hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
0401b26b48 JS: handle CloudFunctions 2019-03-27 13:21:45 +00:00
Asger F
49a746b87a JS: handle Reference.transaction() 2019-03-27 13:21:45 +00:00
Asger F
f554f859aa JS: handle 'firebase-admin' package 2019-03-27 13:21:45 +00:00
Asger F
e0c06cb518 JS: handle Query methods 2019-03-27 13:21:45 +00:00
Asger F
06b0851072 JS: Add Firebase model 2019-03-27 13:21:45 +00:00
semmle-qlci
86040575b1 Merge pull request #1161 from esben-semmle/js/classify-mode-html 
Approved by xiemaisi
 2019-03-27 12:56:04 +00:00
Jonas Jensen
debc441d03 Merge pull request #1158 from geoffw0/moremsalloc 
CPP: Add more allocation functions to Alloc.qll
 2019-03-27 13:51:39 +01:00
Tom Hvitved
664aa8db47 C#: Address review comment 2019-03-27 13:32:11 +01:00
semmle-qlci
4d4055a87c Merge pull request #1163 from xiemaisi/js/more-type-tracking 
Approved by asger-semmle
 2019-03-27 12:08:11 +00:00
Asger F
d4c7312d80 JS: more sanitizing prefixes 2019-03-27 11:22:31 +00:00
Asger F
50f2afb622 JS: add test 2019-03-27 11:20:39 +00:00
Geoffrey White
885df8754e Merge pull request #1165 from dave-bartolomeo/dave/CompareFP 
C++: Fix FP in PointlessComparison due to preprocessor
 2019-03-27 10:54:26 +00:00
Tom Hvitved
7634973bb4 C#: Handle named attribute arguments 2019-03-27 11:10:24 +01:00
Tom Hvitved
12843d2b0e C#: Add tests for named attribute arguments 2019-03-27 10:58:37 +01:00
Jonas Jensen
36ba56c690 C++: Tests for PointlessComparison shortcomings 2019-03-27 10:48:35 +01:00
Jonas Jensen
1ffeebcfea C++: Range analysis: support casts from/to typedef 2019-03-27 10:48:35 +01:00
Jonas Jensen
1c71c74ce5 C++: Tests showing problems with casts of typedefs 2019-03-27 10:48:35 +01:00
Jonas Jensen
10585e719d C++: Support widening casts in range analysis 
This makes sure we can conclude from `(int)myShort == 0` that `myShort`
is 0 even though we can no longer conclude from `(short)myInt == 0` that
`myInt` is 0. Without this, we lost a good result in the test for
`InfiniteLoopWithUnsatisfiableExitCondition.ql`.
 2019-03-27 10:48:34 +01:00
Jonas Jensen
640f900efd C++: Add missing getFullyConverted for unary +/- 2019-03-27 10:48:34 +01:00
Jonas Jensen
50559d5e63 C++: Accept test output change 
The new output looks correct, although I'm not sure if it's correct for
the right reasons.
 2019-03-27 10:48:34 +01:00
Jonas Jensen
b827e7a1ea C++: Fix use-after-cast bug in SimpleRangeAnalysis 
Like everywhere else in the range analysis, operands to comparison
operators must be considered in their fully-converted form.
 2019-03-27 10:48:34 +01:00
Jonas Jensen
ad61b4f55e C++: Add test to demonstrate use-after-cast bugs 2019-03-27 10:48:34 +01:00
semmledocs-ac
fa260872b5 Merge pull request #1081 from rdmarsh2/rdmarsh/cpp/alloca-in-loop 
C++: docs for AllocaInLoop
 2019-03-27 09:10:24 +00:00
Jonas Jensen
581e765f97 Merge pull request #1168 from geoffw0/format-amp 
CPP: %@ in format strings
 2019-03-27 09:08:39 +01:00
Robert Marsh
578ed146ed Merge pull request #1115 from dave-bartolomeo/dave/Lambdas 
C++: IR construction for lambda expressions
 2019-03-26 15:08:34 -07:00
Robert Marsh
30f744a824 C++/Docs: fix whitespace in AllocaInLoop.qhelp 2019-03-26 15:07:28 -07:00
Dave Bartolomeo
127b759bad C++: Move a couple predicates into Exclusions.qll 2019-03-26 14:51:28 -07:00
Dave Bartolomeo
f13fc42a85 C++: Make recursive predicates recursive and non-recursive predicates non-recursive 2019-03-26 14:36:35 -07:00
semmle-qlci
59285be0b8 Merge pull request #1167 from hvitved/csharp/icrypto-qhelp 
Approved by aibaars
 2019-03-26 18:49:43 +00:00
Taus
046a485dff Merge pull request #1170 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-03-26 19:28:36 +01:00
Taus
52d8ca09ab Merge pull request #1169 from markshannon/python-speedup-flow-step 
Python: Speed up taint-tracking
v1.20.0 		2019-03-26 16:58:47 +01:00
Mark Shannon
058ae7befc Merge pull request #1142 from taus-semmle/python-use-new-moduleobject-api 
Python: Use new `ModuleObject` API more widely.
