Граф коммитов

8634 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci d9c7549dbe
Merge pull request #2279 from max-schaefer/js/touchstone-files
Approved by asger-semmle
2019-11-08 14:33:23 +00:00
shati-patel fe654a9c99
update to match support page 2019-11-08 14:32:59 +00:00
shati-patel 3f51260fb4
Docs: Update sidebar 2019-11-08 14:04:44 +00:00
Esben Sparre Andreasen 9b346b1d52
Merge pull request #2260 from max-schaefer/js/_min
JavaScript: Classify files with names ending in `_min` as minified.
2019-11-08 13:52:33 +01:00
Rasmus Wriedt Larsen 358964b1e2 Python: Accept changes in Python 2 specific six tests
We don't use a locked-down version of six, so some internal things probably
changed from the version used last time, and the versoin I have installed.

Long term fix would be to use a specific version of six for tests!
2019-11-08 13:49:52 +01:00
Rasmus Wriedt Larsen 6c259e5608 Python: Temporarily accept changes in Python 2 specific MRO tests
Due to internal PR#35123 we now actually run the tests under
`python/ql/test/2/...`

These seems like a regression, since the tests state that N is ok, but A and J
should not be allowed.

For now we can accept them, so we don't block all other Python PRs
2019-11-08 13:48:21 +01:00
Rasmus Wriedt Larsen 89a13213e2 Python: Accept changes in Python 2 specific tests
Due to internal PR#35123 we now actually run the tests under
`python/ql/test/2/...`

Since we haven't done this in a while, test output has changed a bit. These
changes look perfectly fine.
2019-11-08 13:48:14 +01:00
Tom Hvitved af5c60c341 C#: Use type unification library in virtual dispatch library 2019-11-08 12:06:05 +01:00
Tom Hvitved f4b92137d9 C#: Add more virtual dispatch tests 2019-11-08 12:06:05 +01:00
Tom Hvitved ae54852fa4 C#: Add type unification library 2019-11-08 12:06:05 +01:00
semmle-qlci 867ed16777
Merge pull request #2276 from asger-semmle/inclusion-test
Approved by max-schaefer
2019-11-08 10:57:11 +00:00
Max Schaefer d7831d2680 JavaScript: Short-circuit bad-header check on empty files. 2019-11-08 10:30:53 +00:00
Felicity Chapman 8ed0d726ee
Merge pull request #2280 from jf205/codeql-homepage-links
docs: update banner links
2019-11-08 10:06:27 +00:00
james 0554de06a1 docs: update banner links 2019-11-08 09:32:20 +00:00
Max Schaefer e8510fe71a TypeScript: Skip Touchstone files. 2019-11-08 09:17:05 +00:00
Dave Bartolomeo 17f76c2516 C++: Fix merge conflicts 2019-11-07 22:02:15 -07:00
Ziemowit Laski 4ea8569081 [CPP-434] Squelch query alerts if ALL files were compiled
with `-fwrapv` or `-fno-strict-overflow`
2019-11-07 16:40:03 -08:00
Robert Marsh 2582b69e17 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-07 15:46:08 -08:00
Robert Marsh e93dcdb16c Merge branch 'master' into rdmarsh/cpp/ir-constructor-side-effects 2019-11-07 15:19:46 -08:00
Robert Marsh f483ec152b Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/uninit-string-initializers 2019-11-07 14:36:58 -08:00
Robert Marsh ee185ea92e
Merge pull request #2273 from geoffw0/ntohl
CPP: Add tests of NtohlArrayNoBoundOpenSource.ql.
2019-11-07 14:06:32 -08:00
Robert Marsh ae1377447e C++: only generate uninits when needed 2019-11-07 13:55:49 -08:00
Dave Bartolomeo 6c1d219c86 Merge from master 2019-11-07 14:50:04 -07:00
Robert Marsh c5396d9980
Merge pull request #2262 from jbj/ir-virtual-dispatch-local
C++: Rudimentary support for IR data flow virtual dispatch
2019-11-07 13:09:24 -08:00
Dave Bartolomeo df1d64fbeb
Merge pull request #2244 from jbj/IRType-cached
C++: Minimal caching of the IR type system
2019-11-07 12:44:16 -07:00
Dave Bartolomeo f808dcefab
Merge pull request #2277 from ian-semmle/cfg_diffs
C++: Remove tests for CFG differences
2019-11-07 12:41:40 -07:00
Dave Bartolomeo 64480c2ace
Merge pull request #1999 from jbj/ir-copy-unloaded-result
C++: Make sure there's a Instruction for each Expr
2019-11-07 12:31:54 -07:00
Dave Bartolomeo 2c88848d2f
Merge pull request #2272 from jbj/getIRTypeForPRValue-join-order
C++/C#: Fix getIRTypeForPRValue join order
2019-11-07 12:22:39 -07:00
Ian Lynagh b5af4e5acd C++: Remove tests for CFG differences
Now that we have switched over, they are no longer interesting.
2019-11-07 16:32:18 +00:00
igfoo c8c37c4976
Merge pull request #2271 from matt-gretton-dann/cpp-172-template-members
Template members
2019-11-07 16:30:08 +00:00
shati-patel ec2008d57a
Merge pull request #2275 from jf205/sd-4017
Learn CodeQL docs: add short note about new terminology
2019-11-07 16:12:12 +00:00
Asger F 812ee34bbc JS: Use Files.exists() instead 2019-11-07 15:53:29 +00:00
semmle-qlci e65271dfad
Merge pull request #2251 from asger-semmle/barrier-guard-improvements
Approved by esbena
2019-11-07 15:50:23 +00:00
semmle-qlci f79c2a7630
Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root
Approved by max-schaefer
2019-11-07 15:46:14 +00:00
James Fletcher 8178e3e671
Update docs/language/learn-ql/terminology-note.rst
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
2019-11-07 14:40:04 +00:00
James Fletcher d31ec56ea6
Update docs/language/learn-ql/index.rst
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
2019-11-07 14:39:52 +00:00
Rasmus Wriedt Larsen 9ffb67a460
Merge pull request #2266 from tausbn/python-multiple-calls-to-init-join-order-fix
Python: Fix bad join order for `py/multiple-calls-to-init`.
2019-11-07 15:38:43 +01:00
Asger F 8544850945 JS: Generalize StringOps::Includes to ::InclusionTest 2019-11-07 14:35:17 +00:00
james db2039d8a7 docs: learn codeql terminology note 2019-11-07 14:32:05 +00:00
semmle-qlci 2b120def01
Merge pull request #2211 from hvitved/csharp/unsafe-deserialization
Approved by jf205
2019-11-07 14:16:13 +00:00
Matthew Gretton-Dann ddf1ef8a7d C++: Add new test case for template member change
We now output literals for accesses to members of template parameters:

