hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 13:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,547 Commits 1,714 Branches 162 Tags
e506bf85e8ad4b7219894dfdac1ddb11e45a5dc2
Commit Graph

2547 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
e506bf85e8 Python: Add some regression tests for CFG of comparisons. 2019-01-16 11:45:20 +00:00
Mark Shannon
d1d898efac Python: Add regression test for code that proved problematic with the new parser. 2019-01-16 11:44:11 +00:00
Mark Shannon
bc4301f7b1 Python: Add an extra test for import parsing. 2019-01-16 11:32:59 +00:00
Mark Shannon
b8a91d4b1e Python tests: Add a few tests to check parsing and location of comparisons. 2019-01-16 11:27:57 +00:00
Mark Shannon
b4e8808582 Python, Exec used query: Remove restriction that call to exec function must be Python 3. For upcoming unified parser. 2019-01-16 10:19:35 +00:00
Mark Shannon
c9a929fb23 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-14 11:18:36 +00:00
Mark Shannon
33a2315ba0 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-11 12:15:56 +00:00
Geoffrey White
28261d6787 Merge pull request #737 from jbj/cfg-perf 
C++: QL CFG performance and tweaks
 2019-01-10 14:45:53 +00:00
semmle-qlci
f474fdd0f9 Merge pull request #731 from xiemaisi/js/performance-fiddling 
Approved by asger-semmle, esben-semmle
 2019-01-10 10:01:02 +00:00
Jonas Jensen
9219214d64 Merge pull request #695 from raulgarciamsft/users/raulga/c6324 
cpp - Using the return value of a strcpy or related string copy function in an if statement
 2019-01-10 08:34:17 +01:00
semmle-qlci
79734603ce Merge pull request #734 from xiemaisi/js/remove-deprecated 
Approved by esben-semmle
 2019-01-09 15:20:04 +00:00
Calum Grant
89becbce9a Merge pull request #726 from hvitved/csharp/cfg/foreach-multi-variables 
C#: Fix CFG for `foreach` statements with tuple declarations
 2019-01-09 14:47:01 +00:00
Jonas Jensen
9146b8e32e C++: Add example of conditional destruction 
The QL CFG and extractor CFG are the same, so the test passes. Neither
of them model that `ref` may or may not be destructed.
 2019-01-09 15:02:25 +01:00
Jonas Jensen
8ac826a62a C++: Factor out base case of normalGroupMember 
This recursive predicate is made faster by working around a known
optimizer problem (QL-796) that causes the optimizer to insert extra
type checks in recursive case even when they are only needed in the
base case.
 2019-01-09 15:02:25 +01:00
Jonas Jensen
c74b89119e C++: Reorder parameters to subEdge relations 
This improves performance slightly by putting the parameters in the
order in which they'll be needed in `qlCFGSuccessor`.
 2019-01-09 14:58:43 +01:00
ian-semmle
b3bcabf7c6 Merge pull request #724 from jbj/cfg-pr 
C++: Construct a CFG with QL
 2019-01-09 13:12:39 +00:00
Calum Grant
bd9a2d71ba Merge pull request #719 from hvitved/csharp/autoformat/queries 
C#: Autoformat QL queries
 2019-01-09 10:48:22 +00:00
Max Schaefer
89447846f1 JavaScript: Add change note. 2019-01-09 09:24:22 +00:00
Max Schaefer
97e6c75b94 JavaScript: Remove a few other deprecated predicates and classes. 2019-01-09 09:23:59 +00:00
Max Schaefer
db8e436046 JavaScript: Remove deprecated flow tracking predicates. 2019-01-09 09:23:59 +00:00
Max Schaefer
8a93c6aa65 JavaScript: Remove a few deprecated classes. 2019-01-09 09:23:59 +00:00
Max Schaefer
5d1d94ebf1 JavaScript: Remove deprecated old call graph library. 2019-01-09 09:23:59 +00:00
Max Schaefer
db713fb359 JavaScript: Remove deprecated backward-compatibility layer in security libraries. 2019-01-09 09:23:59 +00:00
Max Schaefer
feb9693fea JavaScript: Remove old data flow library. 2019-01-09 09:23:59 +00:00
semmle-qlci
688647491e Merge pull request #727 from xiemaisi/js/restructure-sourcenode 
Approved by esben-semmle
 2019-01-09 08:01:26 +00:00
yh-semmle
b8f53b5c6a Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
yh-semmle
d4f2a07a77 Merge pull request #732 from aschackmull/java/conditional-bypass-precision 
Java: Reduce precision of java/user-controlled-bypass.
 2019-01-08 14:58:58 -05:00
yh-semmle
b0364e3592 Merge pull request #729 from aschackmull/java/intmulttolong 
Java: Restrict attention to integral types in IntMultToLong.
 2019-01-08 14:40:22 -05:00
yh-semmle
a09394da1b Merge pull request #730 from aschackmull/java/gcd 
Java: Switch to built-in gcd.
 2019-01-08 14:38:05 -05:00
Jonas Jensen
1be91b5df5 C++: Use IPA for Pos and Spec 
This is cleaner than extending `int` and working with magic numbers.
Performance appears to be unaffected.
 2019-01-08 16:23:11 +01:00
Anders Schack-Mulligen
0a9222b772 Java: Add change note. 2019-01-08 15:50:14 +01:00
Anders Schack-Mulligen
51f5198404 Java: Remove old dataflow library. 2019-01-08 13:52:24 +01:00
Jonas Jensen
dba3351d2c C++: Update comments based on PR feedback 2019-01-08 13:29:03 +01:00
Anders Schack-Mulligen
ab44e5603c Java: Reduce precision of java/user-controlled-bypass. 2019-01-08 13:07:34 +01:00
Anders Schack-Mulligen
06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Max Schaefer
8951eaead3 JavaScript: Improve caching of getACallee and related predicates. 2019-01-08 09:42:44 +00:00
Max Schaefer
627583fffa JavaScript: Refactor UselessConditional for performance. 2019-01-08 09:40:49 +00:00
Anders Schack-Mulligen
9530eb6cdb Java: Switch to built-in gcd. 2019-01-08 10:07:51 +01:00
Max Schaefer
de429752d1 JavaScript: Restructure implementation of DataFlow::SourceNode. 
It now uses a facade pattern similar to `InvokeNode`: the range of the class is defined by an abstract class `DataFlow::SourceNode::Range`, while the actual behaviour is defined by the (no longer abstract) `SourceNode` class itself.

