hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,688 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
0785c1b17b JS: Address comments 2019-08-21 11:48:05 +01:00
Asger F
17573afa0c JS: Hyphenate type-tracking when used as adjective 2019-08-21 11:47:58 +01:00
Jonas Jensen
2f4ed45dac C++: No taint between field and struct 
To compensate for the lack of field flow, the taint tracking library has
previously considered taint to flow from fields to their containing
structs and back again from the structs to any of their fields. This
leads to false flow between unrelated fields and is not needed now that
we have proper flow through fields.
 2019-08-21 11:57:12 +02:00
Jonas Jensen
6fc3a62edb C++/C#/Java: Change another caller of localFlow 
There was also a use of `localFlowStep` in `DataFlowImplCommon` that
should now be `simpleLocalFlowStep`.
 2019-08-21 10:20:15 +02:00
Jonas Jensen
ec2cc5a80e C#: Refactor how simpleLocalFlowStep is called 
`localFlowStep` is no longer an alias because it should not have the
same QLDoc as `simpleLocalFlowStep`.
 2019-08-21 10:05:54 +02:00
Tom Hvitved
eb97d7beaa Revert "C#: Generalize CFG entry/exit nodes to include field/property initializers" 
This reverts commit b7e732fddb.
 2019-08-21 09:55:24 +02:00
Jonas Jensen
c9ea5ad9a3 C#/Java: Remove cached from wrapper predicate 2019-08-21 09:43:13 +02:00
Jonas Jensen
4b7813b98e C++/C#/Java: Split localFlowStep predicate in two 
There's now a `localFlowStep` predicate for use directly in queries and
other libraries and a `simpleLocalFlowStep` for use only by the global
data flow library. The former predicate is intended to include field
flow, but the latter may not.

This will let Java and C# (and possibly C++ IR) avoid getting two kinds
of field flow at the same time, both from SSA and from the global data
flow library. It should let C++ AST add some form of field flow to
`localFlowStep` without making it an input to the global data flow
library.
 2019-08-21 09:27:01 +02:00
zlaski-semmle
c2d1a52b39 Merge pull request #1732 from geoffw0/qldoceg6 
CPP: Add syntax examples to QLDoc in Block.qll, Stmt.qll
 2019-08-20 16:34:35 -07:00
Ziemowit Laski
d102b66af1 [CPP-387] Finished multi-line syntax examples. Awaiting feedback. 2019-08-20 16:08:39 -07:00
Geoffrey White
675e1cc349 CPP: Add a reverse-link for consistency between Field and MemberVariable. 2019-08-20 15:38:02 +01:00
Anders Schack-Mulligen
9150682ada Merge pull request #1757 from jbj/pyrameterized-taint 
C++: Use pyrameterized modules for TaintTracking
 2019-08-20 16:33:22 +02:00
Taus Brock-Nannestad
a58c16f91c Python: Prevent bad magic during pruning. 
Fixes the performance regression seen on `uncompyle2` and similar projects.
 2019-08-20 16:18:42 +02:00
Calum Grant
35017786cf Merge pull request #1739 from hvitved/csharp/ssa/delegate-call-source 
C#: Search from delegate creation in `delegateCallSource()`
 2019-08-20 15:16:20 +01:00
Pavel Avgustinov
7176b438c4 Merge commit '7bfed6e517cbcabfe06cf614981baee8cbde5342' into attribute 2019-08-20 14:08:57 +01:00
Tom Hvitved
7ab9c8b90d Java/C++/C#: flowCandFwdRead() refactor 2019-08-20 14:44:04 +02:00
Tom Hvitved
80e91cceb1 C#: Disable field flow for cs/inappropriate-encoding 2019-08-20 13:59:46 +02:00
Tom Hvitved
14378ee41a Java/C++/C#: Remove some unbind() calls from shared data flow implementation 2019-08-20 13:59:01 +02:00
Jonas Jensen
7c4938c035 C#: Get rid of TaintTrackingUtil.qll 2019-08-20 13:56:13 +02:00
Jonas Jensen
bc702debf9 C++/Java: Change notes for Configuration2 rename 2019-08-20 13:46:04 +02:00
Jonas Jensen
11583b69e0 C#: Use pyrameterized modules for TaintTracking 
To keep the code changes minimal, and to keep the implementation similar
to C++ and Java, the `TaintTracking{Public,Private}` files are now
imported together through `TaintTrackingUtil`. This has the side effect
of exposing `localAdditionalTaintStep`. The corresponding predicate for
Java was already exposed.
