hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
9a2a328243 Merge pull request #1025 from xiemaisi/js/fix-exports-assign 
Approved by asger-semmle
 2019-03-04 21:25:56 +00:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
Tom Hvitved
1434b10b7a C#: Speedup structural comparison library 2019-03-04 21:23:34 +01:00
semmle-qlci
245b47add7 Merge pull request #1017 from hvitved/csharp/get-label-performance 
Approved by calumgrant
 2019-03-04 20:22:38 +00:00
Tom Hvitved
8ec0573915 C#: Speedup sameChildrenModuloTypeParameters() 2019-03-04 21:06:13 +01:00
semmle-qlci
08e7499a2f Merge pull request #1011 from hvitved/csharp/implements-performance 
Approved by calumgrant
 2019-03-04 20:05:04 +00:00
Geoffrey White
eb4efc4745 Merge pull request #1023 from jbj/gets-qualified 
C++: Use getQualifiedName() = "gets", not hasName
 2019-03-04 18:10:15 +00:00
Kevin Backhouse
8cee18b479 Add assignments to the set of analyzable expressions to simplify overflow detection. 2019-03-04 17:07:11 +00:00
calum
e8bb7f2139 C#: Fix for performance. 2019-03-04 16:54:59 +00:00
Geoffrey White
a9ce2f7a62 CPP: Simplify out some old optimizations (that make little difference now). 2019-03-04 13:13:04 +00:00
Geoffrey White
a3f452b8ae Merge pull request #1024 from jbj/command-line-injection-precision 
C++: Set cpp/command-line-injection precision=low
 2019-03-04 13:08:38 +00:00
Geoffrey White
df73bb3468 CPP: Fix performance issue. Also has a small positive effect on correctness. 2019-03-04 12:47:55 +00:00
Geoffrey White
f0085ed25a CPP: Additional test cases. 2019-03-04 12:45:05 +00:00
Tom Hvitved
4054dc43e2 C#: Speedup Element::getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
c70a0a646d C#: Add test for getLabel() 2019-03-04 13:21:10 +01:00
Tom Hvitved
6135b5b7eb C#: Updated expected test output 2019-03-04 13:19:00 +01:00
Tom Hvitved
2e1ba7b1f9 C#: Speedup Implements.qll 2019-03-04 13:19:00 +01:00
Mark Shannon
1b35a4eb0f Merge pull request #1026 from taus-semmle/python-unsafe-mktemp-add-missing-kind 
Python: Add missing `@kind` for `py/insecure-temporary-file`.
 2019-03-04 11:55:45 +00:00
semmle-qlci
f13eb18493 Merge pull request #1018 from xiemaisi/js/consolidate-tests 
Approved by esben-semmle
 2019-03-04 10:59:51 +00:00
Taus Brock-Nannestad
63893fe52c Python: Add missing @kind for py/insecure-temporary-file. 2019-03-04 11:20:39 +01:00
calum
f7b4985ed1 C#: Fix merge conflict. 2019-03-04 09:54:48 +00:00
calum
741666d561 C#: Address review comment. 2019-03-04 09:54:40 +00:00
calum
d77b60bba8 C#: Add preservesValue to NonLocalJumpNode.getAJumpSuccessor. Allow DataFlow::Configuration::isAdditionalFlowStep to jump between callables. 2019-03-04 09:54:28 +00:00
calum
7343e70151 C#: Fix tests 2019-03-04 09:54:12 +00:00
calum
57ff775c08 C#: Change notes. 2019-03-04 09:54:02 +00:00
calum
74b30d6071 C#: Model EntityFramework 2019-03-04 09:53:49 +00:00
Max Schaefer
3cabc12be3 JavaScript: Teach InvalidExport to never flag module.exports = exports = ... and similar. 
This was previously flagged if `exports` wasn't used any further. While it's true that the assignment to `exports` is redundant in this case, the assignment is also flagged by DeadStorOfLocal, so there is no point in InvalidExport flagging it as well.
 2019-03-04 09:53:37 +00:00
calum
7010ca8cf3 C#: Fix whitespace in test. 2019-03-04 09:53:37 +00:00
Jonas Jensen
4f9ffb38e6 C++: Set cpp/command-line-injection precision=low 
