hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 13:10:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,424 Commits 1,679 Branches 158 Tags
ddc716d2d3fed3f42a56074164f02b00da250b61
Commit Graph

806 Commits

Author SHA1 Message Date
Jonas Jensen
6fc3a62edb C++/C#/Java: Change another caller of localFlow 
There was also a use of `localFlowStep` in `DataFlowImplCommon` that
should now be `simpleLocalFlowStep`.
 2019-08-21 10:20:15 +02:00
Jonas Jensen
ec2cc5a80e C#: Refactor how simpleLocalFlowStep is called 
`localFlowStep` is no longer an alias because it should not have the
same QLDoc as `simpleLocalFlowStep`.
 2019-08-21 10:05:54 +02:00
Jonas Jensen
c9ea5ad9a3 C#/Java: Remove cached from wrapper predicate 2019-08-21 09:43:13 +02:00
Jonas Jensen
4b7813b98e C++/C#/Java: Split localFlowStep predicate in two 
There's now a `localFlowStep` predicate for use directly in queries and
other libraries and a `simpleLocalFlowStep` for use only by the global
data flow library. The former predicate is intended to include field
flow, but the latter may not.

This will let Java and C# (and possibly C++ IR) avoid getting two kinds
of field flow at the same time, both from SSA and from the global data
flow library. It should let C++ AST add some form of field flow to
`localFlowStep` without making it an input to the global data flow
library.
 2019-08-21 09:27:01 +02:00
Anders Schack-Mulligen
9150682ada Merge pull request #1757 from jbj/pyrameterized-taint 
C++: Use pyrameterized modules for TaintTracking
 2019-08-20 16:33:22 +02:00
Calum Grant
35017786cf Merge pull request #1739 from hvitved/csharp/ssa/delegate-call-source 
C#: Search from delegate creation in `delegateCallSource()`
 2019-08-20 15:16:20 +01:00
Jonas Jensen
7c4938c035 C#: Get rid of TaintTrackingUtil.qll 2019-08-20 13:56:13 +02:00
Jonas Jensen
11583b69e0 C#: Use pyrameterized modules for TaintTracking 
To keep the code changes minimal, and to keep the implementation similar
to C++ and Java, the `TaintTracking{Public,Private}` files are now
imported together through `TaintTrackingUtil`. This has the side effect
of exposing `localAdditionalTaintStep`. The corresponding predicate for
Java was already exposed.
 2019-08-20 13:45:38 +02:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
Calum Grant
0df9a625ba Merge pull request #1717 from hvitved/csharp/ssa/adjacent-perf 
C#: Improve performance of SSA adjacent reads calculation
 2019-08-16 12:11:57 +01:00
Calum Grant
b28241ac6d Merge pull request #1741 from hvitved/csharp/extract-field-inits 
C#: Extract assignments for field/property initializers
 2019-08-16 11:51:37 +01:00
Tom Hvitved
495e5bc628 C#: Extract assignments for field/property initializers 2019-08-15 16:18:23 +02:00
Calum Grant
3fab5140a7 Merge pull request #1673 from hvitved/csharp/cfg/split-static-limit 
C#: Apply static CFG splitting limit
 2019-08-15 10:04:38 +01:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00
Anders Schack-Mulligen
411bc16f44 Java/C++/C#: Address review comment. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
9e902066ad Java/C++/C#: Elaborate qldoc. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
Tom Hvitved
36043d04bd Merge pull request #1729 from xiemaisi/data-flow-nodes-location 
Java/C++/C#: Provide path-node locations via `hasLocationInfo`, not `getLocation`.
 2019-08-13 12:22:59 +02:00
Tom Hvitved
e4bd1980ab C#: Search from delegate creation in delegateCallSource() 2019-08-13 10:22:29 +02:00
semmle-qlci
e27b373062 Merge pull request #1548 from hvitved/csharp/cfg/simplify-goto-completions 
Approved by calumgrant
 2019-08-12 19:20:48 +01:00
Max Schaefer
485d4269a0 C#: Fix use of PathNode.getLocation(). 2019-08-12 15:04:37 +01:00
Max Schaefer
eb8087f4ea Java/C++/C#: Provide path-node locations via hasLocationInfo, not getLocation. 2019-08-12 12:52:30 +01:00
semmle-qlci
e890aba4fe Merge pull request #1712 from hvitved/csharp/remove-nomagic 
Approved by calumgrant
 2019-08-12 10:59:10 +01:00
Tom Hvitved
98ab2b26dc C#: Fix bad join-order in guardImpliesNotEqual() 2019-08-12 09:50:17 +02:00
Tom Hvitved
5ecf680cc2 C#: Improve performance of SSA adjacent reads calculation 
- Speedup the `varBlockReaches()` predicate, by restricting to basic blocks
  in which a given SSA definition may still be live, in constrast to just
  being able to reach *any* access (read or write) to the underlying source
  variable.
- Account for some missing cases in the `lastRead()` predicate.
 2019-08-08 16:21:57 +02:00
Tom Hvitved
c1604caa31 C#: Remove two pragma[nomagic] 2019-08-07 16:04:23 +02:00
Tom Hvitved
96e1732f94 C#: Address review comments 2019-08-07 10:41:43 +02:00
Tom Hvitved
6749bbd438 C#: Make use of extra data flow copies 2019-08-07 10:41:43 +02:00
Tom Hvitved
081ee9944d C#: Add more copies of the data flow library 2019-08-07 10:41:39 +02:00
yh-semmle
033879f5a6 Merge pull request #1639 from aschackmull/java/in-out-barriers 
Java/C++/C# DataFlow: Add support for in/out barriers on sources and sinks.
 2019-08-07 01:07:19 -04:00
Tom Hvitved
4774bc969a C#: Apply static CFG splitting limit 
The predicate `maxSplits()` was previously applied dynamically to ensure that
any control flow node would keep track of at most `maxSplits()` number of splits.
However, there was no guarantee that two different copies of the same AST element
wouldn't contain different splits, so in general the number of copies for a given
AST element `e` could be on the order `$\binom{n}{k}c^k$`, where `n` is the total
number of splits that apply to `e`, `k = maxSplits()`, and `c` is a constant.

