hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
8a73bea72f C++: Avoid bad join ordering in getOperandMemoryAccess 2018-12-11 00:47:53 -08:00
Esben Sparre Andreasen
edbef289a7 JS: improve whitespace handling for multi-license file recognition 2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen
e016098f86 JS: support purs classification 2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen
3879e57f18 JS: support <meta name="generator"/> classification 2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen
a295dfd2c5 JS: support AutoRest classification 2018-12-11 08:54:19 +01:00
Dave Bartolomeo
4170d4fadd C++: Handle relational operators in constant analysis 2018-12-10 23:03:02 -08:00
Dave Bartolomeo
5ba51e32f0 C++: Remove aliased_ssa instantiation of IR reachability 
We never actually consumed this iteration, since SSA construction only depends on the reachability instantiation of the previous IR layer.
 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
a81ba84c0e C++: Update test expectations after unreachable IR removal 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
b2e596fcc2 C++: Improve join order in IR reachability 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
99d33f9623 C++: Remove unreachable IR 
This change removes any IR instructions that can be statically proven unreachable. To detect unreachable IR, we first run a simple constant value analysis on the IR. Then, any `ConditionalBranch` with a constant condition has the appropriate edge marked as "infeasible". We define a class `ReachableBlock` as any `IRBlock` with a path from the entry block of the function. SSA construction has been modified to operate only on `ReachableBlock` and `ReachableInstruction`, which ensures that only reachable IR gets translated into SSA form. For any infeasible edge where its predecessor block is reachable, we replace the original target of the branch with an `Unreached` instruction, which lets us preserve the invariant that all `ConditionalBranch` instructions have both a true and a false edge, and allows guard inference to still work.

The changes to `SSAConstruction.qll` are not as scary as they look. They are almost entirely a mechanical replacement of `OldIR::IRBlock` with `OldBlock`, which is just an alias for `ReachableBlock`.

Note that the `constant_func.ql` test can determine that the two new test functions always return 0.

Removing unreachable code helps get rid of some common FPs in IR-based dataflow analysis, especially for constructs like `while(true)`.
 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
59fc77f066 C++: Simple constant analysis 
This change moves the simple constant analysis that was used by the const_func test into a pyrameterized module for use on any stage of the IR. This will be used to detect unreachable code.
 2018-12-10 21:22:54 -08:00
Dave Bartolomeo
6a11ef5c18 C++: Add a couple test cases for unreachable code in IR 2018-12-10 21:22:54 -08:00
Dave Bartolomeo
78e5b3ad63 C++: Add IR dataflow to ImportAdditionalQueries.ql 2018-12-10 15:09:49 -08:00
Dave Bartolomeo
23993710d1 Revert "C++: Avoid creating ExprNodes for Conversions" 
This reverts commit df882a9e72.
 2018-12-10 15:06:29 -08:00
Esben Sparre Andreasen
09e7124bb1 JS: update change notes for renamed query 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
ab519d4abf JS: rename query 
"Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".
 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
7c6e28d917 JS: introduce near-empty RegularExpressions.qll 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
994fe1bea5 JS: address non-semantic review comments 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
d4e4bc6a0b JS: sharpen js/incomplete-url-regexp by not matching .* or .+ 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
c65c7e700e JS: change notes for js/incomplete-url-regexp 2018-12-10 22:21:01 +01:00
Esben Sparre Andreasen
52ca696ff4 JS: add query js/incomplete-url-regexp 2018-12-10 22:20:29 +01:00
Esben Sparre Andreasen
6d6379fc09 JS: address review comments 2018-12-10 22:03:52 +01:00
Sebastian Bauersfeld
6c756c5e6a Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended 2018-12-10 14:08:27 -05:00
Dave Bartolomeo
df882a9e72 C++: Avoid creating ExprNodes for Conversions 2018-12-10 10:09:42 -08:00
Aditya Sharad
d94e14d54b Merge pull request #609 from hvitved/csharp/autobuilder/fixes 
C#: Autobuilder fixes
 2018-12-10 18:07:31 +00:00
Jonas Jensen
a4b3b1e8c8 Merge pull request #653 from geoffw0/ex-ch-notes 
CPP: Additional change notes (for 1.20)
 2018-12-10 16:59:12 +01:00
Tom Hvitved
1e9fe0046a C#: Address review comments 2018-12-10 15:31:23 +01:00
semmle-qlci
57de628ab8 Merge pull request #650 from xiemaisi/js/nomagic-isDOMProperty 
Approved by asger-semmle
 2018-12-10 13:52:47 +00:00
Geoffrey White
709fd6382a CPP: Change note for #562. 2018-12-10 13:51:15 +00:00
Geoffrey White
6b7337d766 CPP: Change note for #540. 2018-12-10 13:42:17 +00:00
Jonas Jensen
1f7383498a Merge pull request #644 from geoffw0/pointerscaling 
CPP: Fix type confusion in IncorrectPointerscaling.ql
 2018-12-10 14:22:10 +01:00
Anders Schack-Mulligen
bfc7fb7c8a Java: Change alert location for ConstantLoopCondition. 2018-12-10 12:37:11 +00:00
Felicity Chapman
882ab7e9ca Merge pull request #636 from jbj/incorrect-not-operator-usage-case 
C++: Rename "Incorrect 'not' operator usage"
 2018-12-10 11:13:19 +00:00
Felicity Chapman
6ef16bb728 Merge pull request #649 from jf205/qhelp-guide 
Query help style guide: editorial review
 2018-12-10 10:59:48 +00:00
Max Schaefer
e7df9b8b01 JavaScript: Avoid unhelpful magic. 2018-12-10 10:40:37 +00:00
Aditya Sharad
02b58a8319 Merge pull request #625 from adityasharad/merge/1.19-next-051218 
Merge rc/1.19 into next.
 2018-12-10 10:05:16 +00:00
james
a0d5049132 update links to query pages 2018-12-10 09:33:58 +00:00
james
4bd922e442 address further comments 2018-12-10 09:18:05 +00:00
james
36fe86f730 address felicity's comments 2018-12-10 09:18:05 +00:00
james
59542fc367 mention of qldoc comment requirements 2018-12-10 09:18:05 +00:00
james
934fd9f3d6 address geoffrey's comments and reword tags 2018-12-10 09:18:05 +00:00
james
2ed648d798 metadat-style-guide: address anders' review 2018-12-10 09:18:05 +00:00
james
09d08a7547 metadata-style-guide: update title 2018-12-10 09:18:04 +00:00
james
9560165921 metadata-style-guide: add style guide 2018-12-10 09:18:04 +00:00
james
41f5d65e0c remove hyphen from title and update some links 2018-12-10 09:13:33 +00:00
semmle-qlci
1ca27e2c18 Merge pull request #647 from xiemaisi/js/fix-msita-perf 
Approved by esben-semmle
 2018-12-09 21:32:31 +00:00
Nick Rolfe
976aa22fac Merge pull request #646 from ian-semmle/stats 
C++: Update stats
 2018-12-09 17:59:46 +00:00
yh-semmle
ba4fa0a246 Merge pull request #643 from aschackmull/java/nullguard-isblank 
Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard.
 2018-12-07 15:31:58 -05:00
Sebastian Bauersfeld
3379e71e01 Add ConfigFiles library for working with configuration files. 2018-12-07 15:11:54 -05:00
Geoffrey White
9857a85817 CPP: Fix similar queries. 2018-12-07 18:43:28 +00:00