hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
92d0aef6f4 Rename super_() to superType() for better consistency. 2019-05-09 14:47:12 +01:00
Anders Schack-Mulligen
66813a91ef Java: Postpone deprecation to separate PR. 2019-05-09 13:40:25 +02:00
Tom Hvitved
e3b83d04f5 C#: Refactor predicates in Variable class to be defined by dispatch 2019-05-09 11:53:42 +02:00
semmle-qlci
9653fbd4f7 Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca
893f62f334 Stylistic issue: replace \"eg\" by \"example\", as requested 2019-05-09 09:30:12 +01:00
Ellen Arteca
a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
semmle-qlci
13e04f459d Merge pull request #1310 from xiemaisi/js/fix-hardcoded-pw-fps 
Approved by asger-semmle
 2019-05-08 14:08:36 +01:00
Asger F
27e8ea85f7 JS: Fix bug from sorting lines 2019-05-08 10:42:14 +01:00
Max Schaefer
c16e9a77f3 JavaScript: Fix a few false positives in PasswordInConfigurationFile. 2019-05-08 08:26:05 +01:00
Tom Hvitved
8adbfdaae7 Merge pull request #1275 from calumgrant/cs/roslyn-3.0.0 
C#: Update nuget packages
 2019-05-08 08:49:45 +02:00
Tom Hvitved
a89505ba32 C#: Simplify DataFlow::Node::getType() 2019-05-07 20:52:38 +02:00
calum
c28fa7ed3f C#: Handle VarPatternSyntax class introduced by Roslyn 3.0.0 2019-05-07 18:01:37 +01:00
calum
8a78c8f124 C#: Update xunit and other dependencies. 2019-05-07 18:01:36 +01:00
calum
d84fcbeedb C#: Fix extractor errors. 2019-05-07 18:01:36 +01:00
calum
b7875aef20 C#: Update nuget packages 2019-05-07 18:01:36 +01:00
Asger F
86885f4ff0 JS: Address comments 2019-05-07 18:00:36 +01:00
Asger F
7c9d20ae81 JS: Implement for TrackedNode to maintain consistency 2019-05-07 17:38:43 +01:00
Max Schaefer
d23c48330c Merge pull request #1307 from asger-semmle/exclude-js-testcases 
JS: Exclude test cases from extraction
 2019-05-07 16:41:08 +01:00
Asger F
331cc497e6 JS: Exclude test cases from extraction 2019-05-07 14:36:35 +01:00
Tom Hvitved
272545a63c Add pragma[nomagic] to getExplicitArgument() 2019-05-07 15:34:27 +02:00
Asger F
a3cf07af7e JS: Add flow steps through iteration callback 2019-05-07 13:52:31 +01:00
Asger F
e7bf485807 JS: Add another interprocedural flow test case 2019-05-07 10:33:01 +01:00
Asger F
3cbd6d3786 JS: Test case for nested statements 2019-05-07 10:26:30 +01:00
Asger F
f3a4acf0b2 JS: Add async functions to test 2019-05-07 10:11:42 +01:00
Asger F
1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F
b0090c2fe6 JS: Add test case for flow through new Error() 2019-05-07 10:11:41 +01:00
Asger F
36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
Tom Hvitved
7b7a1ecea0 C#: Move DelegateDataFlow.qll into internal folder 2019-05-06 14:54:11 +02:00
Tom Hvitved
c6a471e4b6 C#: Adopt shared data flow implementation 
- General refactoring to fit with the shared data flow implementation.
- Move CFG splitting logic into `ControlFlowReachability.qll`.
- Replace `isAdditionalFlowStepIntoCall()` with `TaintedParameterNode`.
- Redefine `ReturnNode` to be the actual values that are returned, which should
  yield better path information.
- No longer consider overrides in CIL calls.
