codeql

mirror of https://github.com/github/codeql.git synced 2026-04-19 14:04:09 +02:00

Author	SHA1	Message	Date
Tom Hvitved	e6c258c6ba	C#: Restructure `Completion::isValidFor()`	2019-07-05 07:21:34 +02:00
Tom Hvitved	8a35813e1c	C#: Unify `goto` completions	2019-07-05 07:21:34 +02:00
semmle-qlci	0290c79c54	Merge pull request #1486 from hvitved/csharp/inherited-completions Approved by calumgrant	2019-07-04 19:45:25 +01:00
Tom Hvitved	349e0e8e62	C#: Address more review comments	2019-07-04 16:46:01 +02:00
semmle-qlci	298aa92814	Merge pull request #1543 from xiemaisi/js/reflective-call-flow Approved by asger-semmle	2019-07-04 12:02:24 +01:00
Tom Hvitved	421e75d4c1	C#: Address review comments	2019-07-04 11:57:48 +02:00
Max Schaefer	91a718cfe5	JavaScript: Fix data flow out of reflective calls. We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.	2019-07-04 08:29:04 +01:00
semmle-qlci	40f7e6f514	Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash Approved by xiemaisi	2019-07-04 07:19:45 +01:00
semmle-qlci	6cda33c39e	Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names Approved by xiemaisi	2019-07-03 16:31:43 +01:00
semmle-qlci	b07a3e6725	Merge pull request #1439 from esben-semmle/js/configuration-node-separation Approved by asger-semmle, xiemaisi	2019-07-03 16:31:10 +01:00
Pavel Avgustinov	ba4812c4ed	Merge pull request #1534 from hvitved/csharp/remove-vcs C#: Remove libraries and queries related to version history	2019-07-03 13:25:15 +01:00
Jonas Jensen	f8722f978f	Merge pull request #1533 from zlaski-semmle/zlaski/cpp370cl [CPP-370] Non-const format strings: Add change note for the 1.22 release.	2019-07-03 09:47:58 +02:00
semmle-qlci	7fbc730b05	Merge pull request #1517 from asger-semmle/instance-type-tracking-final Approved by xiemaisi	2019-07-03 08:26:16 +01:00
semmle-qlci	44823ca46d	Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias Approved by xiemaisi	2019-07-03 08:25:50 +01:00
Esben Sparre Andreasen	051c6ca31f	JS: split CodeInjection.qll into two parts	2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen	ecf367fa65	JS: bump vulnerable lodash version for prototype pollution See https://github.com/lodash/lodash/pull/4336	2019-07-03 08:18:16 +02:00
Ziemowit Laski	1118601273	[CPP-370] Rework release note per Jonas' suggestions.	2019-07-02 17:37:17 -07:00
Asger F	52a5bce10d	TS: Update test affected by new stringification	2019-07-02 21:01:47 +01:00
Geoffrey White	e079406a5f	Merge pull request #1536 from jbj/leap-year-sameBaseType-perf C++: Fix performance of leap year queries	2019-07-02 17:04:00 +01:00
Tom Hvitved	a54ee160a3	C#: Update change note	2019-07-02 14:17:28 +02:00
Tom Hvitved	b6bbe1a5c0	C#: Add DB upgrade script	2019-07-02 14:01:41 +02:00
Jonas Jensen	2a6000c270	C++: getter/setter performance in StructLikeClass The predicates `getter` and `setter` in `StructLikeClass.qll` were very slow on some snapshots. On https://github.com/dotnet/coreclr they had this performance: StructLikeClass::getter#fff#antijoin_rhs ........... 3m55s Variable::Variable::getAnAssignedValue_dispred#bb .. 3m36s StructLikeClass::setter#fff#antijoin_rhs ........... 20.5s The `getAnAssignedValue_dispred` predicate in the middle was slow due to magic propagated from `setter`. With this commit, performance is instead: StructLikeClass::getter#fff#antijoin_rhs ........... 497ms Variable::Variable::getAnAssignedValue_dispred#ff .. 617ms StructLikeClass::setter#fff#antijoin_rhs ........... 158ms Instead of hand-optimizing the QL for performance, I simplified `setter` and `getter` to require slightly stronger conditions. Previously, a function was only considered a setter if it had no writes to other fields on the same class. That requirement is now relaxed by dropping the "on the same class" part. I made the corresponding change for what defines a getter. I think that still captures the spirit of what getters and setters are. I also changed the double-negation with `exists` into a `forall`.	2019-07-02 13:49:52 +02:00