Clients that want to add new source nodes need to extend `DataFlow::SourceNode::Range`, those that want to refine the behaviour of existing source nodes should extend `DataFlow::SourceNode` itself.

While this is technically a breaking API change, I think separating the two aspects in this way is cleaner and makes it easier to use, and improves performance as well.
 2019-01-08 08:01:20 +00:00
semmle-qlci
8b8b352439 Merge pull request #715 from xiemaisi/js/autoformat 
Approved by asger-semmle
 2019-01-07 22:09:05 +00:00
Raul Garcia
18bb6696e0 Fixing conditional only issue. 
I changed  to detect any logical operation usage (i.e. !, ==), but I kept usage in a conditional directly as a separate detection condition. I found no false positives on the projects you shared with me previously.
 2019-01-07 10:44:11 -08:00
yh-semmle
0b19f41093 Merge pull request #728 from aschackmull/java/qltest-qlpath 
Java: Add .qlpath to the test dir.
 2019-01-07 11:34:45 -05:00
Anders Schack-Mulligen
203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen
e0d3be7dbc Java: Add .qlpath to the test dir. 2019-01-07 13:25:20 +01:00
Calum Grant
6f827140d7 Merge pull request #710 from hvitved/csharp/extractor/standalone-runtimes 
C#: Improve logic for looking up .NET runtime in standalone mode
 2019-01-07 10:22:17 +00:00
Max Schaefer
31bb39a810 JavaScript: Autoformat all QL files. 2019-01-07 10:15:45 +00:00
Max Schaefer
aa6b89dc34 Merge pull request #723 from Semmle/qlucie/master 
Master-to-next merge
 2019-01-07 07:59:54 +00:00
Raul Garcia
880306c621 Removing duplicated results 2019-01-04 10:45:43 -08:00
Pavel Avgustinov
42cf76027a Merge branch 'cs/assembly-labels' of https://github.com/calumgrant/ql into HEAD 2019-01-04 18:23:49 +00:00
Tom Hvitved
6fccfa3b0a C#: Fix CFG for foreach statements with tuple declarations 2019-01-04 18:51:55 +01:00