hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
6918dad1db C#: Refactor localFlowStep() 
Using the `forceCachingInSameStage()` trick, we can get rid of the non-cached version
of local flow, while still computing it in the same stage.
 2018-12-12 13:14:22 +01:00
Tom Hvitved
1366638f06 C#: Fix whitespaces 2018-12-12 13:13:13 +01:00
Geoffrey White
5e39e0ed65 CPP: Change note. 2018-12-12 11:39:20 +00:00
Geoffrey White
2f3a874c7d CPP: Fix false positives when a member variable is released via the target of a function pointer. 2018-12-12 11:38:44 +00:00
Geoffrey White
370387a9ca CPP: Fix false positives when member variable is released via an ExprCall. 2018-12-12 11:38:44 +00:00
Geoffrey White
e408f18766 CPP: Fix false positives when member variable is released via capture inside lambda expression. 2018-12-12 11:38:44 +00:00
Geoffrey White
6efd481118 CPP: Make references to the 'kind' of an alloc/delete consistent (this used to be called the 'release' or 'releaseName'). 2018-12-12 11:38:44 +00:00
Geoffrey White
8e2459a6b7 CPP: Add similar test cases with function pointers. 2018-12-12 11:38:44 +00:00
Geoffrey White
77c1ad47f9 CPP: Add test cases with lambdas. 2018-12-12 11:38:44 +00:00
calum
3037b2b197 C#: Sync the -Good and -Bad files in the qltest to match the sample. 2018-12-12 11:36:00 +00:00
calum
1df1b0c28e C#: Refactor ArrayCreations to allow stackalloc arrays to have initializers (C# 7.3). 2018-12-12 11:05:34 +00:00
Asger F
aa04e9c77f TS: fix extraction of binding pattern with default 2018-12-12 10:36:30 +00:00
Max Schaefer
faaca21996 JavaScript: Avoid more unhelpful magic. 2018-12-12 08:40:21 +00:00
Max Schaefer
4fc27aaa51 Merge branch 'master' into pseudo-random-bytes 2018-12-12 08:19:57 +00:00
semmle-qlci
06dd5f3616 Merge pull request #656 from xiemaisi/js/unused-local-underscore 
Approved by esben-semmle
 2018-12-12 08:11:37 +00:00
semmle-qlci
9df5d4b0c2 Merge pull request #660 from esben-semmle/js/angularjs-alert-locations 
Approved by xiemaisi
 2018-12-12 08:05:19 +00:00
Dave Bartolomeo
be5ac2f2ff Merge pull request #648 from dave-bartolomeo/dave/UnreachableIR 
C++: Remove unreachable IR
 2018-12-11 20:58:49 -08:00
yh-semmle
14488cb62e Merge pull request #652 from aschackmull/java/constant-loop-cond-alert-pos 
Java: Change alert location for ConstantLoopCondition.
 2018-12-11 21:26:14 -05:00
Dave Bartolomeo
0140cd23d0 C++: Accept correct test output 2018-12-11 17:11:51 -08:00
Dave Bartolomeo
283c1d43c3 C++: Restore previous test expectations 2018-12-11 17:07:25 -08:00
Robert Marsh
59c0e5d39e C++: update test expectations 2018-12-11 15:07:09 -08:00
Esben Sparre Andreasen
fac638ffab JS: improve alert location of js/angular/unused-dependency 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
b5bbf990b0 JS: improve alert location of js/angular/repeated-dependency-injection 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
5acd1ca26d JS: improve alert location of js/angular/duplicate-dependency 2018-12-11 21:47:08 +01:00
Robert Marsh
98005edd9d Merge pull request #641 from geoffw0/exprnoeffect2 
CPP: More tests of isSideEffectFree() / ExprHasNoEffect.ql
 2018-12-11 12:17:30 -08:00
Tom Hvitved
7422947e78 C#: Improve performance of cs/useless-upcast 2018-12-11 17:48:04 +01:00
Asger F
a01a9dc5cc JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql 2018-12-11 16:06:22 +00:00
Tom Hvitved
9707b34124 Merge pull request #663 from adityasharad/merge/1.19-next-111218 
Merge rc/1.19 into next.
 2018-12-11 16:06:55 +01:00
Aditya Sharad
ce905e7a0a Merge pull request #597 from dave-bartolomeo/dave/IRDataflow 
C++: Initial IR-based dataflow implementation
 2018-12-11 15:05:58 +00:00
Tom Hvitved
e80837681f C#: Refactor LINQ logic 
