hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 10:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
54d47f60da JS: Include base types in TypeName 2019-09-02 14:18:48 +01:00
Jonas Jensen
a98992f0f9 C#/C++/Java: distinguish toString of nil from cons 2019-09-02 14:22:03 +02:00
Jonas Jensen
cdede8744f C#/C++/Java: Prettier PartialAccessPath.toString 2019-09-02 14:05:50 +02:00
Asger F
e9159acecb TS: Fix skewed arrays due to recursive call 2019-09-02 13:03:25 +01:00
Jonas Jensen
c3bc9f8575 C#/C++/Java: Unbreak partial data flow support 
Partial data flow had a semantic merge conflict with this branch. The
problem is that partial data flow doesn't (and shouldn't) cause the
initial pruning steps to run, but the length-2 access paths depend on
the `consCand` information that comes from that initial pruning. The
solution is to restore the old `AccessPath` class, now called
`PartialAccessPath` for use only by partial data flow.

With this change, partial data flow will in some cases allow more field
flow than non-partial data flow.
 2019-09-02 14:02:39 +02:00
Geoffrey White
c4d74c3922 CPP: Replace query paths with @name and @id. 2019-09-02 12:36:36 +01:00
Jonas Jensen
dec0c3a0ee C#/C++/Java: Make AccessPath abstract 
This was requested by @hvitved in code review. There is no difference in
the generated DIL.
 2019-09-02 13:14:30 +02:00
Jonas Jensen
b1be123e31 C#/C++/Java: Prettier AccessPath.toString 
The `ppReprType` predicate should now be `none()` instead of `result=""`
to signal that there is nothing to print. That seems clearer to me.
 2019-09-02 13:14:20 +02:00
Jonas Jensen
dbe8034e04 C#: Accept test results 2019-09-02 13:14:17 +02:00
Jonas Jensen
6c96a8d339 Java: Accept test changes 
Note: the results in `partial` have regressed and will need to be fixed
in a follow-up commit.
 2019-09-02 13:14:17 +02:00
Jonas Jensen
9f0f2f7c04 C++: Accept test changes 2019-09-02 13:14:17 +02:00
Jonas Jensen
b2c94cc6b4 C++/C#/Java: Restore the AccessPathCons class 2019-09-02 13:14:13 +02:00
Jonas Jensen
fbe34015f3 C++/C#/Java: AccessPath class names reflect length 
One -> ConsNil
Two -> ConsCons
 2019-09-02 13:13:59 +02:00
Jonas Jensen
e8006bb2cc C++/C#/Java: data flow AccessPath up to length 2 
This commit does not include updates to test results.
 2019-09-02 13:13:46 +02:00
Geoffrey White
aa009d07fd Merge pull request #1787 from jbj/ast-field-flow-local-fields 
C++: Local field flow using global library
 2019-09-02 11:17:37 +01:00
Asger F
c71a66a045 JS: Add change note 2019-09-02 11:05:07 +01:00
Asger F
a41a23fdba JS: Raise precision of prototype-pollution query 2019-09-02 11:00:24 +01:00
Jonas Jensen
e9a029cba3 C++: Local field flow using global library 
This commit removes fields from the responsibilities of `FlowVar.qll`.
The treatment of fields in that file was slow and imprecise.

It then adds another copy of the shared global data flow library, used
only to find local field flow, and it exposes that local field flow
through `localFlow` and `localFlowStep`.

