hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yh-semmle
1b84fceb3c Java: deprecate queries that use VCS.qll 2018-11-22 16:21:44 -05:00
semmle-qlci
816a94eaa9 Merge pull request #525 from jbj/uninit-badast-mergefix 
Approved by geoffw0, ian-semmle
 2018-11-22 21:05:54 +00:00
Geoffrey White
5d8e34a55f CPP: Add a test of NonConstFunctionPointer.ql. 2018-11-22 17:48:40 +00:00
Geoffrey White
17560cf92e CPP: Tag the JPL_C LOC-3 queries. 2018-11-22 17:48:35 +00:00
Geoffrey White
9cc39ae875 CPP: Tag the JPL_C LOC-2 queries. 2018-11-22 16:31:08 +00:00
Geoffrey White
a47db56a68 CPP: Tag DuplicateBlock.ql. 2018-11-22 16:31:08 +00:00
Asger F
b5008d8685 TS: only transfer offsets as part of the AST 2018-11-22 16:20:47 +00:00
Geoffrey White
cb609f4be0 CPP: Be conservative where there are multiple flow sources. 2018-11-22 15:50:13 +00:00
Geoffrey White
d57574e92c CPP: localFlowStep* -> localFlow. 2018-11-22 15:50:13 +00:00
Geoffrey White
16be502d61 CPP: Add change note. 2018-11-22 15:50:13 +00:00
Geoffrey White
ea56a5d9ce CPP: Add local dataflow to (one bit of) OverflowStatic.ql. 2018-11-22 15:49:13 +00:00
Geoffrey White
01ba635e1d CPP: Add some test cases involving dataflow. 2018-11-22 15:49:13 +00:00
Geoffrey White
dc224c5c94 Merge pull request #521 from felicity-semmle/cpp/update-qhelp 
C++: Update qhelp for consistency
 2018-11-22 15:31:34 +00:00
Pavel Avgustinov
b9a3a71406 Merge pull request #518 from jbj/vcs-deprecate-queries 
C++: Deprecate queries using VCS.qll
 2018-11-22 15:07:19 +00:00
semmle-qlci
472c0429b5 Merge pull request #526 from esben-semmle/js/flow-parsing-improvements 
Approved by xiemaisi
 2018-11-22 15:02:21 +00:00
Esben Sparre Andreasen
8c7ca38b8d JS(extractor): improve parser support for flowtype syntax 2018-11-22 14:09:09 +01:00
Jonas Jensen
da26b4f856 C++: Accept test changes for IR 
This test was failing due to a semantic merge conflict between #509,
which added `UninitializedInstruction`, and #517, which added new test
code that would get `UninitializedInstruction`s in it after merging with #509.
 2018-11-22 13:52:33 +01:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
calum
36d9520f87 C#: Address doc comments. 2018-11-22 11:52:00 +00:00
calum
6b2e339ec5 C#: Address QL review comments. 2018-11-22 11:45:41 +00:00
calum
64de7489fe C#: Analysis change notes. 2018-11-22 11:21:35 +00:00
calum
1bfa4d59e7 C#: Documentation for cs/uncontrolled-format-string 2018-11-22 11:21:35 +00:00
calum
fb09360ad6 C#: New query for cs/uncontrolled-string-format 2018-11-22 11:21:35 +00:00
Mark Shannon
c01db23f58 Python: Fix up expected results of SqlInjection.ql 2018-11-22 11:05:09 +00:00
Mark Shannon
bfb7e17ebf Python: Move library to correct location. 2018-11-22 11:05:09 +00:00
Mark Shannon
f3fedcdf38 Python tests: Move security test stubs to correct location. 2018-11-22 11:05:09 +00:00
Mark Shannon
04e5b8927a Python tests: use a more accurate form os os.path.join() in test lib. 2018-11-22 11:05:09 +00:00
Mark Shannon
88d82017b3 Python: Convert stack-trace-exposure query to path-problem. 2018-11-22 11:05:08 +00:00
Mark Shannon
2a24723cc3 Python: Update test results for path queries. 2018-11-22 11:05:08 +00:00
Mark Shannon
722d89fc75 Upgrade taint-tracking security queries to path-problem queries. 2018-11-22 11:05:01 +00:00
Tom Hvitved
201f64ef8e Merge pull request #367 from calumgrant/cs/path-problems 
C#: Update all security queries to path-problems
 2018-11-22 12:02:11 +01:00
Mark Shannon
2ac2233e69 Add change note for enhance visibility of security alerts and conversion to path-queries. 2018-11-22 11:01:35 +00:00
Jonas Jensen
75873bb4a6 C++: Detect non-allocating placement new 
This adds a `NewOrNewArrayExpr.getPlacementPointer` predicate and uses
it in `Alloc.qll` to detect when a `new`-expression is not an
allocation.

