hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 11:22:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
51315217ff Add documentation label to docs/**/*. 2019-12-12 15:10:21 +01:00
Taus Brock-Nannestad
558c0a440e Actions: Automatically add language-specific labels to pull requests. 2019-12-12 14:42:45 +01:00
Rasmus Wriedt Larsen
e3b502085b Merge pull request #2515 from tausbn/python-fix-bad-join-order-in-statement-no-effect 
Python: Fix bad join order in `py/ineffectual-statement`.
 2019-12-12 13:41:18 +00:00
Max Schaefer
dfeca63677 JavaScript: Fix characteristic predicate of XMLParent. 
The database type `@xmlparent` is defined a bit too loosely in that it includes all of `@file`, not just XML files. Fixing that would involve fiddling with the extractor/dbscheme, so I have opted to fix it at the QL level instead.
 2019-12-12 12:38:29 +00:00
Jonas Jensen
fd48dcf63e C++: Get rid of a fastTC and noopt in IR 
The `getAChild*` fastTC was causing OOM on a `make allyesconfig` Linux
database with 8GB RAM, and I've observed it to be slow on other
databases too.
 2019-12-12 09:31:39 +01:00
Tom Hvitved
374b0c063e C#: Autoformat 2019-12-11 20:36:54 +01:00
Erik Krogh Kristensen
e818f4c08b refactored some duplicated methods into the abstract class, and specialized the type of emitter in NodeJS EventEmitter dispatch/registration 2019-12-11 18:25:03 +01:00
Taus Brock-Nannestad
d5cc42e34c Python: Fix bad join order in py/ineffectual-statement. 
This used to take 30s on `cpython`.
```
Tuple counts for StatementNoEffect::side_effecting_binary#f:
46522     ~0%     {2} r1 = ClassObject::ClassObject::hasAttribute_dispred#fb AS L AND NOT StatementNoEffect::side_effecting_binary#f#antijoin_rhs AS R(L.<0>, L.<1>)
46522     ~2%     {2} r2 = SCAN r1 OUTPUT r1.<1>, r1.<0>
950960    ~2%     {2} r3 = JOIN r2 WITH Operations::Operator::getSpecialMethodName_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1>
950960    ~2%     {2} r4 = JOIN r3 WITH py_operators AS R ON FIRST 1 OUTPUT R.<2>, r3.<1>
950960    ~0%     {3} r5 = JOIN r4 WITH AstGenerated::BinaryExpr_::getLeft_dispred#ff AS R ON FIRST 1 OUTPUT R.<1>, r4.<1>, r4.<0>
122934382 ~0%     {2} r6 = JOIN r2 WITH Operations::Cmpop::getSpecialMethodName_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1>
122934382 ~3%     {3} r7 = JOIN r6 WITH project#Operations::Compare::compares_dispred#ffff#3_201#join_rhs AS R ON FIRST 1 OUTPUT R.<2>, r6.<1>, R.<1>
123885342 ~3%     {3} r8 = r5 \/ r7
300       ~8%     {1} r9 = JOIN r8 WITH project#Exprs::Expr::refersTo_dispred#ffff AS R ON FIRST 2 OUTPUT r8.<2>
                  return r9
```
With this commit, it takes a few milliseconds.
