hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-11 18:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,709 Branches 162 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
9156163563 Merge pull request #4703 from github/hmakholm/pr/duplicate-code-2 
Remove unit tests for duplicate-code detection, take II
 2020-11-23 13:52:24 +01:00
Arthur Baars
3ea6cb40f8 Merge pull request #45 from github/hvitved/name-resolution-suggestions 
Suggested changes to Variables.qll
 2020-11-23 13:28:40 +01:00
Tom Hvitved
f0f5d44b33 C#: Replace BreakNormalCompletion with a nested completion 2020-11-23 11:38:24 +01:00
Tom Hvitved
17df059432 C#: Replace matchesCompletion() with getAMatchingSuccessorType() 2020-11-23 11:38:24 +01:00
Tom Hvitved
f3abaa406c C#: Refactor CFG implementation 2020-11-23 11:38:24 +01:00
Rasmus Wriedt Larsen
f35ffa5632 Python: Add support for x in ["safe", "also_safe"] (and not in) 2020-11-23 10:42:24 +01:00
Rasmus Wriedt Larsen
431aab45f7 Python: Add support for x != "safe" BarrierGuard 2020-11-23 10:36:55 +01:00
Rasmus Wriedt Larsen
18041fd059 Python: Expand string-const-compare tests 
Also moved file to reflect that. Added tests of

+ `!=`
+ `in`
+ `not in`
 2020-11-23 10:36:49 +01:00
Tom Hvitved
59624454d1 Suggested changes to Variables.qll 
- Remove `abstract` predicates from public API.
- Cache core computations.
- Redefine `VariableScope::get[A]Variable` to only include variables declared
  directly in the scope.
 2020-11-23 10:33:34 +01:00
Erik Krogh Kristensen
234730419b restrict computation of ConcatenationRoot::getConstantStringParts to results that are less than 1 million chars long 2020-11-23 10:29:47 +01:00
Tamás Vajk
7d38b2dd17 Merge pull request #4623 from tamasvajk/feature/csharp9-type-param-nullability 
C#: Add type parameter ref/value type tests
 2020-11-23 09:58:56 +01:00
Arthur Baars
bc423000ca Add variable to varaccess tests 2020-11-23 09:58:31 +01:00
Arthur Baars
49f1143133 Make Variable an IPA type and speed things up on large databases 2020-11-23 09:58:31 +01:00
Tom Hvitved
bb06c1ffeb Various minor changes to Variables.qll 2020-11-23 09:58:31 +01:00
Arthur Baars
c16a2e77d8 Model local variables 2020-11-23 09:58:31 +01:00
Arthur Baars
6bd476ff30 Add AstNode::getParent 2020-11-23 09:58:31 +01:00
Rasmus Lerchedahl Petersen
777100f25c Python: rename file, package, and class 2020-11-23 09:17:40 +01:00
Tom Hvitved
c571e42cd5 C#: Move internal CFG logic into separate file 2020-11-21 19:49:17 +01:00
Mathias Vorreiter Pedersen
a7644db762 C++: Use the new names in IR dataflow. Turns out DataFlowCall had its own implementation of getArgument already (which didn't handle qualifiers). The predicate wasn't used anywhere, so I simply removed it, as a better predicate is now available on the base class of DataFlowCall. 2020-11-21 01:00:59 +01:00
Mathias Vorreiter Pedersen
61bbceb201 C++/C#: Sync identical files 2020-11-21 00:55:07 +01:00
Mathias Vorreiter Pedersen
f173dc71c0 C++: Use shorter names for new IR predicates. This should hopefully guide users to use these predicates by default. 2020-11-21 00:54:50 +01:00
Geoffrey White
cc8d4b4c75 Merge branch 'main' into modelchanges2 2020-11-20 20:33:52 +00:00
Geoffrey White
fddd353155 C++: Updated autoformat. 2020-11-20 20:15:45 +00:00
Henning Makholm
a2a4938f60 Remove unit tests for duplicate-code detection, take II 
In #4689 I forgot to remove the `.expected` files too, but they are
now of course useless.
