hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,088 Commits 1,723 Branches 164 Tags
28338eb32e253fb9ca0f601f3a2a0dee8eebc03e
Commit Graph

16088 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe
28338eb32e Java: PrintAst: Various minor fixes of typos 
Fix references to C#

Fix getAPrimaryQlClass for JavadocTag

Fix typo for Import

Update test outputs
 2020-09-15 15:02:56 +01:00
Joe
53ab8dac06 Java: PrintAst: Fix failing tests 2020-09-15 14:45:48 +01:00
Joe
112b6d28a1 Java: PrintAst: Handle multiple javadocs in one element correctly 2020-09-15 14:45:48 +01:00
Joe
e38b583ec4 Java: PrintAst: Add tests 2020-09-15 14:45:48 +01:00
Joe
b73e7d8390 Java: PrintAST: Support Javadoc 2020-09-15 14:45:48 +01:00
Joe
c3320eeb3c Java: Improve getAPrimaryQlClass 
Implement it for more types
Fix typos
 2020-09-15 14:45:48 +01:00
Joe
908f025888 Java: PrintAst: Fix a couple of issues related to Annotations 2020-09-15 14:45:48 +01:00
Joe
c20f802666 Java: PrintAst: Supprt generic parameters 2020-09-15 14:45:48 +01:00
Joe
19af3e5e30 Java: Add PrintAST 2020-09-15 14:45:48 +01:00
Anders Schack-Mulligen
159353d545 Merge pull request #4269 from joefarebrother/PrintAST-java-rename 
Java: Rename PrintAst.qll to PrettyPrintAst.qll
 2020-09-15 15:43:24 +02:00
CodeQL CI
951e3093d2 Merge pull request #4231 from erik-krogh/CVE767 
Approved by asgerf
 2020-09-15 03:47:40 -07:00
Joe
efe3ac0a37 Java: Rename the existing file called PrintAst.qll 2020-09-15 11:30:56 +01:00
Erik Krogh Kristensen
2de94abe9f Merge pull request #4244 from erik-krogh/badJQueryJoin 
JS: Fix Bad join orders in UnsafeJQueryPlugin
 2020-09-15 12:29:25 +02:00
Jonas Jensen
25412da845 Merge pull request #4253 from geoffw0/stringstream2 
C++: Model more stringstream features
 2020-09-15 12:19:26 +02:00
Mathias Vorreiter Pedersen
1fbb0fbf54 Merge pull request #4266 from geoffw0/cwe190tests 
C++: CWE-190 Tests.
 2020-09-15 12:08:00 +02:00
Tom Hvitved
d095d6b56b Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty 
C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty
 2020-09-15 09:30:29 +02:00
Geoffrey White
6ca9c449af C++: Add a test demonstrating the recent regression. 2020-09-14 17:55:20 +01:00
Asger F
c106b6777c Merge pull request #4254 from asgerf/js/bump-extractor-version-string 
JS: Bump extractor version string
 2020-09-14 15:17:29 +01:00
Geoffrey White
22097a9e13 C++: Add some CWE-190 tests I had lying around. 2020-09-14 14:39:02 +01:00
Tamás Vajk
d21c101c0d Merge pull request #4041 from tamasvajk/feature/update-roslyn 
C#: upgrade Roslyn dependencies to version 3.7
 2020-09-14 13:57:36 +02:00
Tamás Vajk
f5f4b8e25b C#: Enable nullability of Semmle.Extraction.CSharp.Standalone (#4115) 2020-09-14 13:43:57 +02:00
Tom Hvitved
0fb9dc5bac C#: Adjust caching of tuple types 2020-09-14 11:24:46 +02:00
Geoffrey White
6b035df660 C++: Repair taint flow from previous. 2020-09-14 10:21:43 +01:00
Tom Hvitved
19746023d9 C#: Tidy code for constructing underlying tuple structs 2020-09-14 10:08:58 +02:00
Erik Krogh Kristensen
6fb534f178 fix catastrophic join order in UnsafeJQueryPlugin 2020-09-14 09:59:48 +02:00
Erik Krogh Kristensen
9502869e3c improve join-order for aliasPropertyPresenceStep 2020-09-14 09:59:22 +02:00
Jonas Jensen
021aa647c1 Merge pull request #4142 from MathiasVP/mathiasvp/read-step-without-memory-operands 
C++: Use IR alias analysis for field flow
 2020-09-14 09:37:27 +02:00
Mathias Vorreiter Pedersen
34a57e2bd4 Merge pull request #4252 from jbj/normalize-bounds 
C++: SimpleRangeAnalysis: Always normalize bounds after a computation
 2020-09-14 09:16:32 +02:00
Asger Feldthaus
1d92cbb655 JS: Bump extractor version string 2020-09-12 09:22:12 +01:00
Geoffrey White
b404a339a4 C++: Correct isQualifierObject -> isQualifierAddress. 2020-09-11 16:15:47 +01:00
Jonas Jensen
fee7ce6c7f Merge pull request #4221 from rajivshah3/fix/cpp-av-32-include 
C++: Allow .inc files to be included
 2020-09-11 16:53:43 +02:00
Geoffrey White
d3ca140eeb C++: Account for pointer / reference parameters to operator<<. 2020-09-11 15:20:54 +01:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Jonas Jensen
172becd67f Merge pull request #4250 from lcartey/cpp/expose-getdefbounds 
C++: Expose getDef(Upper|Lower)Bound as an internal predicate.
 2020-09-11 13:26:08 +02:00
Mathias Vorreiter Pedersen
2d57abdcbe Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-11 12:47:29 +02:00
Geoffrey White
d648150322 C++: Autoformat. 2020-09-11 11:14:58 +01:00
Geoffrey White
dd53e3fe65 C++: Fix data flow to return value. 2020-09-11 11:14:58 +01:00
Geoffrey White
597757d76f C++: Model std::stringstream put and write. 2020-09-11 11:14:57 +01:00
Geoffrey White
66a5c38eef C++: Model std::stringstream constructor. 2020-09-11 11:14:57 +01:00
Jonas Jensen
ad11f76ec6 C++: Always normalize bounds after a computation 
This stops some cases of `-0.0` from propagating through the range
analysis, fixing a false positive on arvidn/libtorrent.

