hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,687 Commits 1,703 Branches 162 Tags
2ffcf952ae76f0ce923ef72a77e7a7e311f8a999
Commit Graph

11687 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Fletcher
2ffcf952ae Apply suggestions from code review 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-04-08 12:28:01 +01:00
james
6a1b11f9d1 docs: further updates to learn-codeql project 2020-04-08 11:59:40 +01:00
Mathias Vorreiter Pedersen
b2759877cc Merge pull request #3219 from jbj/DefaultTaintTracking-partial-no-structs 
C++: Avoid partial chi flow to struct/class
 2020-04-08 12:31:53 +02:00
Shati Patel
fa6705aeb6 Merge pull request #3228 from shati-patel/docs-qhelp 
Docs: Change "Qhelp" to "Query help"
 2020-04-08 11:26:26 +01:00
Shati Patel
92aee59ca5 Change "Qhelp" to "Query help" 2020-04-08 10:43:40 +01:00
Jonas Jensen
6726a23c31 Merge pull request #3221 from disconnect3d/patch-1 
Fix missing colon in ReturnConstTypeMember.cpp
 2020-04-08 11:22:31 +02:00
James Fletcher
d055e666f7 Merge pull request #3225 from jf205/merge-docs-preparation-master 
CodeQL docs: Merge `docs-preparation` into `master`
 2020-04-08 09:50:54 +01:00
James Fletcher
7bf0d3d10a Update docs/language/learn-ql/writing-queries/introduction-to-queries.rst 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-04-08 09:38:18 +01:00
Rasmus Wriedt Larsen
004523ad50 Merge pull request #3222 from BekaValentine/python-objectapi-to-valueapi-overlycomplexdelmethod 
Python: ObjectAPI to ValueAPI: OverlyComplexDelMethod
 2020-04-08 09:28:04 +02:00
james
407e91ce75 Merge branch 'docs-preparation' into merge-docs-preparation-master 2020-04-08 08:24:17 +01:00
Jonas Jensen
42e9d1416b Merge pull request #3206 from geoffw0/newfreefix 
C++: Fix `cpp/new-free-mismatch` false positives
 2020-04-08 08:39:43 +02:00
Rebecca Valentine
c2443f2342 Python: ObjectAPI to ValueAPI: OverlyComplexDelMethod: Adds preliminary modernization 2020-04-07 21:31:35 -07:00
Disconnect3d
96a0bddcf6 Update ReturnConstTypeMember.cpp 2020-04-07 22:30:57 +02:00
Geoffrey White
7fedac3266 C++: Fix apparently noncritical typo. 2020-04-07 20:56:07 +01:00
Geoffrey White
50194f372b C++: Autoformat. 2020-04-07 20:54:54 +01:00
Jonas Jensen
a0992aac93 Merge pull request #3062 from geoffw0/alloc-size 
C++: Improve hasUpperBoundsCheck
 2020-04-07 19:31:04 +02:00
Geoffrey White
2686d9888c C++: Add QLDoc. 2020-04-07 18:12:24 +01:00
Geoffrey White
66a0b7884e Merge branch 'master' into alloc-size 2020-04-07 17:12:35 +01:00
Geoffrey White
ff39f714e8 C++: Autoformat. 2020-04-07 17:07:31 +01:00
Robert Marsh
0ccf39777c Merge pull request #3189 from jbj/DefaultTaintTracking-Configuration 
C++: Path explanations in DefaultTaintTracking
 2020-04-07 08:38:10 -07:00
Jonas Jensen
39911af56b C++: Avoid partial chi flow to struct/class 
Flow through partial chi-instruction operands was introduced to make
definition-by-reference work, but its implementation also allowed all
other partial writes to propagate. In particular, tainting a field would
taint the whole struct, which in turn led to taint propagating across
unrelated fields of a struct.

The security test `CWE-134/semmle/argv/argvLocal.c` shows that we also
want to propagate taint from an array element to the whole array, and it
also seems right to propagate taint from a union member to the whole
union.
