hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,894 Commits 1,712 Branches 163 Tags
2b3025265bbb73f6dc9c6ec96ddaa9bb444cd0ca
Commit Graph

11894 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
2b3025265b Python: Clean up QLdoc 
Co-Authored-By: Taus <tausbn@gmail.com>
 2020-04-24 14:05:02 +02:00
Rasmus Wriedt Larsen
8878884724 Python: Rewrite web/stdlib/Request.qll QLDoc to be more clear 2020-04-24 08:07:23 +02:00
Rasmus Wriedt Larsen
23f3736b67 Python: Simplify CgiFieldStorageFieldKind.getTaintOfAttribute 2020-04-24 08:04:55 +02:00
Rasmus Wriedt Larsen
22096c36b9 Python: Add standard HttpSources tests for BaseHTTPRequestHandler 2020-04-22 17:28:49 +02:00
Rasmus Wriedt Larsen
51a9094064 Python: Add sinks for http.server.BaseHTTPRequestHandler 2020-04-22 17:28:27 +02:00
Rasmus Wriedt Larsen
a27431e197 Python: Add module level QLDoc in web/stdlib/Request.qll 2020-04-22 16:22:03 +02:00
Rasmus Wriedt Larsen
6b84137a92 Python: Model cgi.FieldStorage (parsing of submitted forms) 2020-04-22 11:37:47 +02:00
Rasmus Wriedt Larsen
6eb24011eb Python: Add docs to web/stdlib/Request.qll 2020-04-22 11:26:50 +02:00
Rasmus Wriedt Larsen
26ed911bb2 Python: Add modeling of http.server.BaseHTTPRequestHandler 2020-04-22 09:52:10 +02:00
semmle-qlci
243dea706e Merge pull request #3269 from erik-krogh/Promisify 
Approved by esbena
 2020-04-18 13:02:42 +01:00
Robert Marsh
9008084b74 Merge pull request #3272 from dbartol/dbartol/DumpFixes 
C++: A couple of fixes for IR dumps
 2020-04-17 11:49:52 -07:00
Jonas Jensen
8ca6c57eef Merge pull request #3118 from MathiasVP/ir-flow-fields 
C++: IR field flow
 2020-04-17 15:49:19 +02:00
Erik Krogh Kristensen
cffa911661 retarget change note for 1.25 2020-04-17 14:22:57 +02:00
Mathias Vorreiter Pedersen
ba0429cf01 Merge branch 'master' into ir-flow-fields 2020-04-17 13:57:12 +02:00
Chris Gavin
e974006122 Merge pull request #3283 from jbj/mergeback-2020-04-17 
Mergeback rc/1.24 -> master
 2020-04-17 12:11:22 +01:00
Erik Krogh Kristensen
e72eed1db5 more -> additional 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 13:10:06 +02:00
Mathias Vorreiter Pedersen
8c03423f3e C++: Accept test output 2020-04-17 12:03:16 +02:00
Erik Krogh Kristensen
4a93b91d59 make maybePromisified private 2020-04-17 11:47:03 +02:00
Erik Krogh Kristensen
3b230648d2 change-note 2020-04-17 11:45:08 +02:00
Erik Krogh Kristensen
4f32157a78 rename func to callback 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-04-17 11:36:48 +02:00
Jonas Jensen
c970e8a52e Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-04-17 2020-04-17 10:42:27 +02:00
Erik Krogh Kristensen
eca98b42d2 basic support for util.promisify for NodeJSFileSystemAccess 2020-04-17 09:54:37 +02:00
Erik Krogh Kristensen
ea0f6a367d refactor into maybePromisified predicate 2020-04-17 09:50:08 +02:00
Mathias Vorreiter Pedersen
62e2ffe623 C++: Make PartialDefinitionNode private and add/update comments based on review comments 2020-04-16 17:19:12 +02:00
Taus
964a619450 Merge pull request #3211 from RasmusWL/python-unused-import-small-fix 
Python: Fix FN in unused import
 2020-04-16 14:22:50 +02:00
Taus
a92d926b56 Merge pull request #3218 from RasmusWL/python-add-missing-override 
Python: Add missing override to ClassValue.hasAttribute
 2020-04-16 14:06:23 +02:00
Tom Hvitved
922e52f061 Merge pull request #3257 from hvitved/csharp/dataflow/tests 
C#: Update data flow tests
 2020-04-16 11:47:45 +02:00
Dave Bartolomeo
2264ec714f C++: Better type preservation in getVariableType() 
`getVariableType()` is used to compute the actual semantic type of a variable from its declared type. That's where we handle pointer and function decay for parameters, and it's also where we handle arrays of unknown bound initialized with an initializer of known bound.

Previously, even if neither of the above situations applied, the type that we returned was the `getUnspecifiedType()` of the variable. This meant that, for example, `const char* p` would be treated as `char *`. This is inconsistent with how we handle types elsewhere in IR construction, where we preserve typedefs and cv-qualifiers when creating the `CppType` of an `IRVariable`, `Instruction`, or `Operand`.

