hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-06 02:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,690 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
b173752de9 .gitattributes: DLLs are binary 2018-11-30 18:05:02 +00:00
Max Schaefer
52b8a6bb56 Merge branch 'master' into js/invalid-entity-transcoding 2018-11-30 16:49:20 +00:00
Tom Hvitved
d25bd598db C#: Add change note 2018-11-30 17:44:48 +01:00
Tom Hvitved
3b0d1599ad C#: Teach guards library about unique assignments 
For example, in

```
void M(object x)
{
    var y = x == null ? 1 : 2;
    if (y == 2)
        x.ToString();
}
```

the guard `y == 2` implies that the guard `x == null` must be false,
as the assignment of `2` to `y` is unique.
 2018-11-30 17:43:10 +01:00
Tom Hvitved
ab9aa7d338 C#: Teach guards library about conditional assignments 
For example, in

```
void M(object x)
{
    var y = x != null ? "" : null;
    if (y != null)
        x.ToString();
}
```

the guard `y != null` implies that the guard `x != null` must be true.
 2018-11-30 17:41:36 +01:00
Tom Hvitved
80144a00c8 C#: Update nullness analyses 
Port the SSA-based logic from the Java nullness analyses.
 2018-11-30 17:41:31 +01:00
james
bebac21e19 add qhelp style-guide 2018-11-30 16:27:01 +00:00
Aditya Sharad
ec0663e587 Merge pull request #584 from jbj/mergeback-20181130 
Mergeback master -> next
 2018-11-30 16:15:21 +00:00
Max Schaefer
3351650895 JavaScript: Make InconsistentNew give fewer results. 2018-11-30 16:13:46 +00:00
Tom Hvitved
d2a431e6f3 C#: Add more nullness tests 
Port many of the nullness test from Java, as well as add new tests.
 2018-11-30 17:02:05 +01:00
Max Schaefer
b17518a5eb JavaScript: Refactor InconsistentNew to improve performance. 
All the filtering is now done in `getALikelyCallee`, to which I have also added an additional parameter that improves the join in the `select` clause.

I've also simplified the alert message to no longer use `toString`, which isn't meant for alert messages anyway. (This is an old query.)
 2018-11-30 15:40:45 +00:00
Kevin Backhouse
939db5a7cd Merge pull request #583 from jbj/bbStrictlyDominates-nomagic 
C++: pragma[nomagic] on bbStrictlyDominates
 2018-11-30 15:12:24 +00:00
calumgrant
1c2dd3e7b9 Merge pull request #570 from hvitved/csharp/ssa/split-to-string 
C#: Include CFG splits in `Ssa::Definition::toString()`
 2018-11-30 15:04:36 +00:00
Max Schaefer
dfcf767090 Merge pull request #440 from asger-semmle/range-analysis 
JS: Range analysis for dead code detection
 2018-11-30 15:01:34 +00:00
semmle-qlci
dbeb2dfa0e Merge pull request #585 from xiemaisi/js/join-order-fiddling 
Approved by esben-semmle
 2018-11-30 14:59:53 +00:00
calumgrant
08f5c2b6a6 Merge pull request #567 from hvitved/csharp/guards-splitting 
C#: Account for split SSA definitions in guards library
 2018-11-30 14:57:57 +00:00
Jonas Jensen
60076cb734 Merge pull request #532 from geoffw0/query-tags-3 
CPP: Query Tags 3 (JPL_C queries)
 2018-11-30 15:45:01 +01:00
Jonas Jensen
148c79a0e6 C++: Deprecate RecursionPrevention 2018-11-30 15:41:43 +01:00
Jonas Jensen
9532ee5177 C++: Add more detail to change notes for libraries 2018-11-30 14:29:08 +01:00
Jonas Jensen
b793807af5 C++: Complete change notes for Dave's PRs 2018-11-30 13:44:40 +01:00
Mark Shannon
d933152a54 Merge pull request #573 from felicity-semmle/1.19/python-change-notes 
Python: finalize change notes for 1.19
 2018-11-30 12:30:57 +00:00
Jonas Jensen
9daefa3613 C++: Complete change notes for my own PRs 2018-11-30 13:09:27 +01:00
semmle-qlci
608d84cfa3 Merge pull request #561 from asger-semmle/useless-conditional-change-note 
Approved by esben-semmle
 2018-11-30 11:37:51 +00:00
Jonas Jensen
4712a8f913 C++: pragma[nomagic] on bbStrictlyPostDominates 
This predicate was recently added and is likely to get the same problems
as `bbStrictlyDominates` with magic.
 2018-11-30 11:37:18 +01:00
Jonas Jensen
ace8fa88f2 C++: pragma[nomagic] on bbStrictlyDominates 
I noticed that queries using the data flow library spent significant
time in `#Dominance::bbIDominates#fbPlus`, which is the body of the
`bbStrictlyDominates` predicate. That predicate took 28 seconds to
compute on Wireshark.