 2020-04-07 16:24:24 +02:00
Mathias Vorreiter Pedersen
8928091dfb Merge pull request #3181 from jbj/DefaultTaintTracking-qldoc 
C++: QLDoc in DefaultTaintTracking
 2020-04-07 14:58:21 +02:00
Jonas Jensen
057155f28f Merge remote-tracking branch 'upstream/master' into DefaultTaintTracking-Configuration 2020-04-07 14:39:30 +02:00
Jonas Jensen
9a1c2d83af Merge pull request #3205 from Semmle/lic/MIT 
Relicense under MIT
 2020-04-07 13:24:12 +02:00
Pavel Avgustinov
6fc814632c Relicense under MIT 2020-04-07 12:03:26 +01:00
Tom Hvitved
6685a5ed4d Merge pull request #3136 from calumgrant/cs/buildless-extraction 
C#: Improvements to buildless extraction
 2020-04-07 08:52:00 +02:00
Tom Hvitved
bacb11a563 Merge pull request #3150 from calumgrant/cs/enable-nullability 
C#: Enable nullability for Autobuilder and Utils projects
 2020-04-07 08:51:43 +02:00
Jonas Jensen
db0d8bbb40 Merge pull request #3208 from geoffw0/issue44 
C++: Add test cases more similar to issues/44.
 2020-04-06 19:40:24 +02:00
Geoffrey White
d5accc70e1 C++: Add a test similar to issues/44. 2020-04-06 16:47:24 +01:00
Geoffrey White
a71ae2b468 C++: Consistent treatment of placement new. 2020-04-06 14:54:15 +01:00
Geoffrey White
492c5f367f C++: Simplify NewDelete.qll. 2020-04-06 14:54:15 +01:00
semmle-qlci
e5d3286ee9 Merge pull request #3183 from asger-semmle/js/bad-url-scheme-check 
Approved by esbena
 2020-04-06 14:53:15 +01:00
Geoffrey White
050e239507 C++: Change note. 2020-04-06 14:39:07 +01:00
Geoffrey White
cbe133d0e6 C++: Deprecate freeCall in the legacy wrapper Alloc.qll. 2020-04-06 14:32:49 +01:00
Geoffrey White
e223557201 C++: Wean NewDelete.qll off the legacy wrapper Alloc.qll. 2020-04-06 14:32:15 +01:00
Calum Grant
0d86866ba3 Merge pull request #3160 from hvitved/csharp/null-maybe-fp 
C#: Add false-positive test for NullMaybe.ql
 2020-04-06 14:30:31 +01:00
Geoffrey White
8059d69bbd C++: Model calls to operator new / delete for NewFreeMismatch.ql. 2020-04-06 14:27:05 +01:00
Geoffrey White
3e9f9645ae C++: Exclude calls to operator new / delete from NewFreeMismatch.ql. 2020-04-06 14:08:00 +01:00
Geoffrey White
97cdcbee63 C++: Test for NewFreeMismatch.ql with operator new / delete. 2020-04-06 13:57:28 +01:00
Calum Grant
6cce0de9b2 Merge pull request #3124 from hvitved/csharp/dataflow/sources-and-sinks 
C#: Introduce `RemoteFlowSink` class
 2020-04-06 12:36:14 +01:00
Asger Feldthaus
7da0345c6a JS: Autoformat 2020-04-06 12:30:04 +01:00
Asger Feldthaus
2c6beadf68 JS: Recognize more forms of scheme checks 2020-04-06 12:30:03 +01:00
James Fletcher
5034d40e64 Merge pull request #3203 from jf205/sd-55 
CodeQL support docs: combine table and footnotes into single snippet
 2020-04-06 09:52:02 +01:00
james
d2b0599b63 docs: combine table and footnotes 2020-04-06 09:27:30 +01:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Rasmus Wriedt Larsen
4ce3d5b748 Merge pull request #3040 from BekaValentine/python-objectapi-to-valueapi-iterreturnsnonself 
Python: ObjectAPI to ValueAPI: IterReturnsNonSelf
 2020-04-06 09:37:40 +02:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Jonas Jensen
530d4294b0 Merge remote-tracking branch 'upstream/master' into DefaultTaintTracking-Configuration 2020-04-05 07:27:07 +02:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
54a23a486a C++: Accept test changes for 108d5177b8 2020-04-04 16:46:59 +02:00