The only visible effect this fix has is to fix the inferred result type for `Phi` instructions for variables affect by this change in `getVariableType()` behavior. Previously, we would see the variable accessed as both `const char*` and as `char*`, so we'd fall back to the canonical pointer type, which is `decltype(nullptr)`. Now, we see the same type for all accesses to the variable, so we use that type as the type of the SSA memory location and as the result type of the `Phi` instruction.
 2020-04-15 18:41:24 -04:00
Dave Bartolomeo
90dc14c56e C++/C#: Fix phantom Chi definitions in PrintSSA 
When `PrintSSA.qll` is imported, IR dumps will be annotated with the alias analysis information used during SSA construction. When printing this information, we incorrectly treated instructions at offset -1, which should only be `Phi` instructions, as `Chi` instructions for the instruction at offset 0. This produced phantom annotations, but did not affect the correctness of the actual IR.
 2020-04-15 18:24:11 -04:00
Mathias Vorreiter Pedersen
86ba03bea8 Merge pull request #3256 from Semmle/rdmarsh/cpp/add-qldoc-1 
C++: Add QLdoc to some AST methods (Class.qll-Diagnostics.qll)
 2020-04-15 21:46:36 +02:00
Erik Krogh Kristensen
e8dc77d508 add support for util.promisify with child_process calls 2020-04-15 19:16:30 +02:00
Rasmus Wriedt Larsen
5a51d2cc4c Merge pull request #3245 from BekaValentine/python-objectapi-to-valueapi-wrongnameforargumentinclassinstantiation 
Python: ObjectAPI to ValueAPI: WrongNameForArgumentInClassInstantiation
 2020-04-15 16:48:26 +02:00
Rasmus Wriedt Larsen
390959713a Merge pull request #3246 from BekaValentine/python-objectapi-to-valueapi-uselessclass 
Python: ObjectAPI to ValueAPI: UselessClass
 2020-04-15 16:45:02 +02:00
Jonas Jensen
aa8f30cd83 Merge pull request #3268 from MathiasVP/ql-doc-negativitiy 
C++: Add QLDoc to public predicates in Negativity.qll
 2020-04-15 15:12:07 +02:00
Mathias Vorreiter Pedersen
3d0ac53266 Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-04-15 14:01:49 +02:00
Jonas Jensen
6eba3380dd Merge pull request #3241 from geoffw0/alloc-size2 
C++ Improvements to TaintedAllocationSize.ql
 2020-04-15 12:58:19 +02:00
semmle-qlci
bfd80b42a7 Merge pull request #3260 from asger-semmle/js/location-tweaks 
Approved by erik-krogh
 2020-04-15 10:47:35 +01:00
Asger F
34d40b5035 Merge pull request #3237 from asger-semmle/js/sparse-capture 
JS: Add CapturedVariableNode to avoid N^2 edges
 2020-04-15 10:42:48 +01:00
Mathias Vorreiter Pedersen
f02feac33a C++: Add flow from #3220 2020-04-15 11:34:19 +02:00
Geoffrey White
2aa64db40e Merge remote-tracking branch 'upstream/rc/1.24' into alloc-size2 2020-04-15 10:09:54 +01:00
Mathias Vorreiter Pedersen
209e084820 Merge branch 'master' into ir-flow-fields 2020-04-15 10:51:45 +02:00
Mathias Vorreiter Pedersen
a2fbe9e9da C++: Add QLDoc to public predicates in Negativity 2020-04-15 08:18:03 +02:00
Jonas Jensen
b603a3da64 Merge pull request #3259 from MathiasVP/ql-doc-fileclosed-loopbounds-memoryfreed 
C++: QLDoc for FileClosed, LoopBounds and MemoryFreed
 2020-04-15 08:08:04 +02:00
Jonas Jensen
6eac35c753 Merge pull request #3264 from Semmle/merge-rc/1.24 
Merge rc/1.24 into master.
 2020-04-15 07:56:58 +02:00
Jonas Jensen
ae11e7b72c Merge pull request #3265 from Semmle/rdmarsh/cpp/deprecate-isDefined 
C++: deprecate Declaration::isDefined()
 2020-04-15 07:53:19 +02:00
Chris Gavin
4e981d8e70 Merge rc/1.24 into master. 2020-04-14 21:30:29 +01:00
Robert Marsh
146bfca2ad Merge pull request #3254 from dbartol/dbartol/ImplicitReturnValue2 
C++: Treat implicit end of body of non`-void` function as `Unreached`
 2020-04-14 12:18:50 -07:00
Asger Feldthaus
1107e7c6a6 JS: Rename other uses of getURL 2020-04-14 19:45:09 +01:00
Dave Bartolomeo
279467654e C++: Make test functions return void 2020-04-14 14:17:56 -04:00
Dave Bartolomeo
812087968f C++: Fix test output 
Mostly noise, but a couple of the missing operand errors are actual fixes.
 2020-04-14 14:17:20 -04:00