With this change, the relevant splits for `e` are instead computed statically,
meaning that the order is instead `$c^k$`.
 2019-08-06 11:38:03 +02:00
Calum Grant
2df05090b5 Merge pull request #1685 from hvitved/csharp/dataflow/out-flow-fix 
C#: Fix data flow for `out`/`ref` parameters
 2019-08-06 09:31:17 +01:00
Anders Schack-Mulligen
a80cb262fc Java/C++/C#: Elaborate qldoc. 2019-08-05 16:28:25 +02:00
Anders Schack-Mulligen
9ebb83497d Java/C++/C#: Fix small mistake. 2019-08-05 15:34:12 +02:00
Anders Schack-Mulligen
2dc83c539c Java/C++/C#: Sync dataflow. 2019-08-05 12:07:32 +02:00
Calum Grant
3e143093f0 Merge pull request #1475 from hvitved/csharp/remove-file 
C#: Remove unused `PasswordInConfigurationFile.config`
 2019-08-05 10:29:50 +01:00
Jonas Jensen
73d8bf38a9 Merge pull request #1680 from aschackmull/cookbook/autoformat 
Cookbook examples: Autoformat
 2019-08-05 10:24:56 +02:00
Luke Cartey
54d01bdeff Merge pull request #1648 from hvitved/csharp/unchecked-return-lambda 
C#: Fix false positives in `cs/unchecked-return-value`
 2019-08-02 21:48:38 -07:00
Tom Hvitved
4d58154ff5 C#: Fix data flow for out/ref parameters 2019-08-02 14:25:38 -07:00
Tom Hvitved
04db1bf3f4 C#: Add data flow test for methods with multiple out/ref parameters 2019-08-02 13:46:18 -07:00
Anders Schack-Mulligen
40f2cec0de C#: Autoformat cookbook examples. 2019-08-02 15:30:32 +02:00
Calum Grant
169dbf1be3 C#: Remove rule CA1022, which caused the analyzer to crash, generating a compilation warning (and possibly, instability). 2019-08-02 12:14:03 +01:00
semmle-qlci
108e5bc431 Merge pull request #1675 from hvitved/csharp/xss-path-problem 
Approved by lukecartey
 2019-08-02 04:17:03 +01:00
Tom Hvitved
b7d6165d42 C#: Convert cs/web/xss to a path-problem 2019-08-01 15:58:57 -07:00
semmle-qlci
1d806971ed Merge pull request #1634 from aibaars/cookbook 
Approved by aschackmull, dave-bartolomeo, hvitved, markshannon, xiemaisi, yh-semmle
 2019-07-31 14:31:28 +01:00
Tom Hvitved
5c127ef20d C#: Fix false positives in cs/unchecked-return-value 2019-07-29 17:32:21 -07:00
Tom Hvitved
b6f3f7866b C#: Add more tests for cs/unchecked-return-value 2019-07-29 15:40:22 -07:00
Tom Hvitved
902825f8ac Merge pull request #1564 from calumgrant/cs/no-logger-writethrough 
C#: Disable logger AutoFlush
 2019-07-29 15:20:00 +00:00
Arthur Baars
ccde7cf6cf Add @id to example queries 2019-07-26 17:47:11 +02:00
Arthur Baars
bdce7d07c1 Move 'snippet' queries to 'snippets' folders 2019-07-26 17:47:11 +02:00