hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,671 Branches 157 Tags
cs/assembly-prefix
Commit Graph

8015 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
bd925d2bee C#: Fix prefixing assembly IDs to type IDs. 2019-11-10 13:05:08 +00:00
Taus
aa7a997c7a Merge pull request #2248 from RasmusWL/python-sensitive-data-fewer-fp 
Python: Limit what functions we treat as returning sensitive data
 2019-11-04 15:09:52 +01:00
Rasmus Wriedt Larsen
ca22ec6104 Merge pull request #2042 from tausbn/python-fix-unused-import-fps 
Python: Fix false positives in `py/unused-import`.
 2019-11-04 14:47:30 +01:00
semmle-qlci
fa5388b5f3 Merge pull request #2209 from hvitved/csharp/deserialized-delegate 
Approved by calumgrant, jf205
 2019-11-04 12:32:04 +00:00
Rasmus Wriedt Larsen
b075103198 Merge pull request #2163 from tausbn/python-undefined-export-fp 
Python: Modernise and fix FP in `py/undefined-export`
 2019-11-04 13:10:48 +01:00
Geoffrey White
3e8b28a0a8 Merge pull request #2213 from jbj/BarrierGuard 
C++: Implement DataFlow::BarrierGuard for AST+IR
 2019-11-04 11:08:36 +00:00
Rasmus Wriedt Larsen
6593477d0b Python: Limit what functions we treat as returning sensitive data 
Before this change, any function that has a parameter that was called
password/credentials would be treated as returning sensitive data of that
kind. `py/clear-text-logging-sensitive-data` would alert if one of these are
logged, which has a LOT of false-positives.
 2019-11-04 11:32:21 +01:00
Tom Hvitved
cc7c30def8 Merge pull request #2179 from calumgrant/cs/local-disposal 
C#: Fix a FP in cs/local-not-disposed
 2019-11-04 11:23:50 +01:00
Taus Brock-Nannestad
d2f985038c Python: Fix missing modernisation. 2019-11-04 10:48:42 +01:00
Felicity Chapman
3eea0452b1 Merge pull request #2180 from shati-patel/docs/renaming 
Docs: Update terminology
 2019-11-04 09:14:18 +00:00
Max Schaefer
ef1778a8a7 Merge pull request #2212 from yh-semmle/java13-ql 
Java: support JDK 13
 2019-11-04 06:32:57 +00:00
yh-semmle
e232f538e9 Java 13: update test options 2019-11-02 16:09:32 -04:00
yh-semmle
e8a65101bc Java 13: add db stats for @yieldstmt 2019-11-02 16:09:32 -04:00
yh-semmle
de0869c216 Java 13: remove superfluous disjunct in JumpStmt.getAPotentialTarget() 2019-11-02 16:09:31 -04:00
yh-semmle
8fb4dbe092 Java 13: account for changes to switch expressions 2019-11-02 16:09:31 -04:00
yh-semmle
9f37237b4a Java 13: add stmt kind @yieldstmt to dbscheme 2019-11-02 16:09:31 -04:00
Jonas Jensen
426565ae68 Merge pull request #2239 from DX-MON/master 
Query cpp/unused-static-variable was producing incorrect results for constexpr variables
 2019-11-01 18:59:52 +01:00
Shati Patel
bd08e8baaf Docs: Rename Sphinx project to "Learning CodeQL" 2019-11-01 11:22:36 +00:00
shati-patel
d94e91b39b Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-01 11:03:12 +00:00
semmle-qlci
e8e2f7bb20 Merge pull request #2240 from max-schaefer/js/indirect-command-argument-data-flow 
Approved by esbena
 2019-11-01 11:00:22 +00:00
Dave Bartolomeo
ea23c2daac Merge pull request #2188 from jbj/printast-override 
C++: Add a sample class in PrintAST.ql
 2019-10-31 17:02:20 -07:00
Dave Bartolomeo
e6f632b44e Merge pull request #2228 from jbj/DefaultTaintTracking-getASTVariable 
C++: Use getASTVariable in DefaultTaintTracking
 2019-10-31 17:00:49 -07:00
Dave Bartolomeo
