hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,759 Commits 1,712 Branches 163 Tags
00ef80dfc5f285fb843ac94de7bc7e1dea85931e
Commit Graph

2759 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
00ef80dfc5 Merge pull request #741 from asger-semmle/this-access-path 
JS: support 'this' as the root of an access path
 2019-01-21 16:48:34 +01:00
Anders Schack-Mulligen
50ce961c06 Merge pull request #791 from hmakholm/pr/ODASA-6859 
Fix ODASA-6859
 2019-01-21 13:23:26 +01:00
Geoffrey White
821a7bfadd Merge pull request #779 from jbj/commented-out-code-braces 
C++: Relax commented-out code heuristic for `}`
 2019-01-21 09:37:30 +00:00
Jonas Jensen
9561fdaabf Merge pull request #672 from geoffw0/lgtm1605 
CPP: Fix function pointer/lambda related false positives in 'Resource not released in destructor'
 2019-01-21 09:35:30 +01:00
Jonas Jensen
169bbcdfa0 Merge pull request #682 from geoffw0/suspiciousaddsizeof 
CPP: Fix false positive in SuspiciousAddWithSizeof.ql
 2019-01-21 09:06:18 +01:00
semmle-qlci
0432b01e3b Merge pull request #764 from asger-semmle/dataflow-classnode 
Approved by esben-semmle, xiemaisi
 2019-01-21 06:47:57 +00:00
semmle-qlci
dd84b6063b Merge pull request #794 from xiemaisi/js/parallel-extraction 
Approved by asger-semmle, esben-semmle
 2019-01-20 00:22:38 +00:00
Mark Shannon
261cd36b8c Merge pull request #781 from kevinbackhouse/HashedButNoHash 
Python: fix false positive result.
 2019-01-18 21:56:12 +00:00
Kevin Backhouse
9e79e1bc8c Simplify the logic with theTypeErrorType(). 2019-01-18 16:33:48 +00:00
Geoffrey White
bff23f546d CPP: Clearer naming. 2019-01-18 16:21:28 +00:00
Asger F
4b4daa645f JS: handle accessors separately 2019-01-18 15:42:05 +00:00
Asger F
e18b635314 JS: add getADirectSuperClass() 2019-01-18 15:42:05 +00:00
Asger F
c82690f4c1 JS: address comments 2019-01-18 15:42:05 +00:00
Asger F
cc1204acef JS: remove isAmbient() check 2019-01-18 15:42:05 +00:00
Asger F
1eb0ca4b4a JS: make ClassNode::Range abstract 2019-01-18 15:42:05 +00:00
Taus
bcc65dbad3 Merge pull request #554 from markshannon/python-named-module-utility 
Python: named module utility
 2019-01-18 16:01:36 +01:00
Asger F
3cb2341e63 JS: split ClassNode into two classes 2019-01-18 14:46:38 +00:00
Asger F
5b7675d972 JS: introduce DataFlow::ClassNode 2019-01-18 14:46:38 +00:00
Taus
8d99186d74 Merge pull request #795 from markshannon/remove-builtin-class-test 
Python: Remove fragile and unnecessary test.
 2019-01-18 15:17:39 +01:00
Taus
92d2e18bf2 Merge pull request #712 from markshannon/python-fix-odasa-7307 
Python: Detect a wider range of generated files.
 2019-01-18 14:38:08 +01:00
Mark Shannon
c1a549ddff Python. Improve grammar in qldoc comment. 2019-01-18 11:49:59 +00:00
Asger F
107ec3b687 JS: add test with self=this variable 2019-01-18 10:39:02 +00:00
Asger F
78bd76048a JS: add test with closures 2019-01-18 10:39:02 +00:00
Asger F
0bb6692c19 JS: add 'this' as possible access path root 2019-01-18 10:39:02 +00:00
Mark Shannon
4398670ecc Merge pull request #775 from taus-semmle/python-dill-pickle-support 
Python: dill pickle support.
 2019-01-18 10:01:22 +00:00
Max Schaefer
740acc12e8 JavaScript: Add change note. 2019-01-18 09:36:07 +00:00
semmle-qlci
5e712b3ff6 Merge pull request #784 from asger-semmle/dedup-promiseTaintStep 
Approved by esben-semmle
 2019-01-18 08:52:09 +00:00
Henning Makholm
fda08181c1 fix ODASA-6859 2019-01-18 00:08:36 +01:00
Henning Makholm
26b6581bdb test example for ODASA-6859 2019-01-17 23:30:39 +01:00
Dave Bartolomeo
6af8948a3f Merge pull request #783 from jbj/ir-reachable-perf 
C++: Speed up getAFeasiblePredecessorBlock
 2019-01-17 10:19:07 -08:00
Kevin Backhouse
56efe3adb7 Fix false positive result. 2019-01-17 16:22:48 +00:00
Kevin Backhouse
5fc056beb3 Add regression test for false positive result. 2019-01-17 16:22:19 +00:00
Jonas Jensen
f147b63bb8 Merge pull request #654 from geoffw0/lossyresultcast 
CPP: Work on Lossy function result cast query
 2019-01-17 17:07:29 +01:00
semmle-qlci
beed51924e Merge pull request #780 from Semmle/xiemaisi-patch-4 
Approved by esben-semmle
 2019-01-17 16:04:00 +00:00
Asger F
a8d750f086 JS: update header doc in Promises.qll 2019-01-17 15:26:45 +00:00
Asger F
e9c4f13a31 JS: Remove trailing whitespace again 2019-01-17 13:10:15 +00:00
Asger F
7a344c8546 JS: Add resolved promise taint test case 2019-01-17 13:08:55 +00:00
Asger F
b6fdbdcf84 JS: deduplicate promiseTaintStep 2019-01-17 13:04:16 +00:00
Asger F
882b337c15 JS: Move ResolvedPromiseDefinition into StandardLibrary.qll 2019-01-17 13:02:03 +00:00
Asger F
fc27b26bd5 JS: Remove duplicate PromiseFlowStep 2019-01-17 12:56:40 +00:00
Asger F
66901dc7b8 JS: remove duplicate ES2015PromiseDefinition 2019-01-17 12:55:38 +00:00
Jonas Jensen
6b9aaf63d7 C++: Speed up getAFeasiblePredecessorBlock 
This predicate was unbearably slow on a ChakraCore snapshot (and
probably everywhere else):

