hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 13:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,438 Commits 1,714 Branches 162 Tags
3d400cc57f246773ceccfb61bb80874278dccac6
Commit Graph

3438 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
Jonas Jensen
a9f8a53dac Merge pull request #972 from geoffw0/rtl 
CPP: Add support for the Rtl* functions in BufferAccess.ql
 2019-02-25 13:07:05 +01:00
semmle-qlci
c31ccbc114 Merge pull request #925 from asger-semmle/closure-reorg 
Approved by xiemaisi
 2019-02-25 12:02:00 +00:00
Geoffrey White
2ad0ac2c12 Merge pull request #974 from jbj/alloca-delete-precision 
C++: Remove @precision of AllocaInLoop.ql
 2019-02-25 11:48:56 +00:00
Jonas Jensen
2181bca389 C++: Remove @precision of AllocaInLoop.ql 
A PR check was failing because this query was enabled on LGTM but had no
qhelp. I'm removing the `@precision` for now to take it off LGTM, and
then we can add it back when it has qhelp, tests, and change note.
 2019-02-25 11:45:34 +01:00
semmle-qlci
014d4b9ed0 Merge pull request #934 from asger-semmle/module-import 
Approved by xiemaisi
 2019-02-25 09:46:52 +00:00
Esben Sparre Andreasen
c34fdda42a Merge pull request #937 from xiemaisi/js/e4x 
JavaScript: Add support for E4X.
 2019-02-25 10:22:30 +01:00
Max Schaefer
d4dbe3bfb6 JavaScript: Back out parsing of qualified XML identifiers. 
Their syntax conflicts with the proposed function-bind operator, which is more important to support.
 2019-02-24 21:30:59 +00:00
Max Schaefer
6a90459d6a JavaScript: Add upgrade script. 2019-02-24 21:06:29 +00:00
Max Schaefer
7491b5ea53 JavaScript: Add a comment. 2019-02-24 21:02:12 +00:00
Max Schaefer
f726125b71 JavaScript: Restrict E4X processing instruction disambiguation to the <?xml ...?> case. 2019-02-24 20:56:43 +00:00
Max Schaefer
5a775d9cc7 JavaScript: Add change note. 2019-02-24 20:45:41 +00:00
Max Schaefer
cc216ad250 JavaScript: Buffer recoverable syntax errors during speculative parsing. 
Analogous to how we buffer tokens, we need to delay reporting these errors until we have committed to a parse.
 2019-02-24 20:45:41 +00:00
Max Schaefer
c7e428eb27 JavaScript: Handle E4X/Flow lexical ambiguity. 2019-02-24 20:45:41 +00:00
Max Schaefer
d6deefed86 JavaScript: Accept CDATA in E4X content. 2019-02-24 20:45:41 +00:00
Max Schaefer
81b86d9a0f JavaScript: Skip XML processing instructions in E4X content. 2019-02-24 20:45:41 +00:00
Max Schaefer
be67d5129a JavaScript: Add QL library support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
5a89024507 JavaScript: Be more lenient about keywords used as identifiers. 2019-02-24 20:45:41 +00:00
Max Schaefer
dbbb961b48 JavaScript: Accept let expressions with an object literal as their body. 2019-02-24 20:45:41 +00:00
Max Schaefer
63ed569724 JavaScript: Recover from missing initializers in const/destructuring declarations. 2019-02-24 20:45:41 +00:00
Max Schaefer
fbf2774bb3 JavaScript: Accept expression-bodied function declarations in experimental mode. 2019-02-24 20:45:41 +00:00
Max Schaefer
a42bec7f44 JavaScript: Accept comments in E4X XML literals (but not in JSX HTML literals). 2019-02-24 20:45:41 +00:00
Max Schaefer
b2366c7a68 JavaScript: Refactor parsing of JSX element content. 2019-02-24 20:45:41 +00:00
Max Schaefer
88be67a4fc JavaScript: Add support for for-each-in comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
d3ae2954ff JavaScript: Add support for parsing postfix generator comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
bb93cef20a JavaScript: Refactor parsing of parenthesised expressions. 2019-02-24 20:45:41 +00:00
Max Schaefer
92c8501e67 JavaScript: Refactor parsing of generator/array comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
f3ea810c21 JavaScript: Add parser support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
1ad4867f2a JavaScript: Make parsing of decorators more restrictive. 
