github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
3 016 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

3016 Коммитов

Автор SHA1 Сообщение Дата
Tom Hvitved b4b6fdd12b C#: Revert recent change to `AccessorCall` 
The recent change to `AccessorCall` on dd99525566 resulted
in some bad join-orders, so I have (partly) reverted them. This means that the issues
orignally addressed by that change are now reintroduced, and I plan to instead apply a
fix to the CFG, which--unlike the original fix--should be able to handle multi-property-tuple
assignments.
 2019-02-04 15:14:18 +01:00
jf205 6243c722c6
Merge pull request #861 from jbj/revert-dbscheme-docs 
C++: Revert doc-related changes to dbscheme
 2019-02-01 10:59:18 +00:00
Max Schaefer 9bfde9553d
Merge pull request #839 from asger-semmle/field-propwrite 
JS: add PropWrites cases for instance fields initialization
 2019-02-01 10:56:25 +00:00
semmle-qlci 222738072d
Merge pull request #840 from esben-semmle/js/propagate-sound-avalue 
Approved by xiemaisi
 2019-02-01 09:23:43 +00:00
Jonas Jensen e81d197ebd C++: Revert doc-related changes to dbscheme 
These changes to the dbscheme were made in 7cc1442ecb and a98aae0a24
without a corresponding upgrade script in the internal repo.
 2019-02-01 10:01:29 +01:00
Jonas Jensen ee4526687d
Merge pull request #859 from rdmarsh2/rdmarsh/cpp/ir-performance-1 
C++: use field overrides in TranslatedElement and subclasses
 2019-02-01 08:43:20 +01:00
Robert Marsh e1d289ffb4
Merge pull request #759 from calumgrant/cs/interface-tostring 
C#: Remove FPs from cs/call-to-object-tostring
 2019-01-31 12:03:49 -08:00
Robert Marsh f3b4cb4640
Merge pull request #848 from calumgrant/cs/lgtm-suppress-alerts 
C#: Suppress cs/catch-of-all-exceptions
 2019-01-31 12:03:26 -08:00
Robert Marsh 5327ca7f77
Merge pull request #812 from jbj/ir-backedge 
C++: IR back-edge detection based on TranslatedStmt
 2019-01-31 11:28:21 -08:00
Dave Bartolomeo bbe8e7ebfc
C++: fix typo, ThrowExpr -> ReThrowExpr 
Co-Authored-By: rdmarsh2 <rdmarsh2@gmail.com>
 2019-01-31 10:47:17 -08:00
Dave Bartolomeo ab1f96fb2c
Merge pull request #770 from jbj/cfg-static-init-pr 
C++: Add addresses to `Expr.isConstant`
 2019-01-31 10:24:48 -08:00
Dave Bartolomeo b0b2fc80c1
Merge pull request #855 from jbj/ir-getRealParent 
C++: Simplify TranslatedElement.getRealParent
 2019-01-31 10:15:30 -08:00
Dave Bartolomeo 8896d3bf88
Merge pull request #856 from jbj/ir-getInstructionOperandDefinition 
C++: Speed up `getInstructionOperandDefinition`
 2019-01-31 10:11:59 -08:00
Robert Marsh ffb46638b0 C++: use more field overrides in IR generation 2019-01-31 07:47:21 -08:00
Robert Marsh fa56981bce C++: use field overrides in TranslatedExpr 2019-01-31 07:47:21 -08:00
Jonas Jensen be2a480394
Merge pull request #843 from geoffw0/strtoul 
CPP: Improve ArithmeticTainted.ql
 2019-01-31 07:04:17 -08:00
Jonas Jensen b55573ebe3 C++: Accept test changes in ir_gvn.expected 2019-01-31 10:08:16 +01:00
Jonas Jensen 947634f66f C++: Speed up `getInstructionOperandDefinition` 
A part of `SSAConstruction.getInstructionOperandDefinition` was more
expensive than it had to be. On a ChakraCore snapshot, this changes the
tuple counts from

