codeql

mirror of https://github.com/github/codeql.git synced 2026-02-20 08:53:49 +01:00

Author	SHA1	Message	Date
Asger F	ac2f0a8e11	JS: Do not require flow from key -> rhs	2020-01-14 10:52:59 +00:00
Asger F	96bf9db200	JS: Add another test and more barriers	2020-01-14 10:52:59 +00:00
Asger F	bc7871078a	JS: Fix FPs from Object.create(null)	2020-01-14 10:52:59 +00:00
Asger F	c889420dd3	JS: Add qhelp samples to test suite	2020-01-14 10:52:59 +00:00
Asger F	654f145772	JS: Add PrototypePollutionUtility query	2020-01-14 10:52:59 +00:00
Asger F	52cec25035	JS: Build access paths for array accesses	2020-01-14 10:52:59 +00:00
Tom Hvitved	5a4be67d81	Merge pull request #2597 from calumgrant/cs/multiline-alert-suppression C#: Alert suppression through single-line /* */ style comments	2020-01-14 10:35:11 +01:00
Asger Feldthaus	73e60a7400	JS: Ignore strict-mode-call-stack-introspection for expr stmts	2020-01-13 16:03:03 +00:00
Anders Schack-Mulligen	041bcc5812	Java/C++/C#: Small perf improvement and simplification.	2020-01-13 17:00:56 +01:00
Jonas Jensen	b8ee5a63db	Merge pull request #2614 from geoffw0/arithun CPP: Speed up ArithmeticUncontrolled.ql	2020-01-13 15:25:12 +01:00
Jonas Jensen	3183893a98	Merge pull request #2530 from geoffw0/hiddenqueries2 CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql.	2020-01-13 15:23:55 +01:00
Mathias Vorreiter Pedersen	1bc3829a72	C++: Use newly created library versions of the 'Underspecified Functions' queries in new ImplicitFunctionDeclaration query	2020-01-13 14:01:01 +01:00
Mathias Vorreiter Pedersen	acb106be44	C++: Fix formatting	2020-01-13 13:20:23 +01:00
semmle-qlci	40de391490	Merge pull request #2616 from asger-semmle/promise-missing-await-change-note Approved by mchammer01	2020-01-13 12:03:11 +00:00
Asger F	6c4da30a64	Update change-notes/1.24/analysis-javascript.md Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>	2020-01-13 11:05:03 +00:00
Mathias Vorreiter Pedersen	394a864b0a	C++: Factored the body of TooManyArguments.ql out into a library file	2020-01-13 11:44:58 +01:00
Mathias Vorreiter Pedersen	6cff36b9c9	C++: Factored the body of TooFewArguments.ql out into a library file	2020-01-13 11:36:22 +01:00
Mathias Vorreiter Pedersen	e2244d41f5	C++: Factored the body of MistypedFunctionArguments.ql out into a library file	2020-01-13 11:34:01 +01:00
Anders Schack-Mulligen	183fd91a01	Merge pull request #2615 from yo-h/java-add-change-note Java: add change note for `java/maven/non-https-url`	2020-01-13 09:54:48 +01:00
Grzegorz Golawski	3e86dd1182	Query to detect LDAP injections in Java Apache LDAP API sink	2020-01-12 20:19:25 +01:00
Mathias Vorreiter Pedersen	c9439df914	C++: Added query that detects implicit function declarations	2020-01-12 16:28:30 +01:00
Grzegorz Golawski	c01aa3d2ee	Query to detect LDAP injections in Java Spring LDAP sink	2020-01-12 13:28:29 +01:00
Grzegorz Golawski	7570fa9137	Query to detect LDAP injections in Java JNDI and UnboundID sinks JNDI, UnboundID and Spring LDAP sanitizers	2020-01-11 21:55:54 +01:00
Erik Krogh Kristensen	c50de3a7e8	update expected output of tests	2020-01-10 17:49:24 +01:00
Erik Krogh Kristensen	1619a98bc8	make the default registration/dispatch extend DataFlow::InvokeNode	2020-01-10 17:40:16 +01:00
yo-h	bf8ef42c1a	Java: add change note for `java/maven/non-https-url`	2020-01-10 11:03:48 -05:00
Taus	cfb84be7b1	Merge pull request #2540 from RasmusWL/python-modernise-variables-queries Python: modernise variables queries	2020-01-10 14:45:12 +01:00
Geoffrey White	9176529799	Merge pull request #2599 from MathiasVP/assign-where-compare-meant-false-positives Assign where compare meant false positives	2020-01-10 13:39:39 +00:00
Erik Krogh Kristensen	ec5896abba	add additional data-flow edges to data-flow related to promises	2020-01-10 14:12:53 +01:00
Mathias Vorreiter Pedersen	111f1dbd19	Merge branch 'assign-where-compare-meant-false-positives' of github.com:MathiasVP/ql into assign-where-compare-meant-false-positives	2020-01-10 13:14:00 +01:00
Mathias Vorreiter Pedersen	f80c13abd7	C++: Fixed incorrect comments in testcases	2020-01-10 12:24:43 +01:00
