hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
Ziemowit Laski
96b8bdfeb5 [CPP-340] Add new queries to analysis-cpp.md; correct id of 
TooFewArguments.ql
 2019-04-01 19:15:27 -07:00
Ziemowit Laski
03aa86ed4d Merge branch 'master' into cpp340a 
So as to get to change-notes/1.21/analysis-cpp.md
 2019-04-01 18:51:03 -07:00
Ziemowit Laski
bd139829ea [CPP-340] Delete old 'UnspecifiedFunctions' folders 2019-04-01 18:44:49 -07:00
Ziemowit Laski
3ec988c39b [CPP-340] Rename 'UnspecifiedFunctions' to 'Unspecified Functions' 
Make MistypedFunctionArguments.ql more restrictive (allowing
          type matching only in the presence of no-op conversions).
 2019-04-01 18:39:46 -07:00
semmle-qlci
54b4e59d12 Merge pull request #1182 from esben-semmle/js/sourcenode-regexp-literals 
Approved by xiemaisi
 2019-04-01 21:58:58 +01:00
Esben Sparre Andreasen
2622fc64db JS: autoformat 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
86a046a28e JS: change notes for Koa improvements 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
7fec005806 JS: use DataFlow::SourceNode in three locations in Koa 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
919eed6630 JS: add koa tests 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
00c8387bb3 JS: model Koa redirects 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
298dbe13c4 JS: improve Koa model to account for aliases on the context object 2019-04-01 22:49:00 +02:00
Esben Sparre Andreasen
0e01988622 JS: add koa tests 2019-04-01 22:49:00 +02:00
Rebecca Valentine
2b6869fff3 updates expecteds to reflect changes in the test file 2019-04-01 11:21:21 -07:00
Rebecca Valentine
0d0adada42 fixes tests and adds test results to expecteds 2019-04-01 11:13:04 -07:00
Rebecca Valentine
a16b5d36a8 adds tests 2019-04-01 10:40:51 -07:00
Rebecca Valentine
5bf7efeed3 fixes name and autoformats 2019-04-01 10:39:06 -07:00
Rebecca Valentine
7d183eab0b moves functionality over to Expr method per PR change requests 2019-04-01 10:22:49 -07:00
semmle-qlci
a4de82de06 Merge pull request #1185 from xiemaisi/js/improve-amd-imports 
Approved by asger-semmle
 2019-04-01 16:30:47 +01:00
Arthur Baars
5eb58f3ba2 C++: fix HubClasses.ql by changing its kind to 'table' 2019-04-01 16:17:23 +02:00
Tom Hvitved
007cee8426 Merge pull request #1184 from calumgrant/cs/static-cryptotransform 
C#: Remove static SHA1CryptoServiceProvider
 2019-04-01 16:03:53 +02:00
semmle-qlci
a7d9a50dcf Merge pull request #1176 from xiemaisi/js/fix-socket-io-type-tracking 
Approved by asger-semmle
 2019-04-01 13:57:13 +01:00
Jonas Jensen
71659594c8 C++: Let data flow past definition by reference 
This commit changes how data flow works in the following code.

    MyType x = source();
    defineByReference(&x);
    sink(x);

The question here is whether there should be flow from `source` to
`sink`. Such flow is desirable if `defineByReference` doesn't write to
all of `x`, but it's undesirable if `defineByReference` is a typical
init function in `C` that writes to every field or if
`defineByReference` is `memcpy` or `memset` on the full range.

Before 1.20.0, there would be flow from `source` to `sink` in case `x`
happened to be modeled with `BlockVar` but not in case `x` happened to
be modelled with SSA. The choice of modelling depends on an analysis of
how `x` is used elsewhere in the function, and it's supposed to be an
internal implementation detail that there are two ways to model
variables. In 1.20.0, I changed the `BlockVar` behavior so it worked the
same as SSA, never allowing that flow. It turns out that this change
broke a customer's query.

This commit reverts `BlockVar` to its old behavior of letting flow
propagate past the `defineByReference` call and then regains consistency
by changing all variables that are ever defined by reference to be
modelled with `BlockVar` instead of SSA. This means we now get too much
flow in certain cases, but that appears to be better overall than
getting too little flow. See also the discussion in CPP-336.
 2019-04-01 14:13:47 +02:00
calum
932961bf19 C#: Remove static SHA1CryptoServiceProvider 2019-04-01 10:46:39 +01:00
Arthur Baars
4b95fbbb39 C++ Fix select statements of AV 3 and 81 2019-04-01 11:20:12 +02:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Esben Sparre Andreasen
6908c54df6 JS: change notes 2019-04-01 09:25:07 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
42d3012f81 JS: let RegExpLiteral be a DataFlow::SourceNode 2019-04-01 09:19:25 +02:00
Jonas Jensen
04a48e9034 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-use-after-cast 2019-04-01 09:10:57 +02:00
Jonas Jensen
76caad0fb4 Merge pull request #1119 from geoffw0/wprintf2 
CPP: Better handling of %s/%c/%S/%C in Printf/FormattingFunction.qll
 2019-04-01 08:47:20 +02:00
Ziemowit Laski
8a653b9adc [CPP-340] Fix TooFewArguments.c to actually provide a ()-prototype. 2019-03-29 20:34:49 -07:00
Ziemowit Laski
59a54df149 [CPP-340] cpp/too-many-arguments should remain as cpp/futile-params. 2019-03-29 20:30:40 -07:00
Ziemowit Laski
2ea9f81c7f [CPP-340] Refer to C coding standard, not C++. 2019-03-29 20:27:25 -07:00
Ziemowit Laski
cb5bbd2197 [CPP-340] When warning about mismatched parameters, follow what C 
compilers do.  Various integral and floating-point types
          are treated as mutually implicitly convertible.  Remaining
          warnings deal with misuse of pointer and array types.
 2019-03-29 20:19:45 -07:00
semmle-qlci
ed0ef36427 Merge pull request #1035 from asger-semmle/firebase 
Approved by xiemaisi
 2019-03-29 13:44:02 +00:00
Asger F
4c99c01c1a JS: review comments 2019-03-29 13:42:22 +00:00
Max Schaefer
e4c4f7a5ae Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:42:00 +00:00
Max Schaefer
10479eaf4d Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:40:59 +00:00
Max Schaefer
a0b06c267c Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:40:46 +00:00
Max Schaefer
62c895de3e JavaScript: Introduce Type(Back)Tracker::continue predicate. 2019-03-29 11:45:18 +00:00
Geoffrey White
a6e0296c0c CPP: Be slash/case insensitive. 2019-03-29 11:19:20 +00:00
Geoffrey White
c8caca3305 CPP: Add test cases for %ls, %hs. 2019-03-29 11:19:20 +00:00
Geoffrey White
f5a7d7a035 CPP: Correct a few comments. 2019-03-29 11:19:19 +00:00
Geoffrey White
d22c93f101 CPP: Change note. 2019-03-29 11:19:19 +00:00
Geoffrey White
66e87fc34c CPP: Detect Microsoft compilations even more reliably. 2019-03-29 11:18:32 +00:00
Geoffrey White
5911699c55 CPP: Clean up some remaining old 'isWideCharDefault' logic that has caused confusion. 2019-03-29 11:18:31 +00:00
Geoffrey White
eef050dd47 CPP: Improve deduction of %S types in FormattingFunction.qll. 2019-03-29 11:18:31 +00:00
Geoffrey White
4a25c37ecc CPP: Detect Microsoft compilations somewhat more reliably. 2019-03-29 11:18:31 +00:00