User-defined replacements for `operator new` may not be allocations
either, but the code continues to assume that they are. It's possible
that we want to change this assumption in the future or leave it up to
individual queries to decide on which side to err. It's hard to
statically tell whether `operator new` has been overloaded in a
particular file because it can be overloaded by a definition that is not
in scope but is only linked together with that file.
 2018-11-22 11:31:19 +01:00
Felicity Chapman
8cad0b6ef1 Update qhelp for consistency 2018-11-22 10:25:41 +00:00
Asger F
61ef6552c3 JS: handle both data() and taint() source labels 2018-11-22 09:59:31 +00:00
Jonas Jensen
a17debac3e C++: Placement-new tests for MemoryNeverFreed.ql 2018-11-22 10:48:18 +01:00
Jonas Jensen
e062851709 Merge pull request #517 from dave-bartolomeo/dave/IRFilter 
C++: Don't generate IR for functions with bad ASTs
 2018-11-22 10:02:18 +01:00
Max Schaefer
733acaccfa Merge pull request #506 from esben-semmle/js/optional-chaining-extractor-and-ql 
JS: Optional chaining support in extractor and ql
 2018-11-22 07:41:51 +00:00
Jonas Jensen
1739cab896 Merge pull request #504 from geoffw0/more-change-notes 
CPP: Change notes
 2018-11-22 08:30:20 +01:00
Jonas Jensen
220487bb32 C++: Deprecate queries using VCS.qll 
One query imported VCS.qll for no reason, so I removed the import
instead of deprecating the query.
 2018-11-22 08:21:49 +01:00
Jonas Jensen
70e9d11fd2 Merge pull request #509 from dave-bartolomeo/dave/ConditionDeclExpr 
C++: IR support for ConditionDeclExpr
 2018-11-22 08:03:14 +01:00
Dave Bartolomeo
beb9c9c054 C++: Sync identical files 2018-11-21 16:51:47 -08:00
Dave Bartolomeo
97fd7b46cc C++: Add tests for filtering bad ASTs 2018-11-21 16:39:08 -08:00
Dave Bartolomeo
7db36b2a22 C++: Skip IR translation for functions with invalid ASTs 
An slightly invalid AST can cause IR construction to generate extremely bad IR. This change provides a single place to detect invalid ASTs, and to skip IR construction for the affected functions.
 2018-11-21 16:01:19 -08:00
Dave Bartolomeo
03802ed409 C++: Allow filtering of IR creation to speed up dumps 
This change provides a mechanism by which a query can tell the IR package to only create IR for certain functions. This is mostly useful for "PrintIR.qll", which uses this feature to avoid the expense of creating IR for functions that aren't going to be printed.
 2018-11-21 16:01:12 -08:00
calum
3eae1cd500 C#: Update test outputs. 2018-11-21 17:28:48 +00:00
semmle-qlci
62db19bee7 Merge pull request #492 from geoffw0/offsetuse 
Approved by dave-bartolomeo
 2018-11-21 17:26:48 +00:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
semmle-qlci
746b13a1bc Merge pull request #510 from xiemaisi/js/exclude-minified 
Approved by asger-semmle
 2018-11-21 16:06:22 +00:00