As per [the proposal](https://tc39.github.io/proposal-decorators/#sec-new-syntax), decorators can only contain identifiers or parenthesised expressions, optionally followed by property accesses and arguments.
 2019-02-24 20:45:41 +00:00
Max Schaefer
db9ac72e7a Merge pull request #957 from esben-semmle/js/another-autobinder-model 
JS: model one more 'autobind' for js/unbound-event-handler-receiver
 2019-02-22 20:58:17 +00:00
Max Schaefer
12ed2ca000 Merge pull request #958 from esben-semmle/js/improve-tainted-path 
JS: add taint steps for fs.realpath and fs.realpathSync
 2019-02-22 20:55:39 +00:00
Dave Bartolomeo
70bccf85fc Merge pull request #970 from jbj/ir-block-count 
C++: Use the cached getInstructionCount
 2019-02-22 10:19:39 -08:00
Tom Hvitved
116997cf85 Merge pull request #961 from calumgrant/cs/cve-2019-0657 
C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657
 2019-02-22 18:01:58 +01:00
Geoffrey White
315133bbb3 CPP: Change note. 2019-02-22 16:07:48 +00:00
Geoffrey White
dc0044288b CPP: Add support for some Rtl* functions in BufferAccess.qll. 2019-02-22 15:54:16 +00:00
Taus
89216208be Merge pull request #969 from markshannon/python-points-to-speed-up 
Python: Refactor three predicates to improve join-order.
 2019-02-22 15:27:02 +01:00
Calum Grant
cd721f38b8 Merge pull request #967 from hvitved/csharp/ssa/block-precedes-var 
C#: Use explict recursion in `blockPrecedesVar()`
 2019-02-22 14:08:26 +00:00
Calum Grant
e93140d136 Merge pull request #959 from hvitved/csharp/dispose-not-called-on-exc-performance 
C#: Improve performance of `cs/dispose-not-called-on-throw`
 2019-02-22 14:04:48 +00:00
Jonas Jensen
6777c8c13c C++: Use the cached getInstructionCount 
The object-oriented `IRBlock` interface was recomputing instruction
counts instead of using the cached count that had already been computed.
 2019-02-22 14:55:09 +01:00
Calum Grant
1386af46c1 Merge pull request #960 from hvitved/csharp/cache-get-arg 
C#: Cache `Call::getArgumentForParameter()`
 2019-02-22 12:39:55 +00:00
Mark Shannon
a1820fe4c3 Python: Refactor three predicates to improve join-order. 2019-02-22 11:48:39 +00:00
Geoffrey White
8302ac4644 Merge pull request #965 from evverx/alloca-in-a-loop 
CPP: add a query for catching alloca in a loop
 2019-02-22 11:44:59 +00:00
Taus
69270d0a4e Merge pull request #963 from markshannon/python-sanity-context-sensitive 
Python: Make points-to sanity check context sensitive.
 2019-02-22 11:50:48 +01:00
Jonas Jensen
21573d31f0 Merge pull request #966 from rdmarsh2/rdmarsh/cpp/ir-taint-tracking 
C++: IR-based taint tracking
 2019-02-22 09:16:31 +01:00
Robert Marsh
07cbbdaf9a C++: accept test output 2019-02-21 17:18:06 -08:00
Robert Marsh
aa97302671 make loads from tainted addresses tainted 2019-02-21 17:17:49 -08:00
Robert Marsh
9a9ec7bb17 C++: add IR-based taint tracking library 2019-02-21 17:09:09 -08:00
Robert Marsh
173ade1336 C++: add arithmetic/bitwise instruction classes 2019-02-21 17:09:08 -08:00
Jonas Jensen
7649e8758b Merge pull request #846 from geoffw0/returnstack 
CPP: Improve  ReturnStackAllocatedMemory.ql
 2019-02-21 22:04:53 +01:00
Robert Marsh
a0c12c46e5 Merge pull request #962 from jbj/IRGuards-cached 
C++: Reduce the IRGuards to two cached stages
 2019-02-21 10:50:19 -08:00