021-08-31 08:23:45 +02:00
Benjamin Muskalla
09aaa8f78e Merge pull request #6562 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-08-30 21:31:02 +02:00
Tom Hvitved
05b45da42f Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow 
C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`
codeql-cli/v2.6.1 		2021-08-30 11:31:22 +02:00
Tom Hvitved
7dbdfeb161 Merge pull request #6548 from hvitved/csharp/dataflow/tests 
C#: Update call-context data-flow tests
 2021-08-30 11:30:55 +02:00