So for `foo` in the following example:

```
template<typename T> void bar(T& t) {
  T.foo(1)
}
```
2019-11-07 14:08:25 +00:00
Matthew Gretton-Dann c0884e9a88 C++: Update expected results. 2019-11-07 14:08:25 +00:00
Erik Krogh Kristensen 0c080a82be fix expected output 2019-11-07 14:31:09 +01:00
Erik Krogh Kristensen 232e875274 add test for getEnclosingExpr 2019-11-07 14:29:31 +01:00
Erik Krogh Kristensen e4f6f41634 add DataFlow::getEnclosingExpr to get the an Expr from a potentially reflective call 2019-11-07 14:29:31 +01:00
semmle-qlci 3a7f9a588d
Merge pull request #2267 from max-schaefer/js/qltest-extractor-options
Approved by asger-semmle
2019-11-07 11:36:45 +00:00
shati-patel 7394d5c726
Merge pull request #2242 from felicitymay/codeql/SD-4059-markdown
Docs: update terminology in markdown files (SD-4059)
2019-11-07 11:30:32 +00:00
Jonas Jensen 6385528d5f C++/C#: Fix getIRTypeForPRValue join order
This predicate was taking 39s on a snapshot of Facebook Fizz because it
had disjuncts like this:

    43685     ~0%     {1} r34 = JOIN Type::FunctionPointerIshType#f AS L WITH Type::Type::getUnspecifiedType_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>
    43685     ~1%     {2} r35 = JOIN r34 WITH CppType::getTypeSize#ff AS R ON FIRST 1 OUTPUT R.<1>, r34.<0>
    170371500 ~2%     {2} r36 = JOIN r35 WITH IRType::IRSizedType#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r35.<1>
    43685     ~6%     {2} r37 = JOIN r36 WITH IRType::IRFunctionAddressType#class#ff AS R ON FIRST 1 OUTPUT r36.<1>, r36.<0>

Instead of fixing the joins in `getIRTypeForPRValue` itself, I've
changed the `IRType::getByteSize` predicate such that the optimiser
knows how to join with it efficiently.

The disjunct shown above now looks like this instead:

    43685  ~0%     {1} r26 = JOIN Type::FunctionPointerIshType#f AS L WITH Type::Type::getUnspecifiedType_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>
    43685  ~1%     {2} r27 = JOIN r26 WITH CppType::getTypeSize#ff AS R ON FIRST 1 OUTPUT R.<1>, r26.<0>
    43685  ~6%     {2} r28 = JOIN r27 WITH IRType::IRFunctionAddressType::getByteSize#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r27.<1>, R.<1>
2019-11-07 11:48:16 +01:00
Max Schaefer e314869e5c JavaScript: Classify files with names ending in `_min` as minified.
We already do the same for `-min` and `.min`. [Here](https://github.com/antoniogarrote/rdfstore-js/blob/master/dist/rdfstore_min.js) is a real-world example.
2019-11-07 10:33:47 +00:00
Sauyon Lee 0040c9fb4c
Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00