hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,554 Commits 1,691 Branches 160 Tags
codeql-cli/v2.9.2
Commit Graph

36554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
9479ae3069 JavaScript: Add concrete syntax examples to all API classes in Expr.qll. 2019-07-09 10:01:53 +01:00
Jonas Jensen
39854a3f7b C++ IR: guard against cycles in operand graph 
This doesn't fix the underlying problem that for some reason there are
cycles in the operand graph on our snapshots of the Linux kernel, but it
ensures that the cycles don't lead to non-termination of
`ConstantAnalysis` and `ValueNumbering`.
 2019-07-09 11:00:27 +02:00
Jonas Jensen
da13dc6442 C++ IR: Don't propagate GVN through non-exact Copy 
The `ValueNumbering` library is supposed to propagate value numberings
through a `CopyInstruction` only when it's _congruent_, meaning it must
have exact overlap with its source. A `CopyInstruction` can be a
`LoadInstruction`, a `StoreInstruction`, or a `CopyValueInstruction`.
The latter is also a `UnaryInstruction`, and the value numbering rule
for `UnaryInstruction` applied to it as well.

This meant that value numbering would propagate even through a
non-congruent `CopyValueInstruction`. That's semantically wrong but
probably only an issue in very rare circumstances, and it should get
corrected when we change the definition of `getUnary` to require
congruence.

What's worse is the performance implications. It meant that the value
numbering IPA witness could take two different paths through every
`CopyValueInstruction`. If multiple `CopyValueInstruction`s were
chained, this would lead to an exponential number of variable numbers
for the same `Instruction`, and we would run out of time and space
while performing value numbering.

