hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-22 13:21:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
41,496 Commits 1,786 Branches 169 Tags
060605bd5fd39d8ebfc82aaa93dee09cbbfb48ce
Commit Graph

41496 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
d913654604 Merge remote-tracking branch 'upstream/master' into FalsySanitizer 2020-02-12 10:28:48 +01:00
Tom Hvitved
78380f5d59 Merge pull request #2658 from calumgrant/cs/serialization-check-bypass-type 
C#: Fix cs/serialization-check-bypass
 2020-02-12 10:26:01 +01:00
Anders Schack-Mulligen
5b7c150f58 Merge pull request #2813 from p-/fix-doc-java-dataflow 
Doc: fix sample query in Java data flow documentation
 2020-02-12 10:08:05 +01:00
Rebecca Valentine
2270c6c960 Adds modernized files. 2020-02-11 21:45:49 -08:00
Rebecca Valentine
178acc85b9 Adds main modifications. 2020-02-11 21:25:50 -08:00
Robert Marsh
837fe84cec C++/C#: autoformat Opcode.qll 2020-02-11 12:18:45 -08:00
Robert Marsh
f467260815 C++: respond to PR comments. 2020-02-11 12:17:46 -08:00
Robert Marsh
5269fb713f Merge pull request #2812 from geoffw0/nospacezero 
C++: Improve NoSpaceForZeroTerminator.ql
 2020-02-11 14:37:32 -05:00
Peter Stöckli
ddbec74b67 Doc: fix sample query in Java data flow doc 2020-02-11 20:17:53 +01:00
Mathias Vorreiter Pedersen
1dd5926f41 C++: Generalize new case in adjustedSink to all AssignOperations 2020-02-11 17:15:42 +01:00
Geoffrey White
87781a944b C++: Change note. 2020-02-11 15:25:59 +00:00
Geoffrey White
75a50a1714 C++: Understand formatting function varargs as needing null termination. 2020-02-11 15:25:59 +00:00
Geoffrey White
de8d84dfff C++: Clearer comments in NoSpaceForZeroTerminator.ql. 2020-02-11 15:25:59 +00:00
Geoffrey White
2f290bd528 C++: Additional test cases. 2020-02-11 15:25:59 +00:00
Calum Grant
5838df17c6 Merge pull request #2766 from hvitved/csharp/stackalloc 
C#: Extract `stackalloc` information
 2020-02-11 15:06:15 +00:00
Rasmus Wriedt Larsen
efedcd26d0 Python: Django tests need --lang=3 2020-02-11 13:16:52 +01:00
Erik Krogh Kristensen
35d8151374 add a few arrary methods to TaintedPath.qll 2020-02-11 12:23:51 +01:00
Tom Hvitved
1948446ad3 Address review comments 2020-02-11 11:56:40 +01:00
Rasmus Wriedt Larsen
1f762841ec Python: In py/import-own-module handle from foo import * 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
5cc2efef8e Python: Fix FPs for py/import-own-module 
Before I added `--max-import-depth=2`, there was a bit of trouble, where it
would alert on `from pkg_ok import foo2` -- since all the `pkg_ok.foo<n>`
modules were missing, I guess the analysis didn't make any assumptions on
whether `foo2` is a module or a regular attribute.
 2020-02-11 11:45:48 +01:00
Rasmus Wriedt Larsen
f3f9e340d3 Python: Update tests for py/import-own-module 
So I've been thinking a bit about import pkg_ok.foo1 after reading the Python
references for imports of submodules
https://docs.python.org/3/reference/import.html#submodules

> When a submodule is loaded using any mechanism (...) a binding is placed in the
parent module’s namespace to the submodule object. For example, if package spam
has a submodule foo, after importing spam.foo, spam will have an attribute foo
which is bound to the submodule.

That does at least explain what is going on here.

