hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
9146b8e32e C++: Add example of conditional destruction 
The QL CFG and extractor CFG are the same, so the test passes. Neither
of them model that `ref` may or may not be destructed.
 2019-01-09 15:02:25 +01:00
Jonas Jensen
8ac826a62a C++: Factor out base case of normalGroupMember 
This recursive predicate is made faster by working around a known
optimizer problem (QL-796) that causes the optimizer to insert extra
type checks in recursive case even when they are only needed in the
base case.
 2019-01-09 15:02:25 +01:00
Geoffrey White
cbe69f2daf CPP: Fix false positive. 2019-01-09 13:59:24 +00:00
Geoffrey White
e26c709dbf CPP: Add a test for LossyFunctionResultCast.ql. 2019-01-09 13:59:24 +00:00
Geoffrey White
0e092ae88d CPP: Tag LossyFunctionResultCast.ql. Will be run on LGTM. 2019-01-09 13:59:24 +00:00
Jonas Jensen
c74b89119e C++: Reorder parameters to subEdge relations 
This improves performance slightly by putting the parameters in the
order in which they'll be needed in `qlCFGSuccessor`.
 2019-01-09 14:58:43 +01:00
ian-semmle
b3bcabf7c6 Merge pull request #724 from jbj/cfg-pr 
C++: Construct a CFG with QL
 2019-01-09 13:12:39 +00:00
Geoffrey White
6088ca5d5b CPP: Update our uses of MacroInvocationExpr. 2019-01-09 12:17:29 +00:00
Geoffrey White
b59c2868cd CPP: Add test cases for the macro logic and other details of ArithmeticUncontrolled.ql. 2019-01-09 12:17:29 +00:00
Geoffrey White
a1caa85172 CPP: Deprecate MacroInvocationExpr. 2019-01-09 11:45:08 +00:00
Geoffrey White
75b1fb36ec CPP: Deprecate MacroInvocationStmt. 2019-01-09 11:45:08 +00:00
Calum Grant
bd9a2d71ba Merge pull request #719 from hvitved/csharp/autoformat/queries 
C#: Autoformat QL queries
 2019-01-09 10:48:22 +00:00
Max Schaefer
89447846f1 JavaScript: Add change note. 2019-01-09 09:24:22 +00:00
Max Schaefer
97e6c75b94 JavaScript: Remove a few other deprecated predicates and classes. 2019-01-09 09:23:59 +00:00
Max Schaefer
db8e436046 JavaScript: Remove deprecated flow tracking predicates. 2019-01-09 09:23:59 +00:00
Max Schaefer
8a93c6aa65 JavaScript: Remove a few deprecated classes. 2019-01-09 09:23:59 +00:00
Max Schaefer
5d1d94ebf1 JavaScript: Remove deprecated old call graph library. 2019-01-09 09:23:59 +00:00
Max Schaefer
db713fb359 JavaScript: Remove deprecated backward-compatibility layer in security libraries. 2019-01-09 09:23:59 +00:00
Max Schaefer
feb9693fea JavaScript: Remove old data flow library. 2019-01-09 09:23:59 +00:00
Max Schaefer
3d44f0c6e0 JavaScript: Autoformat new libraries. 2019-01-09 09:13:14 +00:00
Max Schaefer
fb53a69880 Revert "JavaScript: Add ImportFromCSV to javascript.qll." 
This reverts commit d03f82beb1f7d4634615f527b3d275043eeda1c5.
 2019-01-09 09:10:45 +00:00
Max Schaefer
e960bd967f JavaScript: Make configuration IDs explicit in the API. 2019-01-09 09:10:45 +00:00
Max Schaefer
8f1c5db8be JavaScript: Change encoding of member and parameter portals for readability. 2019-01-09 09:10:45 +00:00
Max Schaefer
a7ea7309d4 JavaScript: Fold a predicate to improve performance in the presence of many configurations with many sources/sinks. 2019-01-09 09:10:44 +00:00
Max Schaefer
9a64224344 JavaScript: Cache portal computation. 2019-01-09 09:09:58 +00:00
Max Schaefer
2295353b56 JavaScript: Add ImportFromCSV to javascript.qll. 2019-01-09 09:09:58 +00:00
Max Schaefer
94242b3b94 JavaScript: Exclude step summary query from flow-summaries suite. 
In its current form, this query produces way too many results.
 2019-01-09 09:09:58 +00:00
Max Schaefer
fae419c5d2 JavaScript: Add guide to using summaries. 2019-01-09 09:09:58 +00:00
Max Schaefer
8e36c60326 JavaScript: Add a few examples that cause cyclic portals. 2019-01-09 09:09:58 +00:00
Max Schaefer
132570940a JavaScript: Add support for annotation comments specifying additional sources and sinks. 2019-01-09 09:09:58 +00:00
Max Schaefer
bdf29d010a JavaScript: Allow summary details to be omitted. 
If a summary does not specify a configuration, it is taken to apply to all configurations without custom sanitisers/barriers.

