github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 594 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

5594 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci 4d779026d2
Merge pull request #1479 from xiemaisi/js/remove-circularity 
Approved by asger-semmle
 2019-06-21 09:03:13 +01:00
semmle-qlci eccf153d86
Merge pull request #1481 from xiemaisi/js/fix-yaml-extractor-npe 
Approved by asger-semmle
 2019-06-20 21:10:22 +01:00
Max Schaefer 4370f25b32 JavaScript: Remove dependency of module import on `globalVarRef`. 2019-06-20 21:08:34 +01:00
Max Schaefer 544a55dd0e JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-20 17:04:47 +01:00
Jonas Jensen cace411974 C++: NonConstantFormat taint only for string types 
To speed up the taint analysis in `NonConstantFormat.ql` and to remove
FPs that were due to taint spreading from `i` to `a[i]`, this commit
stops the taint tracking in `NonConstantFormat.ql` at every node that
could not possibly contain a string.

I tested performance on Wireshark, and it's fine. Pulling out the
`isSanitizerNode` prevented `isSanitizer` from turning into four
half-slow RA predicates due to both CPE and `#antijoin_rhs`
transformations happening.
 2019-06-20 15:39:47 +02:00
Jonas Jensen 364100f043
Merge pull request #1480 from geoffw0/time 
CPP: Speed up StructWithExactEraDate.ql
 2019-06-20 15:27:52 +02:00
Taus 524a184fdb
Merge pull request #1478 from markshannon/python-loop-unrolling-prepare 
Python : Prepare for loop unrolling in extractor
 2019-06-20 15:01:54 +02:00
Jonas Jensen e99c68885c C++: Demonstrate ArrayExpr FP 2019-06-20 14:00:42 +02:00
Geoffrey White 0e69063e3c CPP: Restore the query precision. 2019-06-20 12:39:16 +01:00
Geoffrey White 936afadc43 CPP: Speed up StructWithExactEraDate.ql. 2019-06-20 12:21:06 +01:00
Ellen Arteca 99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Mark Shannon eb23c11142 Python: Fix ForNode class to support loop unrolling. 2019-06-20 10:41:55 +01:00
Calum Grant a3d5d2c8e4
Merge pull request #1345 from denislevin/denisl/cs/MishandlingJapaneseDatesAndLeapYear 
C#: Japanese Era and Leap Year checks (Likely Bugs)
 2019-06-20 10:21:26 +01:00
Arthur Baars 8b58b80e5f
Merge pull request #1453 from markshannon/python-remove-redundant-override 
Python: Remove redundant override.
 2019-06-19 19:00:52 +02:00
Arthur Baars d4bbb0f21f
Merge pull request #1474 from yh-semmle/java-dbscheme-diagnostics-rc 
Java: add compilation/diagnostic relations to dbscheme (rc/1.21)
 2019-06-19 18:59:58 +02:00
Calum Grant 3c9c0e943b
Merge pull request #1459 from hvitved/csharp/remove-deprecated 
C#: Remove deprecated predicates
 2019-06-19 17:56:20 +01:00
Calum Grant 07eb0ec5b2
Merge pull request #1462 from hvitved/csharp/controlflowgraph-depr 
C#: Remove uses of deprecated `ControlFlowGraph` module
 2019-06-19 17:55:04 +01:00
Calum Grant df2a46eb80
Merge pull request #1468 from hvitved/csharp/extractor-error 
C#: Include extractor message in diagnostic queries
 2019-06-19 17:47:11 +01:00
Mark Shannon 217214c9e5
Merge pull request #1476 from aeyerstaylor/more-python-performance 
Python: Further performance improvements on large databases.
 2019-06-19 17:43:51 +01:00
alexet 78bf75544e Python: Improve performance of implicit_submodule_points_to 2019-06-19 16:01:13 +01:00
alexet 6472588569 Python: Remove pointless charpred. 2019-06-19 16:01:13 +01:00
alexet 4d1e4e0261 Python: Add no-inline to force correct join-order. 2019-06-19 16:01:12 +01:00
Taus 85ad89c299
Merge pull request #1292 from markshannon/python-prune-in-ql 
Python: Do pruning in QL.