 2019-05-06 14:54:11 +02:00
Tom Hvitved
a6fa6dfd74 C#: Add shared data flow files 2019-05-06 14:54:11 +02:00
Tom Hvitved
26debb846c C#: Change ImplicitCapturedArgumentNode::toString() 2019-05-06 14:54:11 +02:00
Jonas Jensen
639d715d03 Merge pull request #1226 from hvitved/dataflow/prepare-for-csharp 
Generalize data-flow library in preparation for C# adoption
 2019-05-06 14:42:46 +02:00
Anders Schack-Mulligen
f367427fb8 Java: Deprecate RemoteUserInput. 2019-05-06 13:43:58 +02:00
Jonas Jensen
b52015a584 C++: QLDoc for QualifiedName.qll 2019-05-06 11:28:56 +02:00
Jonas Jensen
56e88cbac0 C++: Use underlyingElement for QualifiedName calls 
Since the types in `QualifiedName.qll` are raw db types, callers need to
use `underlyingElement` and `unresolveElement` as appropriate. This has
no effect right now but will be needed when we switch the AST type
hierarchy to `newtype`s.
 2019-05-06 11:24:28 +02:00
Jonas Jensen
662d55fd72 C++: Add tests for qualified names 2019-05-06 10:58:05 +02:00
Jonas Jensen
98657ebea7 C++: Change note for hasGlobalName 2019-05-06 10:14:44 +02:00
Calum Grant
19c7360e19 Merge pull request #1301 from hvitved/csharp/more-dataflow-tests 
C#: Add more data flow tests
 2019-05-03 16:41:21 +01:00
Anders Schack-Mulligen
10a6362357 Java: Introduce an abstract class RemoteFlowSource to ease customization. 2019-05-03 15:48:22 +02:00
Tom Hvitved
d9bf0a670e Data flow: Address review comments 2019-05-03 15:00:48 +02:00
Max Schaefer
e0e6224987 Merge pull request #1298 from asger-semmle/full-mode-fixes-rc120 
TS: Backport full-mode fixes to rc/1.20
v1.20.2 		2019-05-03 13:57:47 +01:00
Jonas Jensen
b98daae077 C++: Remove deprecated from hasQualifiedName/1 
The predicate is still deprecated, but we can't mark it as such until
the queries in our internal repo have migrated away from it.
 2019-05-03 13:22:23 +02:00
Geoffrey White
ceda0d5c25 Merge pull request #1300 from jbj/MistypedFunctionArguments-rounding 
C++: Use a smaller `double` literal in test
 2019-05-03 09:56:42 +01:00
Jonas Jensen
6d954fe53e C++: Deprecate hasQualifiedName/1 
This predicate handles templates differently from the other overloads
with the same name, so it's likely to cause confusion.
 2019-05-03 10:37:48 +02:00
Jonas Jensen
5e789901df C++: Remove all uses of hasQualifiedName/1 2019-05-03 10:37:48 +02:00
Jonas Jensen
64a87a863c C++: Remove uses of getQualifiedName 
This removes all uses of `Declaration.getQualifiedName` that I think can
be removed without changing any behaviour. The following uses in the
LGTM default suite remain:

* `cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql` (in `select`).
* `cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowDispatch.qll` (needs template args).
* `cpp/ql/src/semmle/code/cpp/security/FunctionWithWrappers.qll` (used for alert messages).
 2019-05-03 10:37:48 +02:00
Jonas Jensen
0a2e28858a C++: Rework how qualified names are computed 2019-05-03 10:37:48 +02:00
Jonas Jensen
b51ce87ae8 C++: Autoformat QualifiedName.qll 2019-05-03 10:37:47 +02:00
Jonas Jensen
b97ff1a72f C++: Take QualifiedName.qll from Ian's branch 
This imports `QualifiedName.qll` from
2f74a456290b9e0850b7308582e07f5d68de3a36 and makes minimal changes so it
compiles.

Original author: Ian Lynagh <ian@semmle.com>
 2019-05-03 10:37:12 +02:00
Tom Hvitved
dfdfae8dd6 C#: Add more data flow tests 2019-05-03 09:41:39 +02:00