 2019-03-26 15:02:44 +00:00
Mark Shannon
1e1903b6ac Python taint-tracking: Avoid computing many redundant copies of flow step for dicts and sequences. 2019-03-26 14:41:03 +00:00
Geoffrey White
1d0c74daa7 CPP: Fix typo. 2019-03-26 14:34:55 +00:00
Jonas Jensen
c923e4cd36 Merge pull request #1091 from geoffw0/opts 
CPP: Speed up AV Rule 35.ql
 2019-03-26 15:13:53 +01:00
Tom Hvitved
273e77e800 C#: Fix qhelp for ICryptoTransform queries 2019-03-26 14:38:29 +01:00
Max Schaefer
3e16d16525 JavaScript: Make type tracking-related parameter and predicate names more consistent. 2019-03-26 13:00:09 +00:00
Calum Grant
2229409180 Merge pull request #1088 from hvitved/csharp/no-qname-for-local-scope-vars 
C#: No qualified names for local scope variables
 2019-03-26 12:58:20 +00:00
Calum Grant
01aa4ecf2f Merge pull request #1075 from hvitved/csharp/get-location-to-string 
C#: Simplify dispatch hierarchy for `getLocation()` and `toString()`
 2019-03-26 12:56:29 +00:00
Geoffrey White
69f87d8eee CPP: Fix ODASA-3654. 2019-03-26 12:54:44 +00:00
Jonas Jensen
bdd6965d1b Merge branch 'master' into moremsalloc 2019-03-26 13:50:14 +01:00
Tom Hvitved
e01246acc8 C#: Autoformat 2019-03-26 13:38:47 +01:00
Geoffrey White
bd138238b0 CPP: Add a test of ODASA-3654. 2019-03-26 12:37:32 +00:00
Taus
702fc80054 Merge pull request #1166 from Semmle/rc/1.20 
Merge rc/1.20 into master
 2019-03-26 13:09:40 +01:00
Jonas Jensen
010bb61cbb Merge pull request #1164 from geoffw0/overflowdest-enable 
CPP: Re-enable OverflowDestination.ql on the security dashboard.
 2019-03-26 10:53:34 +01:00
Max Schaefer
bf04664bd7 Update javascript/ql/src/semmle/javascript/GeneratedCode.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-03-26 10:01:24 +01:00
Taus
23eed3073a Merge pull request #1157 from markshannon/python-taint-tracking-early-exit 
Python taint-tracking improvements
 2019-03-26 09:28:26 +01:00
Esben Sparre Andreasen
3cd93129a6 JS: classify HTML files with > 20 elements on a line as generated 2019-03-26 08:03:56 +01:00
Dave Bartolomeo
669ac2f4b4 C++: Fix FP in PointlessComparison due to preprocessor 
Reported by an LGTM customer here: https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943.

Even though the comparison is pointless in the preprocessor configuration in effect during extraction, it is not pointless in other preprocessor configurations. Similar to ExprHasNoEffect, we'll now exclude results in functions that contain preprocessor-excluded code. I factored the similar code already used in ExprHasNoEffect in a non-recursive version into Preprocessor.qll, leaving the recursive version in ExprHasNoEffect.ql. I believe the recursive version is too aggressive for PointerlessComparison, which does no interprocedural analysis.
 2019-03-25 16:19:18 -07:00
Max Schaefer
c50067b597 JavaScript: Refactor type tracking to avoid computing very large relations. 2019-03-25 20:38:58 +00:00