I feel that import pkg_ok.foo1 might be a very contrived example. In principle
it should be an alert, since the module pkg_ok ends up with an import of itself,
but my gut feeling is that in practice it's not a very important piece of code
to give alerts for. if we really care about giving these import related alerts,
we could probably add a new query for this pattern, as it's kind of surprising
that it works when you're just an ordinary python programmer.
 2020-02-11 11:45:48 +01:00
Shati Patel
bd94e80271 Merge pull request #2809 from jf205/update-rc123 
docs: port some more changes onto rc/1.23
 2020-02-11 11:26:36 +01:00
James Fletcher
cb94c95115 Merge pull request #2807 from shati-patel/sphinx-blog 
Remove link to blog
 2020-02-11 09:16:42 +00:00
Arthur Baars
a460d90434 Remove trailing ; in QL language spec 
(cherry picked from commit c91815f44d)
 2020-02-11 09:13:30 +00:00
Arthur Baars
b56b10b0d9 Fix typos in QL language spec 
(cherry picked from commit c431d47481)
 2020-02-11 09:13:30 +00:00
James Fletcher
d8f31068d5 Update docs/language/learn-ql/writing-queries/debugging-queries.rst 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
(cherry picked from commit 47f61f3569)
 2020-02-11 09:04:45 +00:00
james
f3d2588dae docs: address review comments 
(cherry picked from commit 537739c42d)
 2020-02-11 09:04:45 +00:00
james
646670708c docs: move abstract classes topic to handbook 
(cherry picked from commit 23d1e06aa4)
 2020-02-11 09:04:45 +00:00
james
bcf08649ee docs: delete equivalence topic 
(cherry picked from commit e8016a2303)
 2020-02-11 09:03:59 +00:00
james
8e6e6d356d docs: move folding predicates topic 
(cherry picked from commit fe18c18619)
 2020-02-11 09:03:59 +00:00
james
2900dced18 docs: add link to module resolution in ql spec 
(cherry picked from commit f2320bbe56)
 2020-02-11 09:03:58 +00:00
Jonas Jensen
b9bc21637e Merge pull request #2808 from rdmarsh2/function-with-wrappers 
C++: fix cartesian product in FunctionWithWrapper
 2020-02-11 09:31:41 +01:00
Sauyon Lee
fdb7852cf6 Force git not to mangle line endings for files relevant to tests 2020-02-10 16:11:56 -08:00
Sauyon Lee
22029410f0 Create an action workflow for CodeQL tests 2020-02-10 16:11:55 -08:00
Robert Marsh
d672f8f863 C++: unflip cause strings in FunctionWithWrapper 2020-02-10 15:57:38 -08:00
Sauyon Lee
ae96bd88bc Merge pull request #239 from max/virtual-dispatch 
Call-graph API cleanup
 2020-02-10 15:05:13 -08:00
Robert Marsh
d09f78db29 C++: fix cartesian product in FunctionWithWrapper 2020-02-10 13:02:58 -08:00
Max Schaefer
acd27cdee6 Merge pull request #238 from sauyon/semmle-to-github 
Rename the go module to github.com/github/codeql-go
 2020-02-10 21:02:05 +00:00
Max Schaefer
6aa0d631dd Address review comments. 2020-02-10 20:59:13 +00:00
Dave Bartolomeo
405850e02b Merge pull request #2805 from jbj/dataflow-sideeffect-join 
C++: IR DataFlowUtil::modelFlow join order fix
 2020-02-10 13:04:51 -07:00
Tom Hvitved
96e71c731d C#: Add DB stats for explicitly_sized_array_creation 2020-02-10 20:33:57 +01:00
Tom Hvitved
dc27ee7b9f C#: Add change note 2020-02-10 20:33:57 +01:00
Tom Hvitved
859e6968c1 C#: Add DB upgrade script 2020-02-10 20:32:53 +01:00
Tom Hvitved
bbf082b285 C#: Extract stackalloc information 2020-02-10 20:32:52 +01:00
Tom Hvitved
2b2bb5db80 Merge pull request #2803 from calumgrant/cs/stackalloc-expr 
C#: Handle implicitly-typed stackallocs
 2020-02-10 20:28:16 +01:00
Sauyon Lee
677ed6ebf4 Fix tests to use codeql-go repository name 2020-02-10 11:00:01 -08:00
Sauyon Lee
5417102c37 Rename the go module to github.com/github/codeql-go 2020-02-10 11:00:00 -08:00
Robert Marsh
58bba86be4 C++: autoformat 2020-02-10 09:52:23 -08:00
Shati Patel
ce28d0fde7 Remove link to blog 2020-02-10 17:48:44 +00:00
Calum Grant
fb6da0b701 C#: Remove condition around initializer. 2020-02-10 16:17:12 +00:00