 2020-11-20 21:07:42 +01:00
Asger F
adc7bbfa4d Merge pull request #4694 from asgerf/js/flow-to-external-api 
JS: Add UntrustedDataToExternalAPI query
 2020-11-20 15:56:04 +00:00
Asger Feldthaus
f894cf2074 JS: Add support for react-hot-loader 2020-11-20 15:28:32 +00:00
Mathias Vorreiter Pedersen
6ead6c6d38 Merge branch 'main' into qualifier-as-parameter-for-callee 2020-11-20 16:17:10 +01:00
Tamas Vajk
0fa3cf7912 Simplify test predicates 2020-11-20 16:05:12 +01:00
Asger Feldthaus
16429c8ca4 JS: followed -> followed by 2020-11-20 14:44:25 +00:00
james
dcf52f3ee3 improve lists in metadata section 2020-11-20 13:59:12 +00:00
Mathias Vorreiter Pedersen
fd4f8c557c Merge branch 'main' into unsafe-use-of-this-query 2020-11-20 14:54:51 +01:00
Jonas Jensen
14aa6427ca Merge pull request #4696 from MathiasVP/get-result-memory-location-join-order-fix 
C++: Fix bad join order in AliasedSSA::getResultMemoryLocation
 2020-11-20 14:50:35 +01:00
Tamas Vajk
3e836ef671 C#: Add type parameter ref/value type tests 2020-11-20 13:08:38 +01:00
Tamás Vajk
77afd5a617 Merge pull request #4633 from tamasvajk/feature/csharp9-native-int 
C#: Add test cases for native integers
 2020-11-20 12:58:11 +01:00
james
f5ae00865f rebase on rc/1.26 branch 2020-11-20 11:51:35 +00:00
Mathias Vorreiter Pedersen
c7efc91676 C++: Use the new predicates in IR dataflow. 2020-11-20 12:24:39 +01:00
Mathias Vorreiter Pedersen
f3b5d7b830 C++/C#: Sync identical files 2020-11-20 12:23:34 +01:00
Mathias Vorreiter Pedersen
416431a7c1 C++: Add convenience predicates for working with qualifiers as parameters. 2020-11-20 12:22:37 +01:00
Rasmus Wriedt Larsen
08bcba98e6 Python: Add BarrierGuard test with exception inside unsafe branch 2020-11-20 11:55:07 +01:00
Rasmus Wriedt Larsen
34f78d4211 Python: Add BarrierGuard test with return inside unsafe branch 2020-11-20 11:52:36 +01:00
Jonas Jensen
3342fac83e Merge pull request #4688 from criemen/printast-performance 
C++: Speed up PrintAST.
 2020-11-20 11:45:42 +01:00
Asger Feldthaus
7536c49c6f JS: Use getAParameter and not getReceiver instead of getASuccessor 2020-11-20 10:34:30 +00:00
Tamas Vajk
52680cd1dc C#: Add test cases for native integers 2020-11-20 11:31:20 +01:00
Asger F
405f07720a Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-11-20 10:21:19 +00:00
Asger Feldthaus
b34df9ff33 JS: Autoformat 2020-11-20 10:15:35 +00:00
Cornelius Riemenschneider
1afd32c033 C++: Add comment, rename class. 2020-11-20 10:49:12 +01:00
yoff
b478a51d4e Apply suggestions from code review 
Thanks for doing the work for me :-)

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-20 10:46:04 +01:00
Rasmus Wriedt Larsen
6c8937c5a9 Python: Add StringConstCompare to new data-flow queries 
In the future, I could imagine we would have something like this, but for now,
I'm just keeping it simple.

```codeql
  /**
   * A collection of common guards that ensure the checked value cannot have arbitrary
   * values.
   *
   * Currently only supports comparison with constant string value, but could also
   * include checking whether all characters are alphanumeric, or whether a regex is
   * matched against the value.
   *
   * Such guards will be useful for many taint-tracking queries, but not necessarily
   * all, which is why you need to opt into these manually.
   */
  class CommonNonArbitraryGuard extends BarrierGuard {
    CommonNonArbitraryGuard() {
      this instanceof StringConstCompare
    }

    override predicate checks(ControlFlowNode node, boolean branch) {
      this.(StringConstCompare).checks(node, branch)
    }
  }
```
 2020-11-20 10:44:50 +01:00
Rasmus Wriedt Larsen
12b36b2245 Python: Highlight that safe or also_safe doesn't clear taint :( 2020-11-20 10:43:46 +01:00
Rasmus Wriedt Larsen
1a52f17da3 Python: Add StringConstCompare BarrierGuard 2020-11-20 10:40:04 +01:00