 2019-12-11 17:58:30 +01:00
semmle-qlci
3d8c35e523 Merge pull request #2509 from asger-semmle/typescript-full-json 
Approved by max-schaefer
 2019-12-11 16:31:26 +00:00
Tom Hvitved
78f63a3679 C#: Add change note 2019-12-11 16:57:35 +01:00
Tom Hvitved
b7484e63ee C#: Recognize Code Contract assertions 2019-12-11 16:54:42 +01:00
Tom Hvitved
5429448eeb C#: Add tests for Code Contracts 2019-12-11 16:51:42 +01:00
shati-patel
f2d1e534c9 Merge pull request #1914 from jf205/query-debugging 
docs: make a start on query debugging topic
 2019-12-11 14:31:55 +00:00
James Fletcher
ff4a604119 Update docs/language/learn-ql/writing-queries/debugging-queries.rst 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-12-11 14:29:10 +00:00
Erik Krogh Kristensen
f537e28389 add pragma to internalBlocks predicate to fix performance 2019-12-11 15:19:30 +01:00
James Fletcher
b2db72d336 Apply suggestions from code review 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-12-11 14:13:56 +00:00
James Fletcher
2ce1c2bfee Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-11 12:44:35 +00:00
james
d6202da876 docs: address max's comments 2019-12-11 12:25:35 +00:00
James Fletcher
61576caede Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-11 12:20:38 +00:00
Asger F
063abb5cbc TS: Avoid name clash between tsconfig.json and type table 2019-12-11 12:15:44 +00:00
semmle-qlci
cb8e5fa3fc Merge pull request #2411 from asger-semmle/regexp-sanitizer-guards 
Approved by esbena, max-schaefer
 2019-12-11 12:00:21 +00:00
james
d56c02b1b7 docs: start work on debugging queries topic 2019-12-11 10:42:54 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Jonas Jensen
5a8407749f C#: autoformat fixup 2019-12-11 09:10:23 +01:00
yo-h
837b1e2f9b Merge pull request #2501 from hmakholm/test-extractors 
Prepare for `codeql test`:
 2019-12-10 16:49:14 -05:00
Calum Grant
3e0045f435 Merge pull request #2308 from hvitved/csharp/dataflow/types 
C#: Type-based pruning for data flow
 2019-12-10 20:16:20 +00:00
Geoffrey White
5ecfaed6b1 Merge pull request #2510 from jbj/getTempVariable-perf 
C++: Fix getTempVariable join order in IR
 2019-12-10 16:06:52 +00:00
Jonas Jensen
66876d0f63 C++: Compute isInCycle only for raw IR 
On wireshark/wireshark, `isInCycle` ran into a low-memory loop on the
`aliased_ssa` stage. It shouldn't be necessary to detect cycles after
the `raw` stage, so this commit moves cycle detection into the
`Construction` modules and makes it a no-op in `SSAConstruction.qll`.
 2019-12-10 16:03:39 +01:00
Erik Krogh Kristensen
267c4c07ed refactor EventEmitter model to use the ::Range pattern 2019-12-10 15:54:14 +01:00
Tom Hvitved
abcb6b8aab C#: Type-based pruning for data flow 2019-12-10 15:48:48 +01:00
Tom Hvitved
54088248a1 C#: Use source declarations in field flow 2019-12-10 15:46:31 +01:00
Tom Hvitved
a344707baa C#: Add more data flow tests 
Add tests that exhibit missing type pruning.
 2019-12-10 15:46:31 +01:00
Tom Hvitved
78ddb37a8c C#: Track type information in data flow 
This commit adds type information to data flow paths, by mapping node types onto
the smaller set of GVN types, and implementing `ppReprType()`.

The effect is a mere change in `DataFlow::PathNode::toString()`; no type-based
pruning is done yet.
 2019-12-10 15:46:28 +01:00
Erik Krogh Kristensen
c4fd80d12b some review feedback 2019-12-10 14:53:01 +01:00
Jonas Jensen
7c151644f5 C++: Fix getTempVariable join order in IR 
This join order seems to have broken so it took forever on
wireshark/wireshark.
 2019-12-10 13:43:36 +01:00
Erik Krogh Kristensen
e5d465da9a documentation fixes from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-10 12:01:51 +01:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
Jonathan Leitschuh
f341234edb Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: yo-h <55373593+yo-h@users.noreply.github.com>
 2019-12-09 19:17:23 -05:00
Robert Marsh
18e7eff43c C++: autoformat 2019-12-09 13:47:38 -08:00
Robert Marsh
b9f8c39fe2 C++: respond to PR comments 2019-12-09 10:55:56 -08:00
Geoffrey White
1c2f36930d Merge pull request #2504 from jbj/1.23-legacy-suites 
C++: Add new queries in 1.23 to legacy suites
 2019-12-09 16:02:42 +00:00
Jonas Jensen
9bbebfc01f C++: Add new queries to C suite too 2019-12-09 17:00:33 +01:00
Erik Krogh Kristensen
60a825cf66 fix tabs and spaces 2019-12-09 16:06:17 +01:00
Jonas Jensen
ff7b6e2ce7 C++: Add new queries in 1.23 to legacy suites 
I didn't add `JapaneseEraDate.ql` since it's not displayed on LGTM by
default.
 2019-12-09 15:36:51 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Calum Grant
3049bf2c85 Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest 
Adds CodeQL query to check for Pages with disabled built-in validation
 2019-12-09 13:05:03 +00:00
shati-patel
bc2e15c133 Merge pull request #2503 from jf205/support-notes 
CodeQL support docs: remove some full stops
 2019-12-09 12:32:16 +00:00
james
07f35e8b58 docs: remove some full stops 2019-12-09 12:26:53 +00:00