    3020569 ~2%       {3} r40 = JOIN OperandTag::TUnmodeledUseOperand#f WITH Instruction::Instruction::getFunction_dispred#ff CARTESIAN PRODUCT OUTPUT FIELDS {Instruction::Instruction::getFunction_dispred#ff.<0>,OperandTag::TUnmodeledUseOperand#f.<0>,Instruction::Instruction::getFunction_dispred#ff.<1>}
    62405   ~0%       {3} r41 = JOIN r40 WITH Instruction::UnmodeledUseInstruction#class#fffffff ON r40.<0>=Instruction::UnmodeledUseInstruction#class#fffffff.<0> OUTPUT FIELDS {r40.<2>,r40.<1>,r40.<0>}
    2868421 ~1%       {3} r42 = JOIN r41 WITH Instruction::Instruction::getFunction_dispred#ff_10#join_rhs ON r41.<0>=Instruction::Instruction::getFunction_dispred#ff_10#join_rhs.<0> OUTPUT FIELDS {Instruction::Instruction::getFunction_dispred#ff_10#join_rhs.<1>,r41.<1>,r41.<2>}
    62405   ~0%       {3} r43 = JOIN r42 WITH Instruction::UnmodeledDefinitionInstruction#class#fffffff ON r42.<0>=Instruction::UnmodeledDefinitionInstruction#class#fffffff.<0> OUTPUT FIELDS {r42.<2>,r42.<1>,r42.<0>}