    ReachableBlock::getAFeasiblePredecessorBlock#2#ff#antijoin_rhs .. 1m6s
    ReachableBlock::getAFeasiblePredecessorBlock#ff#antijoin_rhs .... 31.8s

With this change, the predicate is so fast that it doesn't even show up
in the clause timing report.

It's possible that we only tested this for performance in 1.18, and then
it has regressed in 1.19. Otherwise I can't explain how we've missed
this. I'm using QL for Eclipse 1.20.0.201901070127.
 2019-01-17 13:36:20 +01:00
Mark Shannon
801d8cb3a5 Python: Remove fragile and unnecessary test. 2019-01-17 12:31:19 +00:00
Calum Grant
f85f05d55f Merge pull request #776 from hvitved/csharp/delegate-ref-assignment 
C#: Recognize `ref` assignments through delegate calls
 2019-01-17 10:35:26 +00:00
Max Schaefer
8f8068695d JavaScript: Bump extractor version to avoid trap cache. 2019-01-17 09:30:18 +00:00
Max Schaefer
ce65fcedc1 JavaScript: Abort AutoBuild if an exception happens in one of the extractor threads. 2019-01-17 09:29:49 +00:00
Max Schaefer
7765c6d486 JavaScript: Await termination of extractor threadpool. 2019-01-17 09:29:49 +00:00
Max Schaefer
3b5315aa7e JavaScript: Improve logging. 2019-01-17 09:29:49 +00:00
Max Schaefer
a6cb63e9c8 JavaScript: Make number of threads configurable through LGTM_INDEX_THREADS. 
If the number of threads specified is one or lower, we fall back onto single-threaded extraction.
 2019-01-17 09:29:49 +00:00
Max Schaefer
d625ebf86d JavaScript: Extract JavaScript files after TypeScript files. 
This way we only start multi-threaded extraction after the TypeScript parser has already been shut down, reducing the chance of running out of memory.
 2019-01-17 09:29:49 +00:00