hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,059 Commits 1,723 Branches 164 Tags
2b778afdf5c0d5a56e64159d56b9656bef22bdf0
Commit Graph

4059 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
2b778afdf5 JavaScript: Cache a bunch of flow steps to avoid recomputation. 2019-03-25 16:57:46 +00:00
Jonas Jensen
1be9762463 Merge pull request #1162 from geoffw0/rnr-open 
CPP: Fix Resource not released in destructor FP
 2019-03-25 17:26:34 +01:00
Geoffrey White
2759861da4 CPP: Change note. 2019-03-25 12:17:05 +00:00
Geoffrey White
9b31b4e364 CPP: Fix false positive. 2019-03-25 11:57:23 +00:00
Max Schaefer
4d1161f236 Merge pull request #1156 from esben-semmle/js/fix-define-property-regression 
JS: fix getAPropertyAttribute timeouts
 2019-03-25 11:11:58 +00:00
semmle-qlci
d6be42dcc7 Merge pull request #1160 from hvitved/csharp/is-branch 
Approved by calumgrant
 2019-03-25 10:53:22 +00:00
Geoffrey White
7b88bf7617 CPP: Add a test. 2019-03-25 09:22:18 +00:00
Tom Hvitved
1994f00495 C#: Introduce isBranch() predicate 
We already have `isJoin()`, so it makes sense to have `isBranch()` for symmetry.
 2019-03-25 09:51:26 +01:00
Tom Hvitved
1d05bccd87 Merge pull request #952 from calumgrant/cs/non-null-functions 
C#: Better call analysis using CIL
 2019-03-23 10:47:22 +01:00
Calum Grant
eafb6d84e9 Merge pull request #1 from hvitved/cs/non-null-functions 
C#: Adjustments to CIL/nullness analyses
 2019-03-22 14:41:35 +00:00
Tom Hvitved
6c182564e7 C#: Adjustments to CIL/nullness analyses 
- Cache predicates in the same stage using a cached module.
- Introduce `DefUse::defUseVariableUpdate()` and use in `CallableReturns.qll`.
  The updated file `csharp/ql/test/library-tests/cil/dataflow/Nullness.expected`
  demonstrates why this is needed.
- Utilize CIL analysis in `Guards::nonNullValue()`.
- Analyze SSA definitions in `AlwaysNullExpr`, similar to `NonNullExpr`.
 2019-03-22 15:11:31 +01:00
Esben Sparre Andreasen
335a969946 JS: fix performance in ObjectDefinePropertyAsPropWrite::getRhs 2019-03-22 12:29:34 +01:00
semmle-qlci
4075f570e2 Merge pull request #1151 from xiemaisi/rc/1.20-merge-master 
Approved by asger-semmle, hvitved
 2019-03-22 07:34:00 +00:00
Mark Shannon
8ab4dae2fa Merge pull request #1150 from taus-semmle/python-fix-insecure-default-protocol-fp 
Python: Fix false positive for `py/insecure-default-protocol`.
 2019-03-21 18:16:05 +00:00
Mark Shannon
d056af323d Merge pull request #1140 from taus-semmle/python-rename-query-suites 
Python: Copy query suites from `python2` to `python`.
 2019-03-21 17:51:05 +00:00
Jonas Jensen
db8db8669b Merge pull request #1141 from geoffw0/newfreebug 
CPP: Fix a bug in NewFree.qll
 2019-03-21 17:22:00 +01:00
Geoffrey White
37bd4725ee Merge pull request #1149 from jbj/resource-not-released-in-destructor-Qt 
C++: Fix special-casing of Qt library in resource-not-released-in-destructor
 2019-03-21 16:13:25 +00:00
Max Schaefer
8c460ae385 Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master 
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
 2019-03-21 14:46:29 +00:00
semmle-qlci
fb499b02d5 Merge pull request #1138 from asger-semmle/ts-import-namespace-as-type 
Approved by xiemaisi
 2019-03-21 14:43:48 +00:00
semmle-qlci
313134cb8c Merge pull request #1148 from xiemaisi/js/adm-zip 
Approved by esben-semmle
 2019-03-21 14:00:30 +00:00
semmle-qlci
395089d35e Merge pull request #1147 from xiemaisi/js/show-char-code 
Approved by asger-semmle
 2019-03-21 13:59:59 +00:00
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Jonas Jensen
552842346c C++: Fix special-casing of Qt library 
The `Expr.getType` predicate returns a pointer type since that's the
type of the `new`-expression as a whole. To find the class type, we use
`NewExpr.getAllocatedType`.