If a source summary does not specify a flow label, `data` is assumed.

If a sink summary does not specify a flow label, both `data` and `taint` are assumed.

Flow step summaries cannot omit flow labels.

Note that the standard extraction queries always provide explicit configurations and flow labels, and hence do not exercise this functionality.
 2019-01-09 09:09:58 +00:00
Max Schaefer
7c87c43511 JavaScript: Import flow summaries through external predicates. 2019-01-09 09:09:58 +00:00
Max Schaefer
90ad8e3858 JavaScript: Import flow summaries from CSV data. 2019-01-09 09:09:58 +00:00
Max Schaefer
f4fed3657d JavaScript: Add flow summary extraction queries. 2019-01-09 09:09:58 +00:00
Max Schaefer
6d893d4be7 JavaScript: Allow additional sources, sinks and steps to specify flow labels. 2019-01-09 09:09:57 +00:00
Max Schaefer
98a763ae4b JavaScript: Add QL library for modelling portals between npm packages. 2019-01-09 09:06:55 +00:00
Max Schaefer
7e7899faba JavaScript: Add predicate DataFlow::Node.getTopLevel(). 2019-01-09 09:05:11 +00:00
Max Schaefer
3e56e9eaf9 JavaScript: Add predicate AbstractCallable.getDefinition. 2019-01-09 09:05:09 +00:00
semmle-qlci
688647491e Merge pull request #727 from xiemaisi/js/restructure-sourcenode 
Approved by esben-semmle
 2019-01-09 08:01:26 +00:00
yh-semmle
b8f53b5c6a Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
yh-semmle
d4f2a07a77 Merge pull request #732 from aschackmull/java/conditional-bypass-precision 
Java: Reduce precision of java/user-controlled-bypass.
 2019-01-08 14:58:58 -05:00
yh-semmle
b0364e3592 Merge pull request #729 from aschackmull/java/intmulttolong 
Java: Restrict attention to integral types in IntMultToLong.
 2019-01-08 14:40:22 -05:00
yh-semmle
a09394da1b Merge pull request #730 from aschackmull/java/gcd 
Java: Switch to built-in gcd.
 2019-01-08 14:38:05 -05:00
Robert Marsh
c39de75d3d C++: change in-predicate comment formatting 2019-01-08 09:34:29 -08:00
Robert Marsh
af8a3f2522 C++: expand a comment 2019-01-08 09:34:28 -08:00
Robert Marsh
0040a2d123 C++: respond to further PR comments 2019-01-08 09:34:28 -08:00
Robert Marsh
8c9c316e1b C++: performance and termination fixes 2019-01-08 09:34:27 -08:00
Robert Marsh
567eee1114 C++: allow phi nodes to self-bound 2019-01-08 09:34:27 -08:00
Robert Marsh
b2cd9a29f2 C++: add test for false comparisons 2019-01-08 09:34:26 -08:00
Robert Marsh
2f8ca8802b C++: switch to using ValueNumbers as bounds 
This reduces the number of bounds computed, and will simplify use of the
library. The resulting locations in the tests may be slightly strange,
because the example `Instruction` for a `ValueNumber` is the first
appearing in the IR, regardless of source order, and may not be the most
closely related `Instruction` to the bounded value. I think that's worth
doing for the performance and usability benefits.
 2019-01-08 09:34:26 -08:00