2f63ab0250 Merge pull request #2150 from rdmarsh2/rdmarsh/cpp/ir-buffer-read-call-se 
C++: buffer read side effects on unmodeled funcs
 2019-10-31 16:59:51 -07:00
Rachel Mant
413f49bba5 Query cpp/unused-static-variable was producing incorrect results for constexpr variables 2019-10-31 22:50:44 +00:00
Robert Marsh
9477bd5698 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-buffer-read-call-se 2019-10-31 11:00:01 -07:00
semmle-qlci
d03aecaa98 Merge pull request #2235 from max-schaefer/js/issue-2233 
Approved by esbena
 2019-10-31 14:17:58 +00:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
Max Schaefer
311cbd824c JavaScript: Recognize ":" pseudo-directive. 2019-10-31 11:39:09 +00:00
Tom Hvitved
ceea96e03f C#: Update change note 2019-10-31 12:00:16 +01:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
Robert Marsh
24c9b8b9b1 C++: fix unbound variables 2019-10-30 14:06:19 -07:00
Geoffrey White
ee3b49af3a Merge pull request #2219 from jbj/rangeanalysis-best-bound 
C++: Restrict the output of IR Range Analysis to the best bounds
 2019-10-30 17:18:59 +00:00
Jonas Jensen
1e6c983d62 C++: Use getASTVariable in DefaultTaintTracking 
This library is not yet used in a query or test, so it broke silently
when `VariableAddressInstruction.getVariable` was removed.
 2019-10-30 13:42:17 +01:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Aditya Sharad
ecd4c08cb4 Merge pull request #2225 from hvitved/csharp/autobuilder-tests 
C#: Update autobuilder tests
 2019-10-29 12:21:04 -07:00
Luke Cartey
d9d4aa30a9 Merge pull request #2214 from hmakholm/pr/upgrade-packs 
Make each upgrade directory a QL pack
 2019-10-29 16:45:02 +00:00
semmle-qlci
fde56cf290 Merge pull request #2223 from hvitved/csharp/autobuilder-curl-redirect 
Approved by jbj
 2019-10-29 15:38:02 +00:00
Rasmus Wriedt Larsen
87ec58aff1 Merge pull request #2221 from tausbn/python-unreachable-catch-all-assert 
Python: Do not report unreachable "catch-all" cases in `elif`-chains.
 2019-10-29 16:36:51 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
530fa2c11c JavaScript: Collapse edges instead of hiding nodes. 
Instead of skipping over initial and final nodes, we now introduce edges from source and to sink nodes that circumvent these nodes entirely.
 2019-10-29 15:30:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
278ea90049 JavaScript: Collapse flow labels at start/end nodes to avoid duplication. 2019-10-29 15:24:40 +00:00
Max Schaefer
316962233c JavaScript: Factor out MidPathNode into its own class. 2019-10-29 15:24:40 +00:00
Max Schaefer
7c56c9f999 JavaScript: Move suppression of hidden nodes into edges predicate. 
They should really only be hidden for display purposes.
 2019-10-29 15:19:26 +00:00
Max Schaefer
3373742077 JavaScript: Turn PathNode::getASuccessorInternal and PathNode::getAHiddenSuccessor into top-level predicates. 2019-10-29 15:19:26 +00:00
Max Schaefer
b6f4785645 JavaScript: Rename MkPathNode to MkMidNode. 2019-10-29 15:19:26 +00:00
Max Schaefer
d71faaa5f9 JavaScript: Introduce PathNode::wraps. 2019-10-29 15:19:26 +00:00
Max Schaefer
98e0932de5 JavaScript: Make Configuration::isLive nullary. 
This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.
 2019-10-29 15:19:26 +00:00
Tom Hvitved
edbdfdfa27 C#: Update autobuilder tests 2019-10-29 16:14:58 +01:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00