Factor `ClauseCall` out into three classes to make it clear when the fields
`operand` and `declaration` can be `null`.
 2018-12-11 16:04:25 +01:00
Aditya Sharad
dde42a5723 Merge rc/1.19 into next. 2018-12-11 14:38:58 +00:00
Esben Sparre Andreasen
376ed7a4d2 JS: generalize js/command-line-injection to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
a1d92bfa50 JS: generalize js/incomplete-sanitization to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
1bc73ab592 JS: address review comments 2018-12-11 13:03:17 +01:00
calum
f0fb47cde0 C#: Update change notes. 2018-12-11 10:31:45 +00:00
calum
8d072863df C#: Reorder for statements to ensure variables declared in the condition are declared before they are used. 2018-12-11 10:31:45 +00:00
Esben Sparre Andreasen
7cc6f2f4d8 JS: add test case 2018-12-11 10:17:25 +01:00
Esben Sparre Andreasen
36e36a414e JS: change notes for improve file classification 2018-12-11 10:01:54 +01:00
Esben Sparre Andreasen
73aa223b08 JS: handle additional multi-license file patterns 2018-12-11 09:55:38 +01:00
Max Schaefer
4d186e0edc JavaScript: Teach Unused{Variable,Parameter} to ignore variables with leading underscore. 2018-12-11 08:50:50 +00:00
Dave Bartolomeo
8a73bea72f C++: Avoid bad join ordering in getOperandMemoryAccess 2018-12-11 00:47:53 -08:00
Esben Sparre Andreasen
edbef289a7 JS: improve whitespace handling for multi-license file recognition 2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen
e016098f86 JS: support purs classification 2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen
3879e57f18 JS: support <meta name="generator"/> classification 2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen
a295dfd2c5 JS: support AutoRest classification 2018-12-11 08:54:19 +01:00
Dave Bartolomeo
4170d4fadd C++: Handle relational operators in constant analysis 2018-12-10 23:03:02 -08:00
Dave Bartolomeo
5ba51e32f0 C++: Remove aliased_ssa instantiation of IR reachability 
We never actually consumed this iteration, since SSA construction only depends on the reachability instantiation of the previous IR layer.
 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
a81ba84c0e C++: Update test expectations after unreachable IR removal 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
b2e596fcc2 C++: Improve join order in IR reachability 2018-12-10 21:22:55 -08:00
Dave Bartolomeo
99d33f9623 C++: Remove unreachable IR 
This change removes any IR instructions that can be statically proven unreachable. To detect unreachable IR, we first run a simple constant value analysis on the IR. Then, any `ConditionalBranch` with a constant condition has the appropriate edge marked as "infeasible". We define a class `ReachableBlock` as any `IRBlock` with a path from the entry block of the function. SSA construction has been modified to operate only on `ReachableBlock` and `ReachableInstruction`, which ensures that only reachable IR gets translated into SSA form. For any infeasible edge where its predecessor block is reachable, we replace the original target of the branch with an `Unreached` instruction, which lets us preserve the invariant that all `ConditionalBranch` instructions have both a true and a false edge, and allows guard inference to still work.

The changes to `SSAConstruction.qll` are not as scary as they look. They are almost entirely a mechanical replacement of `OldIR::IRBlock` with `OldBlock`, which is just an alias for `ReachableBlock`.

Note that the `constant_func.ql` test can determine that the two new test functions always return 0.

Removing unreachable code helps get rid of some common FPs in IR-based dataflow analysis, especially for constructs like `while(true)`.
 2018-12-10 21:22:55 -08:00