Граф коммитов

2549 Коммитов

Автор SHA1 Сообщение Дата
Mark Shannon 73095c53b8 Python: Add another AST test. 2019-01-17 11:24:41 +00:00
Mark Shannon 7b8468d81b Python: Add bulk regression test for CFG successors. 2019-01-16 11:48:58 +00:00
Mark Shannon e506bf85e8 Python: Add some regression tests for CFG of comparisons. 2019-01-16 11:45:20 +00:00
Mark Shannon d1d898efac Python: Add regression test for code that proved problematic with the new parser. 2019-01-16 11:44:11 +00:00
Mark Shannon bc4301f7b1 Python: Add an extra test for import parsing. 2019-01-16 11:32:59 +00:00
Mark Shannon b8a91d4b1e Python tests: Add a few tests to check parsing and location of comparisons. 2019-01-16 11:27:57 +00:00
Mark Shannon b4e8808582 Python, Exec used query: Remove restriction that call to exec function must be Python 3. For upcoming unified parser. 2019-01-16 10:19:35 +00:00
Mark Shannon c9a929fb23 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-14 11:18:36 +00:00
Mark Shannon 33a2315ba0 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-11 12:15:56 +00:00
Geoffrey White 28261d6787
Merge pull request #737 from jbj/cfg-perf
C++: QL CFG performance and tweaks
2019-01-10 14:45:53 +00:00
semmle-qlci f474fdd0f9
Merge pull request #731 from xiemaisi/js/performance-fiddling
Approved by asger-semmle, esben-semmle
2019-01-10 10:01:02 +00:00
Jonas Jensen 9219214d64
Merge pull request #695 from raulgarciamsft/users/raulga/c6324
cpp - Using the return value of a strcpy or related string copy function in an if statement
2019-01-10 08:34:17 +01:00
semmle-qlci 79734603ce
Merge pull request #734 from xiemaisi/js/remove-deprecated
Approved by esben-semmle
2019-01-09 15:20:04 +00:00
Calum Grant 89becbce9a
Merge pull request #726 from hvitved/csharp/cfg/foreach-multi-variables
C#: Fix CFG for `foreach` statements with tuple declarations
2019-01-09 14:47:01 +00:00
Jonas Jensen 9146b8e32e C++: Add example of conditional destruction
The QL CFG and extractor CFG are the same, so the test passes. Neither
of them model that `ref` may or may not be destructed.
2019-01-09 15:02:25 +01:00
Jonas Jensen 8ac826a62a C++: Factor out base case of normalGroupMember
This recursive predicate is made faster by working around a known
optimizer problem (QL-796) that causes the optimizer to insert extra
type checks in recursive case even when they are only needed in the
base case.
2019-01-09 15:02:25 +01:00
Jonas Jensen c74b89119e C++: Reorder parameters to subEdge relations
This improves performance slightly by putting the parameters in the
order in which they'll be needed in `qlCFGSuccessor`.
2019-01-09 14:58:43 +01:00
ian-semmle b3bcabf7c6
Merge pull request #724 from jbj/cfg-pr
C++: Construct a CFG with QL
2019-01-09 13:12:39 +00:00
Calum Grant bd9a2d71ba
Merge pull request #719 from hvitved/csharp/autoformat/queries
C#: Autoformat QL queries
2019-01-09 10:48:22 +00:00
Max Schaefer 89447846f1 JavaScript: Add change note. 2019-01-09 09:24:22 +00:00
Max Schaefer 97e6c75b94 JavaScript: Remove a few other deprecated predicates and classes. 2019-01-09 09:23:59 +00:00
Max Schaefer db8e436046 JavaScript: Remove deprecated flow tracking predicates. 2019-01-09 09:23:59 +00:00
Max Schaefer 8a93c6aa65 JavaScript: Remove a few deprecated classes. 2019-01-09 09:23:59 +00:00
Max Schaefer 5d1d94ebf1 JavaScript: Remove deprecated old call graph library. 2019-01-09 09:23:59 +00:00
Max Schaefer db713fb359 JavaScript: Remove deprecated backward-compatibility layer in security libraries. 2019-01-09 09:23:59 +00:00
Max Schaefer feb9693fea JavaScript: Remove old data flow library. 2019-01-09 09:23:59 +00:00
semmle-qlci 688647491e
Merge pull request #727 from xiemaisi/js/restructure-sourcenode
Approved by esben-semmle
2019-01-09 08:01:26 +00:00
yh-semmle b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow
Java: Remove old dataflow library.
2019-01-08 14:59:27 -05:00
yh-semmle d4f2a07a77
Merge pull request #732 from aschackmull/java/conditional-bypass-precision
Java: Reduce precision of java/user-controlled-bypass.
2019-01-08 14:58:58 -05:00
yh-semmle b0364e3592
Merge pull request #729 from aschackmull/java/intmulttolong
Java: Restrict attention to integral types in IntMultToLong.
2019-01-08 14:40:22 -05:00
yh-semmle a09394da1b
Merge pull request #730 from aschackmull/java/gcd
Java: Switch to built-in gcd.
2019-01-08 14:38:05 -05:00
Jonas Jensen 1be91b5df5 C++: Use IPA for Pos and Spec
This is cleaner than extending `int` and working with magic numbers.
Performance appears to be unaffected.
2019-01-08 16:23:11 +01:00
Anders Schack-Mulligen 0a9222b772 Java: Add change note. 2019-01-08 15:50:14 +01:00
Anders Schack-Mulligen 51f5198404 Java: Remove old dataflow library. 2019-01-08 13:52:24 +01:00
Jonas Jensen dba3351d2c C++: Update comments based on PR feedback 2019-01-08 13:29:03 +01:00
Anders Schack-Mulligen ab44e5603c Java: Reduce precision of java/user-controlled-bypass. 2019-01-08 13:07:34 +01:00
Anders Schack-Mulligen 06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Max Schaefer 8951eaead3 JavaScript: Improve caching of `getACallee` and related predicates. 2019-01-08 09:42:44 +00:00
Max Schaefer 627583fffa JavaScript: Refactor `UselessConditional` for performance. 2019-01-08 09:40:49 +00:00
Anders Schack-Mulligen 9530eb6cdb Java: Switch to built-in gcd. 2019-01-08 10:07:51 +01:00
Max Schaefer de429752d1 JavaScript: Restructure implementation of `DataFlow::SourceNode`.
It now uses a facade pattern similar to `InvokeNode`: the range of the class is defined by an abstract class `DataFlow::SourceNode::Range`, while the actual behaviour is defined by the (no longer abstract) `SourceNode` class itself.