The `b` in the predicate name means that magic was applied, and the
application of magic meant that it could not be evaluated with the
built-in `fastTC` HOP but became an explicit recursion instead. Applying
`pragma[nomagic]` to this predicate means that we will always get it
evaluated with `fastTC`, and that takes less than a second in my test
case.
 2018-11-30 11:36:11 +01:00
calumgrant
ca72c8ebfe Merge pull request #579 from hvitved/csharp/guards-loop 
C#: Fix bug in guards library when the guarded expression is in a loop
 2018-11-30 10:27:21 +00:00
Tom Hvitved
05b9519e9a C#: Handle multiple-field Boolean CFG splitting 
The internal pre-SSA library was extended on 3e78c2671f
to include fields/properties that are local-scope-like. The CFG splitting logic
uses ranking of SSA definitions to define an (arbitrary) order of splits, but for
fields/properties the implicit entry definition all have the same line and column.
In effect, such SSA definitions incorrectly get the same rank. Adding the name
of the field/property to the lexicographic ordering resolves the issue.
 2018-11-30 10:57:34 +01:00
Geoffrey White
453529e3bf Merge pull request #575 from jbj/UnsafeCreateProcessCall-nullValue 
C++: Avoid using nullValue predicate (rc/1.19)
 2018-11-30 09:54:17 +00:00
Max Schaefer
10166be535 JavaScript: Add new query DoubleEscaping. 2018-11-30 09:39:00 +00:00
Max Schaefer
3ed40d5da1 Merge branch 'master' into range-analysis 2018-11-30 09:36:40 +00:00
semmle-qlci
1c5322274a Merge pull request #557 from esben-semmle/js/unused-react-variable 
Approved by xiemaisi
 2018-11-30 09:35:36 +00:00
Max Schaefer
dcad2a3431 JavaScript: Simplify an if condition. 
By pulling this out of the condition we can avoid computing its negation for the `else` branch, which could previously lead to quite an enormous pipeline.
 2018-11-30 09:32:31 +00:00
Tom Hvitved
610be85c8c C#: Add CFG test for multiple-field Boolean splitting 2018-11-30 10:32:08 +01:00
Jonas Jensen
9babb4366b Merge remote-tracking branch 'upstream/master' into mergeback-20181130 2018-11-30 10:13:33 +01:00
semmle-qlci
adc15cad07 Merge pull request #574 from xiemaisi/js/avoid-materialisation 
Approved by esben-semmle
 2018-11-30 08:30:14 +00:00
Jonas Jensen
dd3791490a Merge pull request #580 from geoffw0/av-79-perf 
CPP: Fix performance issue with AV Rule 79.ql.
 2018-11-30 08:39:38 +01:00
Felicity Chapman
586eaef270 Update for feedback 2018-11-29 18:20:34 +00:00
Mark Shannon
9aa59fd419 Fix spelling. 2018-11-29 18:11:57 +00:00
Tom Hvitved
8bd8975795 Merge pull request #568 from calumgrant/cs/index-out-of-bounds 
C#: Fix false-positives in cs/index-out-of-bounds
 2018-11-29 18:40:05 +01:00
Jonas Jensen
b98452ddb1 Merge pull request #474 from rdmarsh2/rdmarsh/cpp/call-side-effect 
C++: Initital aliased SSA with Chi nodes and function side effects
 2018-11-29 18:31:29 +01:00
Geoffrey White
4744cece7b Merge pull request #576 from jbj/bbEntryReachesLocally-perf 
C++: Fix performance of bbEntryReachesLocally (1.19)
 2018-11-29 17:12:47 +00:00
Asger F
f85e30aa6c Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code 
JavaScript: Add new query `HardcodedDataInterpretedAsCode`.
 2018-11-29 17:07:48 +00:00
Mark Shannon
931122971d Python points-to: Improve performance by factoring out handling of tuples in class tests. 2018-11-29 16:27:50 +00:00
Taus
1956cd802f Merge pull request #577 from markshannon/python-fix-performance-regression-dependencies 
Python: Fix performance regression in dependency analysis
 2018-11-29 16:41:58 +01:00
Geoffrey White
e09ce77678 CPP: Fix performance issue with AV Rule 79.ql. 2018-11-29 15:16:01 +00:00
Tom Hvitved
a12a72e90f C#: Fix bug in guards library when the guarded expression is in a loop 
Follow-up on 03e69e9945.
 2018-11-29 15:53:03 +01:00
Mark Shannon
11ca7b74a3 Merge pull request #572 from geoffw0/deprecate-cpython 
CPP: Delete CPython queries
 2018-11-29 14:50:06 +00:00
Jonas Jensen
90ad5cfac5 Merge pull request #569 from geoffw0/deprecate-pointsto-debug 
CPP: Deprecate the PointsTo debug queries.
 2018-11-29 15:28:07 +01:00
Mark Shannon
8414d46a87 Python: Fix accidentally introduced cartesian product. 2018-11-29 14:19:47 +00:00
Jonas Jensen
62d478eab3 C++: Fix performance of bbEntryReachesLocally 
This predicate was fast with the queries and engine from 1.18. With the
queries from `master` it got a bad join order in the
`UninitializedLocal.ql` query, which made it take 2m34s on Wireshark.
This commit decomposes `bbEntryReachesLocally` into two predicates that
together take only 4s.
 2018-11-29 15:11:32 +01:00