There seems to be no need for a corresponding change in the caller of
`getDefLowerBoundsImpl` since that predicate only contains computations
that cannot introduce negative zero.
 2020-09-11 11:59:00 +02:00
Jonas Jensen
0c8e06ba68 C++: Tests for -0.0 in range analysis 2020-09-11 11:52:39 +02:00
Tom Hvitved
6c5b30d2a4 C#: Update CIL consistency test 2020-09-11 11:49:07 +02:00
Tom Hvitved
f225a17639 C#: Even more reflection for retrieving meta data handle 2020-09-11 11:49:07 +02:00
lcartey@github.com
65d48a32b8 C++: Expose getDef(Upper|Lower)Bound as an internal predicate. 2020-09-11 09:49:18 +01:00
Tamas Vajk
d60b7c7297 C#: Improve empty collection check to not report on collections with property writes 2020-09-11 10:46:34 +02:00
Mathias Vorreiter Pedersen
399da6837a Merge pull request #4227 from jbj/SimpleRangeAnalysis-NotExpr 
C++: Support `(bool)x` and `!x` in SimpleRangeAnalysis
 2020-09-11 08:59:03 +02:00
Bas van Schaik
31495b876e Python script to generate lists of code scanning queries in CSV format (#4177) 
* Create a PowerShell script that can be used to report on the set of queries inside of a particular QL Suite.
* Translate PowerShell script into Python
* support running this script from anywhere within the CodeQL git repo
* print non-fatal error if metadata is not available
* make sure warning about missing pack is printed to stderr
* only run on pushes against main and rcs
* detect repo by checking remote, rather than first SHA
* specify full sha of dsaltares/fetch-gh-release-asset
* trigger workflow on PR that modifies paths of interest

Co-authored-by: Justin Hutchings <jhutchings1@users.noreply.github.com>
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2020-09-10 12:25:02 -07:00
Rasmus Wriedt Larsen
52d8f7d395 Merge pull request #4235 from yoff/SharedDataflow_UseUseFlow 
Python: Port use-use implementation from Java
 2020-09-10 16:12:28 +02:00
Rasmus Lerchedahl Petersen
92e7a5676d Python: Address review comments 2020-09-10 15:17:30 +02:00
yoff
3a19b1e7fd Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-10 15:06:06 +02:00