This fixes the performance of `ValueNumbering.qll` on
https://github.com/asterisk/asterisk, although this project might also
require a separate change for fixing an infinite loop in the IR constant
analysis.
 2019-07-09 10:58:03 +02:00
Jonas Jensen
46d779248d Merge pull request #1559 from zlaski-semmle/zlaski/futile-params-fix 
Reduce precision from `very-high` to `low` due to inability to handle…
 2019-07-09 06:51:56 +02:00
Dave Bartolomeo
7bbfffec4d Merge pull request #1552 from jbj/ir-builtin_addressof 
C++ IR: Support __builtin_addressof
 2019-07-08 17:08:38 -07:00
Dave Bartolomeo
52e0f3fb62 Merge pull request #1551 from jbj/ir-DeleteExpr-placeholder 
C++: Placeholder translation of delete expressions
 2019-07-08 17:07:16 -07:00
Robert Marsh
41e4d920e3 C++: alias and side effect info for pure functions 2019-07-08 12:26:58 -07:00
Ziemowit Laski
ed5e2f3211 It turns out that the bminor/bash alert spewage was caused by 
a bug in the extractor, which is verified fixed in the next release.
Reverting query to its original form.
 2019-07-08 12:11:15 -07:00
Robert Marsh
ea7602b571 C++: add test for Alias and SideEffect models 2019-07-08 11:41:46 -07:00
Robert Marsh
11581e4720 Merge pull request #1562 from geoffw0/models 
CPP: Extend StrcpyFunction and update UsingStrcpyAsBoolean.ql
 2019-07-08 09:56:16 -07:00
Asger F
7fd4d192b2 JS: Add metric for uncalled functions 2019-07-08 17:38:17 +01:00
semmle-qlci
c5d0abaf8a Merge pull request #1560 from asger-semmle/static-calls 
Approved by xiemaisi
 2019-07-08 16:42:32 +01:00
Anders Schack-Mulligen
d8395b7268 Merge pull request #1539 from taus-semmle/python-controlflownode-getchild-performance-hotfix 
Python: Fix bad join ordering in `ControlFlowNode::getAChild()`.
 2019-07-08 17:41:46 +02:00
Calum Grant
ce12312ff2 C#: Disable the write-through of the logger, as this is a theoretical slowdown, and results in less readable log files when multiple extractors are running concurrently. 2019-07-08 15:58:49 +01:00
Asger F
6019e48917 JS: Add annotated call graph test case 2019-07-08 13:55:29 +01:00
Asger F
b63f14fe94 JS: Move CallGraphs test into subfolder 2019-07-08 12:57:34 +01:00
Geoffrey White
29e3e2a5bd CPP: Fix typo. 2019-07-08 09:45:40 +01:00
semmle-qlci
a6b7f2d1f6 Merge pull request #1561 from xiemaisi/js/await-sourcenode 
Approved by asger-semmle
 2019-07-08 09:44:05 +01:00
Max Schaefer
fec87ac716 JavaScript: Address review comment. 2019-07-08 08:29:12 +01:00
Ziemowit Laski
07ee9be9b6 Set query precision to high 2019-07-06 14:33:00 -07:00
Asger F
37ccfd0036 JS: Resolve static calls using type tracking 2019-07-06 22:32:00 +01:00
Ziemowit Laski
be0db66a55 Squelch bminor/bash alerts and set query precision to high. 2019-07-06 14:27:02 -07:00
Ziemowit Laski
9e600e3768 Reduce precision from very-high to low due to inability to handle K&R definitions correctly. 2019-07-05 18:10:03 -07:00
Robert Marsh
10172af401 Merge pull request #1557 from jbj/hiding-range-based-for 
C++: Fix DeclarationHidesVariable FP for nested range-based for loops
 2019-07-05 14:56:02 -07:00
Jonas Jensen
8d3cb78a9d C++: Fix DeclarationHidesVariable FP 
We don't want alerts about the compiler-generated variables that appear
in the desugaring of range-based `for`.
 2019-07-05 20:39:43 +02:00
Jonas Jensen
443a8fbc07 C++: Test for DeclarationHidesVariable FP 2019-07-05 20:34:30 +02:00
Taus Brock-Nannestad
4ddebb9349 Better names for helper predicates. 2019-07-05 16:38:39 +02:00
Taus Brock-Nannestad
703139142a More performance fixes. 2019-07-05 14:44:56 +02:00
Robin Neatherway
204a28df94 Java: Add isNotEmpty to NullGuards 2019-07-05 12:41:46 +01:00
Jonas Jensen
4b4e7caf9f C++ IR: Support __builtin_addressof 2019-07-05 11:05:00 +02:00
Jonas Jensen
6fe9945c04 C++: Placeholder translation of delete expressions 
Before this change, `delete` and `delete[]` expressions had no control
flow after them, which caused the reachability analysis to remove all
code after a delete expression. This commit adds placeholder support for
delete expression by translating them to `NoOp` instructions so their
presence doesn't cause large chunks of the program to be removed.
 2019-07-05 10:54:35 +02:00
semmle-qlci
50e8034b0b Merge pull request #1544 from esben-semmle/js/additional-configuration-splitting 
Approved by xiemaisi
 2019-07-05 09:10:22 +01:00
Ellen Arteca
39c37f519d JavaScript: Use type tracking to identify more portal entry/exit nodes. 2019-07-05 09:03:37 +01:00
Tom Hvitved
f56c17fc77 C#: Fix bad join-orders in lastNonRec() 2019-07-05 07:21:34 +02:00
Tom Hvitved
e6c258c6ba C#: Restructure Completion::isValidFor() 2019-07-05 07:21:34 +02:00
Tom Hvitved
8a35813e1c C#: Unify goto completions 2019-07-05 07:21:34 +02:00
Arthur Baars
9bf0a3f2cd Merge pull request #1547 from Semmle/rc/1.21 
Merge rc/1.21 into master
 2019-07-05 07:20:28 +02:00
Esben Sparre Andreasen
fca815f96d JS: make use of the recent Configuration split 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
6d5b84fa88 JS: split XmlBomb.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
5163ccfd39 JS: split InsufficientPasswordHash.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
8664908f78 JS: split PrototypePollution.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
289c29828f JS: split UnvalidatedDynamicMethodCall.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9e675d9973 JS: split TaintedFormatString.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
26c29cbde5 JS: split TypeConfusionThroughParameterTampering.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
8225d9923c JS: split ClientSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
c3973c061e JS: split ZipSlip.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
29e69b32b0 JS: split XpathInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
48b655f1c7 JS: split CommandInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ccc171ce18 JS: split RemotePropertyInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
063abb5af9 JS: split PostMessageStar.qll 2019-07-04 22:42:55 +02:00