 2019-08-20 13:45:38 +02:00
Jonas Jensen
f1e6e36ce6 Java: Remove wrong definition of taint tracking 
This explanation, taken from C/C++, was not correct for Java.
 2019-08-20 13:45:38 +02:00
Jonas Jensen
9ac0cdd2a2 Java: Don't use the deprecated Configuration2 2019-08-20 13:45:37 +02:00
Jonas Jensen
aeb2323128 Java: Use pyrameterized modules for TaintTracking 2019-08-20 13:45:37 +02:00
Jonas Jensen
d65b09d94a C++: Proper fix for TaintTracking2 parameter 2019-08-20 13:45:37 +02:00
Jonas Jensen
b1cd64bbf4 C++: Fix mismatch between taint and dataflow copy 2019-08-20 13:45:37 +02:00
Jonas Jensen
d388be7d3b C++: Use pyrameterized modules for TaintTracking 2019-08-20 13:45:37 +02:00
Mark Shannon
d8531c46e7 Python ESSA: Move variable definitions into new file and unify 'generic' and 'python specific' parts. 2019-08-20 11:55:41 +01:00
Mark Shannon
523c5b1e1e Python ESSA: Remove unnecessary intermediate class. 2019-08-20 11:41:53 +01:00
Mark Shannon
2ab3bf46cf Python ESSA: Move definition sub-classes from points-to folder to essa folder. 2019-08-20 11:41:53 +01:00
Mark Shannon
e34ccae1fc Python ESSA: Move all Essa code to semmle.python.essa folder. 2019-08-20 11:41:46 +01:00
Asger F
f18f54fd0d TS: Allow changing the port 2019-08-20 10:41:25 +01:00
semmle-qlci
7698240484 Merge pull request #1769 from asger-semmle/ts-rest-pattern-default 
Approved by esben-semmle
 2019-08-20 10:02:43 +01:00
Asger F
6f217502f9 TS: Review 2019-08-20 09:57:32 +01:00
Max Schaefer
d105de81a3 JavaScript: Raise precision of UndocumentedParameter to high. 
This is more consistent with the other JSDoc queries. Results are still not shown on LGTM by default, but the query can now be enabled selectively for projects that care about JSDoc.
 2019-08-20 09:32:00 +01:00
Tom Hvitved
a0c834c83d Java/C++/C#: Improve data flow join orders for field flow 2019-08-20 10:14:08 +02:00
Jonas Jensen
432b0a4698 Merge pull request #1766 from aschackmull/java/nested-storestep 
Java/C++/C#: Add field flow support for stores in nested fields.
 2019-08-20 10:06:19 +02:00
Ziemowit Laski
d9b0b64af1 [CPP-387] Begin pretty-printing code examples. 2019-08-19 20:52:40 -07:00
Asger F
75e85e4402 TS: Fix handling of erroneous rest pattern with default 2019-08-19 17:34:45 +01:00
Taus
b33e9f229b Merge pull request #1767 from markshannon/temporary-test-removal 
Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass
 2019-08-19 18:06:19 +02:00
Tom Hvitved
1e46509a2a C#: Use TaintTracking2 in cs/inappropriate-encoding 2019-08-19 17:18:49 +02:00
Tom Hvitved
2a2e07d2fc C#: Avoid recomputation in last data flow stage 
Avoid recomputing the `ControlFlowReachabilityConfiguration` predicates, as well
as `DispatchCall::getStaticTarget()`.
 2019-08-19 17:17:47 +02:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Geoffrey White
f045035f5d CPP: Examples Include.qll. 2019-08-19 15:58:44 +01:00
Geoffrey White
abd4d39710 CPP: Examples NameQualifiers.qll. 2019-08-19 15:06:39 +01:00
Geoffrey White
3eec627321 CPP: Add a test of NameQualifiableElement and NameQualifyingElement. 2019-08-19 15:05:50 +01:00
Asger F
ca79b083cf TS: Add debugging flag and document how to run the debugger 2019-08-19 15:04:02 +01:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
Geoffrey White
a889a79816 CPP: Examples Field.qll. 2019-08-19 11:48:58 +01:00
Geoffrey White
f6ccaa5caf CPP: Examples FriendDecl.qll. 2019-08-19 11:31:33 +01:00