Asger Feldthaus	18db551e10	JS: Add change note for js/missing-await	2020-01-10 11:10:57 +00:00
Mathias Vorreiter Pedersen	f181753c35	Typo fix Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2020-01-10 11:49:03 +01:00
Mathias Vorreiter Pedersen	21c99d1827	Typo fix Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2020-01-10 11:46:14 +01:00
Anders Schack-Mulligen	ad92d6fe0f	Merge pull request #2607 from yo-h/java-alert-suppression-block-comment Java: allow single-line `/* ... */` comments for alert suppression	2020-01-10 11:05:23 +01:00
yo-h	7ffa517803	Merge pull request #2584 from aschackmull/java/nonnull-final-field Java: Include non-null final fields in clearlyNotNull.	2020-01-09 18:48:45 -05:00
Robert Marsh	d2b225790a	C++: fix chi instr oeprands to chi instrs	2020-01-09 11:48:18 -08:00
Erik Krogh Kristensen	87bbbd643c	changes based on review feedback	2020-01-09 16:18:32 +01:00
Erik Krogh Kristensen	af8b36b750	Merge remote-tracking branch 'upstream/master' into EventEmitter	2020-01-09 15:09:43 +01:00
Geoffrey White	1d615d311c	CPP: Autoformat.	2020-01-09 13:48:58 +00:00
Geoffrey White	f6f7df4e8f	CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql.	2020-01-09 13:48:13 +00:00
Geoffrey White	50c0ec1cb1	CPP: Optimize isRandValue.	2020-01-09 12:12:00 +00:00
semmle-qlci	f1f69ef85d	Merge pull request #2589 from esbena/js/ignore-duplicate-params-for-empty-functions Approved by erik-krogh	2020-01-09 11:58:04 +00:00
Robert Marsh	5007fd2aa8	C++: Autoformat and sync	2020-01-08 12:49:51 -08:00
Robert Marsh	e416d75f6f	C++: add noopt on getPhiOperandDefinition	2020-01-08 11:36:57 -08:00
Jonas Jensen	8acbb3bfb9	C++: Further simplify a bit This changes tuple counts!?	2020-01-08 11:36:50 -08:00
Jonas Jensen	5072201b7e	C++: Fix join order	2020-01-08 11:36:40 -08:00
Jonas Jensen	838720bef0	C++: de-inline getDefinitionOrChiInstruction Still has bad join order	2020-01-08 11:36:34 -08:00
Jonas Jensen	3d2cc7bbce	C++: make hasPhiOperandDefinition feasible	2020-01-08 11:36:14 -08:00
Jonas Jensen	55f157e06d	C++: Fix overlappingVariableMemoryLocations perf The `overlappingVariableMemoryLocations` predicate was a helper predicate introduced to fix a join-order issue in `overlappingIRVariableMemoryLocations`. Unfortunately it caused a performance issue of its own because it could grow too large. On the small project (38MB zip) awslabs/s2n there were 181M rows in `overlappingVariableMemoryLocations`, and it took 134s to evaluate. The fix is to collapse the two predicates into one and fix join ordering by including an extra column in the predicates being joined. In addition, some parameters were reordered to avoid the overhead of auto-generated `join_rhs` predicates. Tuple counts of `overlappingVariableMemoryLocations` before: 623285 ~176% {2} r1 = JOIN AliasedSSA::isCoveredOffset#fff_120#join_rhs AS L WITH AliasedSSA::isCoveredOffset#fff_120#join_rhs AS R ON FIRST 2 OUTPUT L.<2>, R.<2> 119138 ~3% {2} r2 = SCAN AliasedSSA::VariableMemoryLocation::getVirtualVariable_dispred#ff AS I OUTPUT I.<1>, I.<0> 172192346 ~0% {2} r3 = JOIN r2 WITH AliasedSSA::hasUnknownOffset#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1> 172815631 ~0% {2} r4 = r1 \/ r3 172192346 ~0% {2} r5 = JOIN r2 WITH AliasedSSA::hasUnknownOffset#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1> 345007977 ~87% {2} r6 = r4 \/ r5 return r6 Tuple counts of `overlappingIRVariableMemoryLocations` after: 117021 ~134% {2} r1 = JOIN AliasedSSA::isCoveredOffset#ffff AS L WITH AliasedSSA::isCoveredOffset#ffff AS R ON FIRST 3 OUTPUT L.<3>, R.<3> 201486 ~1% {2} r2 = JOIN AliasedSSA::hasUnknownOffset#fff AS L WITH AliasedSSA::hasVariableAndVirtualVariable#fff AS R ON FIRST 2 OUTPUT L.<2>, R.<2> 318507 ~26% {2} r3 = r1 \/ r2 201486 ~3% {2} r4 = JOIN AliasedSSA::hasUnknownOffset#fff AS L WITH AliasedSSA::hasVariableAndVirtualVariable#fff AS R ON FIRST 2 OUTPUT R.<2>, L.<2> 519993 ~92% {2} r5 = r3 \/ r4 return r5	2020-01-08 11:07:20 -08:00

... 485 486 487 488 489 ...

33872 Commits