 2019-06-19 16:58:27 +02:00
Jonas Jensen 1affd30a5a
Merge pull request #1431 from geoffw0/taintedallocfp 
CPP: Fix TaintedAllocationSize.ql false positives
 2019-06-19 16:27:01 +02:00
Jonas Jensen ad337de6ce
Merge branch 'master' into taintedallocfp 2019-06-19 15:35:09 +02:00
Mark Shannon 2040b010f4 Python: Clarify qldoc. 2019-06-19 14:02:24 +01:00
Mark Shannon 30f2df8ac4 Python: Refactor pruning to be more clearly symmetric and complete. 2019-06-19 13:09:20 +01:00
Asger F 52f31dcb07 TS: Rely on ts.sys.readFile for decoding 2019-06-19 11:57:22 +01:00
Mark Shannon 5b145edc3f Python: Fix getOperand() for `not` node and make sure it can only point-to a boolean. 2019-06-19 11:23:02 +01:00
Taus cb43d27344
Merge pull request #1472 from markshannon/python-taint-through-iterators 
Python: Track taint through iteration and iterators including generators.
 2019-06-19 11:33:10 +02:00
Taus b43df7439e
Merge pull request #1471 from markshannon/python-no-taint-past-sinks 
Python: Don't record taint past sinks.
 2019-06-19 11:23:27 +02:00
Jonas Jensen 53d4b2dfc9
Merge pull request #1365 from geoffw0/uninit 
CPP: Fix for the 'LoopConditionAlwaysTrueUponEntry' logic
 2019-06-19 11:01:57 +02:00
yh-semmle f8f217be31 Java: add db stats for compilation/diagnostic relations 2019-06-19 10:44:30 +02:00
yh-semmle b31b8b2403 Java: add compilation/diagnostic relations to dbscheme 2019-06-19 10:44:30 +02:00
Taus bc7e6af979
Merge pull request #1463 from markshannon/python-no-duplicate-modules 
Python: Avoid duplicate modules in points-to and resulting blow-up.
 2019-06-19 10:35:26 +02:00
Jonas Jensen 9d18b351cc
Merge pull request #1469 from geoffw0/av95perf 
CPP: Fix AV Rule 95 performance issue.
 2019-06-19 10:32:57 +02:00
Taus 7ea4b6a52f
Merge pull request #1465 from markshannon/python-performance-tweaks 
Python: Minor performance enhancements.
 2019-06-19 10:28:10 +02:00
Jonas Jensen 0b891013a4
Merge pull request #1466 from geoffw0/castarrayperf 
CPP: Resolve performance issue in CastArrayPointerArithmetic.ql
 2019-06-19 10:23:23 +02:00
Denis Levin aab4351efb A few more changes from code review 2019-06-18 17:49:48 -07:00
Jonas Jensen ba3ec500fd
Merge pull request #1467 from geoffw0/dates-cleanup1 
CPP: Follow-up for Mishandling Japanese Era and Leap Year in calculations
 2019-06-18 20:13:33 +02:00
Mark Shannon e8190d9a7b Python: Track taint through 'yield' expressions. 2019-06-18 16:39:52 +01:00
Mark Shannon 97c98f29e4 Python taint-tracking: Support iterables of taint. 2019-06-18 16:39:47 +01:00
Mark Shannon 918bdecba5 Python: Don't record taint past sinks. 2019-06-18 16:34:23 +01:00
Geoffrey White 659fa477df CPP: Change note. 2019-06-18 16:12:08 +01:00
Geoffrey White 98d80deefb CPP: Improved solution (mostly performance). 2019-06-18 15:56:22 +01:00
Geoffrey White 47ff38ef22 CPP: Add a warning to getFollowingStmt. 2019-06-18 15:56:22 +01:00
Geoffrey White ef3ceb5910 CPP: Don't use getFollowingStmt. 2019-06-18 15:56:22 +01:00
Geoffrey White 536adaae7f CPP: Additional test cases. 2019-06-18 15:56:22 +01:00
Geoffrey White 52b68a77bd CPP: Remove commented out code. 2019-06-18 15:56:22 +01:00
Geoffrey White 56adcff2c9 CPP: Fix for LocalScopeReachability. 2019-06-18 15:56:22 +01:00