hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,480 Commits 1,740 Branches 165 Tags
01aac8273cb7b84fbf21c5bc80e1dd455fb0710d
Commit Graph

11480 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
727cde31c9 Python: Autoformat a few final stragglers. 2020-03-30 12:30:14 +02:00
Taus Brock-Nannestad
6eb9c6f84d Merge branch 'master' into python-autoformat-almost-everything 2020-03-30 12:24:01 +02:00
Asger Feldthaus
a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Anders Schack-Mulligen
caf0d1528f Merge pull request #3155 from max-schaefer/add-module-comment 
Data flow: Add module doc comment for `TaintTrackingImpl.qll`
 2020-03-30 12:07:08 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Taus
b4fbfa029e Merge pull request #3132 from RasmusWL/python-fix-iterable-unpacking-taint-CP 
Python: Fix iterable-unpacking taint CP
 2020-03-30 11:22:03 +02:00
Anders Schack-Mulligen
b2769b42ed Merge pull request #3117 from adityasharad/java/jackson-taint-steps 
Java: Add taint steps through Jackson serialization methods.
 2020-03-30 10:34:56 +02:00
Anders Schack-Mulligen
57c9277601 Merge pull request #3142 from MathiasVP/no-magic-in-parameterThroughFlowCand 
Data flow: No magic in returnFlowCallableCand
 2020-03-30 10:15:48 +02:00
Dave Bartolomeo
3eef2747d5 Fix LGTM alerts 2020-03-29 03:12:27 -04:00
Dave Bartolomeo
0952064eb3 Move sync-identical-files.py into public repo as sync-files.py 
We currently use a script to keep certain duplicate QL files in sync across the repo. For historical reasons, this script has lived in the private repo alongside the rest of CodeQL, even though it's only used for files in the public `ql` repo. This PR moves the script into the public `ql` repo. It is still invoked by Jenkins scripts that live in the private repo during CI, but it can also be invoked directly without having a checkout of the private repo. This is useful for anyone who is modifying the dataflow or IR libraries with only a QL checkout.
 2020-03-29 02:59:14 -04:00
Nick Rolfe
1baf5df342 Merge pull request #3147 from dbartol/dbartol/FloatLiterals 
C++: Fix test expectations for complex literals
 2020-03-27 18:15:06 +00:00
Shati Patel
28e5904079 Merge pull request #3149 from Semmle/jf205-patch-2 
Change 'Set Literals' to 'Set literals'
 2020-03-27 16:47:58 +00:00
James Fletcher
2c571d3655 Update language.rst 2020-03-27 16:40:48 +00:00
Peter Stöckli
c6688eb349 Fix OpenStream documentation 2020-03-27 17:08:49 +01:00
Peter Stöckli
3de00443ff Review feeback for OpenStream 2020-03-27 17:06:58 +01:00
Rasmus Wriedt Larsen
d55acc38df Python: Constrain execution paths for taint_at_depth 
Thanks Taus!
 2020-03-27 16:20:08 +01:00
Erik Krogh Kristensen
4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Philip Ginsbach
a91a5c3db9 "aggregation yields" => "query returns" 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:50:41 +00:00
Philip Ginsbach
23e4ae3f49 "and hence" => ", so" 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:50:07 +00:00
Philip Ginsbach
3406ee72ee Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:49:45 +00:00
Philip Ginsbach
811bc01d1e the `expression => <expression>` 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:49:23 +00:00
Philip Ginsbach
c91c3f24a0 fixed typo "the the" 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:47:57 +00:00
Dave Bartolomeo
3039aaf4f3 C++: Fix test expectations for complex literals 2020-03-27 10:33:19 -04:00
Shati Patel
0b62a1d980 Merge pull request #3144 from ginsbach/setliteralhandbook 
Mention set literals in handbook
 2020-03-27 14:25:56 +00:00
Peter Stöckli
5e62a6bebe Move CWE-036 directory to experimental 2020-03-27 15:10:15 +01:00
Peter Stöckli
74fc416a35 Merge branch 'master' into cwe-036 2020-03-27 14:54:41 +01:00
Erik Krogh Kristensen
0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
Philip Ginsbach
73845923aa Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-03-27 13:34:20 +00:00
Philip Ginsbach
90b82a0905 unique in aggregate section 2020-03-27 13:09:35 +00:00
Henning Makholm
875a70c0a3 Merge pull request #3129 from ginsbach/master 
Set Literal in QL
 2020-03-27 14:02:55 +01:00
Philip Ginsbach
d979bd958b better wording for the unique aggregate 2020-03-27 13:01:50 +00:00
Philip Ginsbach
05be9b82a2 better wording for type compatibilit 2020-03-27 12:56:37 +00:00
Philip Ginsbach
135a288bed Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 12:55:42 +00:00
semmle-qlci
fad902fc9b Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
semmle-qlci
9b3400337b Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
Philip Ginsbach
1b4df6e24c whitespace fix 2020-03-27 11:53:19 +00:00
Philip Ginsbach
8e873f35ac mention set literals in handbook 2020-03-27 11:51:03 +00:00
Philip Ginsbach
f9442211bf unique aggregate in handbook and reference 2020-03-27 11:31:25 +00:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
Mathias Vorreiter Pedersen
9ab8580ca7 Data flow: No magic in parameterThroughFlowCand 2020-03-27 11:51:10 +01:00
Rasmus Wriedt Larsen
8aadb8bd06 Python: Fix iterable-unpacking tests 2020-03-27 11:42:37 +01:00
semmle-qlci
1975a83cdd Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen
58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen
d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen
be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Robert Marsh
968ddc6274 Merge pull request #3137 from jbj/DefaultTaintTracking-argv 
C++: Never track flow out of an argv argument
 2020-03-26 15:29:52 -07:00
Jonas Jensen
2801941ca2 C++: Never track flow out of an argv argument 
This change removes some duplicate results that will otherwise appear
due to https://github.com/Semmle/ql/pull/3123 and possibly
https://github.com/Semmle/ql/pull/2704.
 2020-03-26 20:40:16 +01:00
Calum Grant
782f2b5b50 Merge pull request #3073 from hvitved/csharp/null-maybe-fp 
C#: Add test for `cs/dereferenced-value-may-be-null`
 2020-03-26 18:55:54 +00:00
Dave Bartolomeo
7879dde8b8 Merge pull request #3097 from jbj/detect-conflated-memory 
C++: Implement Instruction.isResultConflated
 2020-03-26 14:52:47 -04:00