Clients that want to add new source nodes need to extend `DataFlow::SourceNode::Range`, those that want to refine the behaviour of existing source nodes should extend `DataFlow::SourceNode` itself.

While this is technically a breaking API change, I think separating the two aspects in this way is cleaner and makes it easier to use, and improves performance as well.
2019-01-08 08:01:20 +00:00
semmle-qlci 8b8b352439
Merge pull request #715 from xiemaisi/js/autoformat
Approved by asger-semmle
2019-01-07 22:09:05 +00:00
Raul Garcia 18bb6696e0 Fixing conditional only issue.
I changed  to detect any logical operation usage (i.e. !, ==), but I kept usage in a conditional directly as a separate detection condition. I found no false positives on the projects you shared with me previously.
2019-01-07 10:44:11 -08:00
yh-semmle 0b19f41093
Merge pull request #728 from aschackmull/java/qltest-qlpath
Java: Add .qlpath to the test dir.
2019-01-07 11:34:45 -05:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen e0d3be7dbc Java: Add .qlpath to the test dir. 2019-01-07 13:25:20 +01:00
Calum Grant 6f827140d7
Merge pull request #710 from hvitved/csharp/extractor/standalone-runtimes
C#: Improve logic for looking up .NET runtime in standalone mode
2019-01-07 10:22:17 +00:00
Max Schaefer 31bb39a810 JavaScript: Autoformat all QL files. 2019-01-07 10:15:45 +00:00
Max Schaefer aa6b89dc34
Merge pull request #723 from Semmle/qlucie/master
Master-to-next merge
2019-01-07 07:59:54 +00:00
Raul Garcia 880306c621 Removing duplicated results 2019-01-04 10:45:43 -08:00