This query is only appropriate for setuid programs. Since such programs
are at most 0.1% of all code we analyse, I would say this query has a
precision of at most 0.1%.
 2019-03-04 09:51:33 +01:00
Jonas Jensen
c49c23068a Merge pull request #923 from geoffw0/potentialbufferoverflow 
CPP: Deprecate PotentialBufferOverflow.ql
 2019-03-04 08:11:27 +00:00
Jonas Jensen
0ed1618824 C++: Use getQualifiedName() = "gets", not hasName 
This fixes false positives on
https://lgtm.com/projects/g/brandonpelfrey/Construct caused by a member
function named `gets` -- probably short for "get s".
 2019-03-04 09:01:20 +01:00
Robert Marsh
b8f8ed55e6 Merge pull request #1000 from jbj/dataflow-defbyref 
C++: Support definition by reference in data flow library
 2019-03-01 13:54:37 -08:00
semmle-qlci
4c3ecf0f76 Merge pull request #989 from asger-semmle/class-node-get-this-access 
Approved by xiemaisi
 2019-03-01 19:40:31 +00:00
Pavel Avgustinov
c26b655956 Merge pull request #1022 from yh-semmle/java/dead-code-override 
Java: respect override annotations in `java/unused-parameter`
 2019-03-01 19:11:46 +00:00
Geoffrey White
66013272da Merge pull request #894 from jbj/ir-RedundantNullCheckSimple 
C++: IR query for redundant null check
 2019-03-01 15:34:18 +00:00
Max Schaefer
8e340922cb JavaScript: Simplify some imports. 2019-03-01 14:44:58 +00:00
Nick Rolfe
e6ddf7f48a Merge pull request #1012 from ian-semmle/constexpr 
C++: Add Variable.isConstexpr()
 2019-03-01 14:42:35 +00:00
Max Schaefer
75c76619d8 JavaScript: Autoformat rearranged tests. 2019-03-01 14:42:01 +00:00
Taus
a30b456e19 Merge pull request #1020 from markshannon/python-taint-tracking-guard 
Python: Add taint tracking guard for truthiness.
 2019-03-01 15:23:05 +01:00
Ian Lynagh
af397d3546 Changenotes: Fix copy/paste-o. 2019-03-01 13:30:05 +00:00
Mark Shannon
94190e76aa Python: Update py/modification-of-default-value to account for truthiness of default value. 2019-03-01 12:01:39 +00:00
Mark Shannon
ebd9bc3cb5 Python: Improve taint tracking to account for truthiness of the taint kind. 2019-03-01 11:24:07 +00:00
Mark Shannon
8a16164270 Merge pull request #878 from taus-semmle/python-mutable-default-with-flow 
Python: Make "Modification of parameter with default" flow-sensitive.
 2019-03-01 11:22:21 +00:00
Tom Hvitved
51e5a301cd Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTransform 
Detect usage of ICryptoTransform that would be thread-unsafe
 2019-03-01 11:49:27 +01:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Taus Brock-Nannestad
64e6974aac Merge branch 'master' into python-mutable-default-with-flow 2019-03-01 11:10:56 +01:00
Taus Brock-Nannestad
91cfc9bd4c Change kind to path-problem. 2019-03-01 11:06:48 +01:00
Max Schaefer
d4d9d61216 JavaScript: Consolidate Express tests. 
Instead of having many small independent tests, we now just have a single test that pulls in all the individual tests and runs them together.

Concretely, each `.ql` file has been turned into a `.qll` file with a query predicate corresponding to the original `select` clause and named after the original `.ql` file, plus a prefix `test_`.

The newly added `tests.ql` imports all these `.qll`s.

The individual `.expected` files have been concatenated together into `tests.expected`, each prefixed with the name of the corresponding query predicate. (This is the format that qltest produces for tests with multiple query predicates.)
 2019-03-01 09:39:31 +00:00