to

    (0s) Starting to evaluate predicate SSAConstruction::Cached::getUnmodeledUseInstruction#ff
    (0s) Tuple counts:
    62405   ~0%     {2} r1 = JOIN Instruction::UnmodeledUseInstruction#class#fffffff WITH Instruction::Instruction::getFunction_dispred#ff ON Instruction::UnmodeledUseInstruction#class#fffffff.<0>=Instruction::Instruction::getFunction_dispred#ff.<0> OUTPUT FIELDS {Instruction::Instruction::getFunction_dispred#ff.<1>,Instruction::Instruction::getFunction_dispred#ff.<0>}
                                      return r1
    ...
    75716   ~0%       {3} r40 = JOIN OperandTag::TUnmodeledUseOperand#f WITH FunctionIR::FunctionIR::getUnmodeledDefinitionInstruction#ff CARTESIAN PRODUCT OUTPUT FIELDS {FunctionIR::FunctionIR::getUnmodeledDefinitionInstruction#ff.<0>,OperandTag::TUnmodeledUseOperand#f.<0>,FunctionIR::FunctionIR::getUnmodeledDefinitionInstruction#ff.<1>}
    62405   ~0%       {3} r41 = JOIN r40 WITH FunctionIR::FunctionIR::getUnmodeledUseInstruction#ff ON r40.<0>=FunctionIR::FunctionIR::getUnmodeledUseInstruction#ff.<0> OUTPUT FIELDS {FunctionIR::FunctionIR::getUnmodeledUseInstruction#ff.<1>,r40.<1>,r40.<2>}
 2019-01-31 08:43:00 +01:00
Jonas Jensen 5b685383c8 C++: Simplify TranslatedElement.getRealParent 
Now that we have `Expr.getParentWithConversions`, we can implement
`TranslatedElement.getRealParent` simpler. This implementation also
avoids recursion.
 2019-01-31 08:41:29 +01:00
Asger F 720f442ea5 JS: Rename to StaticClassMemberAsPropWrite 2019-01-30 15:49:21 +00:00
semmle-qlci fc5b9dd55e
Merge pull request #837 from asger-semmle/hardcoded-empty-string 
Approved by esben-semmle
 2019-01-30 13:40:39 +00:00
semmle-qlci 24c8a47bb1
Merge pull request #841 from asger-semmle/private-higher-order-call 
Approved by esben-semmle
 2019-01-30 13:34:04 +00:00
Felicity Chapman 54242f4009
Merge pull request #849 from jf205/locations 
Update links to QL help topics in GH repo files (SD-2999)
 2019-01-30 11:06:22 +00:00
Calum Grant 9b7f4a8ce5
Merge pull request #845 from hvitved/csharp/get-type-non-null 
C#: Teach guards library about `object.GetType()`
 2019-01-30 10:08:05 +00:00
Calum Grant 722402fc89
Merge pull request #825 from hvitved/csharp/cfg/splitting-performance 
C#: Improve performance of CFG split set computation
 2019-01-30 10:05:25 +00:00
james 7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
james a98aae0a24 update links to lgtm.com/docs 2019-01-30 08:02:03 +00:00
james 81137aa7b4 update links to locations in .ql files 2019-01-30 08:02:02 +00:00
james 9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
calum f39daaeeab C#: Suppress cs/catch-of-all-exceptions 2019-01-29 18:22:12 +00:00
calum d63df71a8a C#: Fix merge conflict. 2019-01-29 18:15:33 +00:00
calum 423513169f C#: Address review comments. Introduce `Member::isEffectivelyPublic()` because `isEffectivelyPrivate` and `isEffectivelyInternal` are almost always used together. 2019-01-29 18:05:29 +00:00
calum 26365c82f7 C#: Update change notes. 2019-01-29 18:04:52 +00:00
calum 931b6b4ee5 C#: Exclude interfaces and abstract classes from cs/call-to-object-tostring 2019-01-29 18:04:26 +00:00
Taus 83e2689645
Merge pull request #844 from markshannon/python-hide-magic-variables-in-test 
Python tests: Further hiding of special ESSA variables in tests
 2019-01-29 18:51:06 +01:00
Taus 3d7821c83a
Merge pull request #820 from markshannon/python-incomplete-url-sanitize 
Python: Two new queries for URL and hostname sanitization (CWE-020).
 2019-01-29 17:48:42 +01:00
Tom Hvitved 16d3399039 C#: Teach guards library about `object.GetType()` 2019-01-29 16:40:36 +01:00
Tom Hvitved 87bb4a1d56 C#: Add null guard test involving `GetType()` 2019-01-29 16:32:13 +01:00
Mark Shannon 9820249c71 Python tests: Further hiding of special ESSA variables in tests, to ease transition from '*' to '$' variable. 2019-01-29 15:06:47 +00:00
Taus 9adb19f3a9
Merge branch 'master' into python-incomplete-url-sanitize 2019-01-29 14:17:37 +01:00
Jonas Jensen d776d9f903
Merge pull request #821 from geoffw0/query-tags-case 
CPP: Improve ArrayArgSizeMismatch.ql
 2019-01-29 03:52:52 -08:00
Asger F 9e87bf37ea JS: make higherOrderCall private 2019-01-29 11:50:46 +00:00
Asger F 60cef60c1d JS: ensure PropWrites exist for all instance members 2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen 5d5900a534 JS: change notes for improved interprocedural type inference 2019-01-29 10:21:36 +01:00
Esben Sparre Andreasen 0d1f4270d6 JS: introduce SsaVarAccessWithNonLocalAnalysis 2019-01-29 10:20:36 +01:00
Esben Sparre Andreasen 2683a9b43a JS: add testss for js/trivial-conditional 2019-01-29 10:19:03 +01:00
semmle-qlci a5aee9ed0f
Merge pull request #833 from esben-semmle/js/sharpen-cond 
Approved by xiemaisi
 2019-01-29 08:03:06 +00:00
Taus 1d28c63703
Merge pull request #810 from markshannon/python-hide-magic-variables 
Python hide magic variables
 2019-01-28 23:21:31 +01:00
Taus 0f5b21e392
Merge pull request #807 from markshannon/python-insecure-file-permission 
Python: Weak file permissions query.
 2019-01-28 23:21:10 +01:00
semmle-qlci bf64fee4bd
Merge pull request #790 from rdmarsh2/rdmarsh/cpp/futile-params 
Approved by semmledocs-ac
 2019-01-28 22:11:44 +00:00