Tom Hvitved	16b6791914	C#: Minor performance rewrite	2019-07-02 13:11:27 +02:00
Geoffrey White	01ce34449d	Merge pull request #1530 from Semmle/getExpr-qldoc C++: expand MacroInvocation.getExpr QLDoc	2019-07-02 11:00:57 +01:00
Jonas Jensen	5ea69601c3	Merge pull request #1525 from aibaars/drop-import-additional-libraries Drop ImportAdditionalLibraries.ql	2019-07-02 11:26:31 +02:00
Jonas Jensen	5ad0b39f0c	C++: Fix performance of leap year queries The `sameBaseType` predicate was fundamentally quadratic, and this blew up on large C++ code bases. Replacing it with calls to `Type.stripType` fixes performance and does not affect the qltests. It looks like `sameBaseType` was used purely an ad hoc heuristic, so I'm not worried about the slight semantic difference between `sameBaseType` and `stripType`.	2019-07-02 11:17:18 +02:00
Asger F	329ff0db1b	JS: Add an use getAPropertySource()	2019-07-02 10:09:06 +01:00
Asger F	5ce08e2c78	JS: Address review comments	2019-07-02 10:09:06 +01:00
Asger F	408fd3e106	JS: Augment call graph using type-tracked class instances	2019-07-02 10:09:06 +01:00
Asger F	779d98a143	JS: Prevent bad join in hasOwnProperty	2019-07-02 10:09:05 +01:00
Tom Hvitved	9a24d3a69c	C#: Remove libraries and queries related to version history The VCS relations are no longer populated, so there is no reason to keep them, and the queries/libraries that use the relations.	2019-07-02 10:43:38 +02:00
semmle-qlci	71c86fa69b	Merge pull request #1527 from esben-semmle/js/classify-more-generated-and-tests Approved by asger-semmle	2019-07-02 07:38:10 +01:00
semmle-qlci	26fd1b91cf	Merge pull request #1485 from esben-semmle/js/fix-yaml-strings Approved by xiemaisi	2019-07-02 07:00:43 +01:00
semmle-qlci	b0b152aaaa	Merge pull request #1529 from xiemaisi/js/getter-summaries Approved by asger-semmle	2019-07-02 06:16:34 +01:00
Ziemowit Laski	ef7e051b50	[CPP-370] Add change note for the 1.22 release.	2019-07-01 13:47:53 -07:00
Jonas Jensen	bf99a0ee15	C++: expand MacroInvocation.getExpr QLDoc	2019-07-01 20:22:24 +02:00
Max Schaefer	7f95c20345	JavaScript: Add support for tracking flow into receivers of reflective calls.	2019-07-01 17:54:43 +01:00
semmle-qlci	3b126d9c4e	Merge pull request #1488 from asger-semmle/call-graph-metric Approved by xiemaisi	2019-07-01 16:09:34 +01:00
Max Schaefer	a04c2c65cb	JavaScript: Add change note.	2019-07-01 15:45:57 +01:00
Max Schaefer	895055f30e	JavaScript: Avoid unhelpful magic. The constraint `exists(callback.getParameter(i))` was getting pushed into `higherOrderCall`, which isn't a bad thing to do. However, this then led to a join on `i`, which is a very bad thing to do.	2019-07-01 15:45:57 +01:00
Max Schaefer	b5b89c0eac	JavaScript: Track flow into method receivers.	2019-07-01 15:45:57 +01:00
Esben Sparre Andreasen	062778bdd8	JS: heuristically recognize x.spec.y and x.test.y as test files	2019-07-01 15:49:17 +02:00
Esben Sparre Andreasen	7cab308205	fixup! JS: classify numeric file names as generated	2019-07-01 15:49:03 +02:00
Jonas Jensen	757ec97e7a	Merge pull request #1251 from zlaski-semmle/zlaski/cpp370 [CPP-370] Non-constant `format` arguments to `printf` and friends	2019-07-01 14:43:19 +02:00
Asger F	ff4d6ece80	JS: Rename metrics to ResolvableCallX	2019-07-01 12:34:48 +01:00
Asger F	16e6dd12d0	JS: Address review comments part 1	2019-07-01 12:30:51 +01:00
Esben Sparre Andreasen	41e568d1f7	JS: classify files with many short variables as minified	2019-07-01 13:25:07 +02:00
semmle-qlci	a4fa2982de	Merge pull request #1526 from xiemaisi/js/remove-TrackedExpr Approved by esben-semmle	2019-07-01 11:10:44 +01:00
semmle-qlci	4f3cbe0029	Merge pull request #1521 from hvitved/csharp/constant-condition-fp Approved by calumgrant	2019-07-01 10:52:14 +01:00
Esben Sparre Andreasen	2eb7e4a818	JS: classify `x.test.js` files with `test(...)` calls as jest tests	2019-07-01 10:28:10 +02:00

1 2 3 4 5 ...

5621 Commits