This commit reduces the number of alerts in a Qt snapshot from 229 to
51, and it removes the two false positives in
https://github.com/Subsurface-divelog/subsurface.
 2019-03-21 13:37:18 +01:00
Jonas Jensen
a59a9f6075 C++: Add test cases for Qt's QObject 
The Qt library requires client code to call `new` but not `delete`.
 2019-03-21 13:31:50 +01:00
Asger F
1a6c95c908 TS: update test expectation 2019-03-21 11:06:04 +00:00
Geoffrey White
867f357b36 CPP: Correct the test. 2019-03-21 10:57:44 +00:00
Calum Grant
f20041d41f Merge pull request #1133 from hvitved/csharp/more-performance-tweaks 
C#: More performance tweaks
 2019-03-21 10:46:07 +00:00
Max Schaefer
1835028b93 JavaScript: Show character code when reporting unexpected character. 2019-03-21 10:44:49 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Geoffrey White
5a56740ee6 Merge pull request #1124 from jbj/weak-cryptographic-algorithm-perf 
C++: Fix performance of BrokenCryptoAlgorithm.ql
 2019-03-20 18:01:58 +00:00
Geoffrey White
2fdd33eecd CPP: Change note. 2019-03-20 15:48:02 +00:00
Geoffrey White
91bef02257 CPP: Add a 1.21 CPP change notes file (couldn't find the templates). 2019-03-20 15:48:00 +00:00
Geoffrey White
faeb326bf8 CPP: Use newer dataflow for the fix. 2019-03-20 15:47:48 +00:00
Geoffrey White
7d8886e30c CPP: Fix over-enthusiastic dataflow in allocExprOrIndirect. 2019-03-20 15:40:02 +00:00
Geoffrey White
ea7e8927fe CPP: Add a test similar to the false positive in arvidn/libtorrent. 2019-03-20 15:35:58 +00:00
Tom Hvitved
414b7243c2 C#: More performance tweaks 2019-03-20 15:43:38 +01:00
Taus Brock-Nannestad
a6708572c0 Python: Copy query suites from python2 to python. 2019-03-20 15:33:54 +01:00
Asger F
5768d85c7b TS: fix trap test output 2019-03-20 12:46:52 +00:00
Geoffrey White
8a693699fc Merge pull request #1139 from jbj/return-stack-allocated-typo 
C++: Fix typo in ReturnStackAllocatedMemory.ql
 2019-03-20 11:36:12 +00:00
Jonas Jensen
401b5648be C++: Fix typo in ReturnStackAllocatedMemory.ql 2019-03-20 11:27:34 +01:00
Asger F
8201e7ea27 TS: update trap test output 2019-03-20 10:23:28 +00:00
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
zlaski-semmle
241994d1f8 Merge pull request #1107 from zlaski-semmle/cpp355 
Updated query to look for Microsoft-specific '_alloca' and '_malloca'
Merge to Semmle/ql:master.
 2019-03-19 13:40:27 -07:00
Ziemowit Laski
09e729ff59 Turns out that '__builtin_alloca' takes 'unsigned long', not 'unsigned long long'; rename some parameters to align with C11 standard. 2019-03-19 13:27:14 -07:00
Ziemowit Laski
11ed4f3312 Change __builtin_alloca declaration to use an unsigned long long parameter. 2019-03-19 13:12:29 -07:00
Ziemowit Laski
ff3430d8d0 Use '// GOOD' and '// BAD' annotations for query diagnostics. 2019-03-19 12:29:38 -07:00
Max Schaefer
b211a54181 Merge pull request #1132 from xiemaisi/mergeback-2019-03-19 
Merge rc/1.20 into master
 2019-03-19 17:28:52 +00:00
Max Schaefer
23d77f3e6a Merge pull request #1130 from felicity-semmle/1.20/javascript-extractor 
1.20: Update JavaScript extraction notes and supported versions
 2019-03-19 17:09:05 +00:00
Mark Shannon
29c4e274e1 Merge pull request #1127 from felicity-semmle/1.20/python-change-notes 
1.20: finalize python change notes
 2019-03-19 16:53:59 +00:00