This has a performance cost. It adds two cached stages to any query that
uses `localFlow`: the stage from `DataFlowImplCommon`, which is shared
with all queries that use global data flow, and a new stage just for
`localFlowStep`.
 2019-09-02 11:17:27 +02:00
Jonas Jensen
4f57f37b31 C++: Test to show false flow through object copy 2019-09-02 11:16:48 +02:00
Max Schaefer
91e46cd6fd JavaScript: Fix parsing of asynchronous generator methods. 2019-09-02 09:56:42 +01:00
semmle-qlci
6d55d1f7c0 Merge pull request #1707 from asger-semmle/canonical-name-call-graph 
Approved by xiemaisi
 2019-09-02 09:45:24 +01:00
Jonas Jensen
8ee87fd9fc C++: Make TaintTracking2 QLDoc more like DataFlow2 2019-09-02 09:43:52 +02:00
Max Schaefer
742c9708a9 Merge pull request #1828 from asger-semmle/jsdoc-relation 
JS: Make getDocumentation handle chain assignments
 2019-09-02 08:43:40 +01:00
Jonas Jensen
26c81eaae9 C++: Mention localExpr{Flow,Taint} in module QLDoc 2019-09-02 09:43:23 +02:00
semmle-qlci
0cf872ed32 Merge pull request #1846 from hvitved/csharp/autoformat 
Approved by jbj
 2019-09-02 08:31:43 +01:00
Jonas Jensen
f1d7fde49d C++: Use localExprFlow in existing queries 
This shortens the queries a bit and ensures test coverage of the new
predicate.
 2019-09-02 09:29:12 +02:00
Jonas Jensen
63311739a5 C++: Add localExprFlow and localExprTaint 
This is for ODASA-8053.
 2019-09-02 09:29:10 +02:00
Tom Hvitved
675255755b C#: Speedup Completion::isValidFor() 2019-09-01 10:34:52 +02:00
Tom Hvitved
508055fdc8 C#: Add a few pragma[nomagic] 2019-09-01 10:34:51 +02:00
Tom Hvitved
1e7ee8ddad C#: Loop unrolling for foreach statements 2019-09-01 10:34:51 +02:00
Tom Hvitved
1bfef706e2 C#: Add loop unrolling tests 2019-09-01 10:34:51 +02:00
Tom Hvitved
bb735c0220 C#: Teach guards library about collections 2019-09-01 10:34:51 +02:00
semmle-qlci
00fe4734ac Merge pull request #1850 from hvitved/csharp/remove-ref-equal 
Approved by calumgrant
 2019-09-01 09:31:50 +01:00
yh-semmle
c359675fa9 Merge pull request #1802 from aschackmull/java/taint-step-extension-point 
Java: Add a global extension point for taint steps.
 2019-08-30 17:19:58 -04:00
yh-semmle
f54545522e Merge pull request #1759 from aschackmull/java/flow-exploration 
Java/C++/C#: Add support for dataflow exploration by partial paths.
 2019-08-30 17:00:17 -04:00
Asger F
45941869ad JS: Change note 2019-08-30 18:25:39 +01:00
Asger F
89b91af6db JS: Make getDocumentation handle chain assignments 2019-08-30 18:20:54 +01:00
Asger F
9533ca0926 JS: Change note 2019-08-30 18:19:49 +01:00
Asger F
3926436bd4 JS: Explain use of t.call() 2019-08-30 18:19:19 +01:00
Asger F
d6578e10c8 JS: Handle constructor calls to avoid regression 2019-08-30 18:19:19 +01:00
Asger F
1b6cc4ebcc JS: Update test 2019-08-30 18:19:19 +01:00
Asger F
a13fb8e2ba JS: Handle RHS in more cases 2019-08-30 18:19:19 +01:00
Asger F
1e5f0a4e2f JS: Update DataFlow tests 2019-08-30 18:19:19 +01:00
Asger F
5512846e6f JS: Update TypeTracking test 2019-08-30 18:19:19 +01:00
Asger F
bd6768e2c8 JS: Fix closure namespace prefix and update tests 2019-08-30 18:19:19 +01:00
Asger F
b1f9db9145 JS: Make getAFunctionValue follow global access paths 2019-08-30 18:19:19 +01:00
Asger F
8d59df229a JS: Allow calls to externs 2019-08-30 18:19:19 +01:00
Asger F
cfa2ec1084 JS: Remove fake JSONType from es5.js externs 2019-08-30 18:19:19 +01:00
Asger F
e7166c2a1c JS: Workaround for JSON externs 2019-08-30 18:19:19 +01:00
Asger F
221d94961a JS: Resolve simple calls based on qualified name 2019-08-30 18:19:19 +01:00