hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 01:39:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,498 Commits 1,754 Branches 167 Tags
46fc91315be45c5d290cd9ea6c576e814be9cc7a
Commit Graph

11498 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
46fc91315b Java/C++/C#: Revert the join order fix from #2872 
This revert brings back the performance problems in
`DataFlowImplLocal.qll` so they can be fixed in a different way. The fix
in #2872 was asymptotically good but had undesired overhead because it
introduced another predicate in the SCC that existed purely for join
ordering.

I did the revert by inlining the helper predicate, eliminating the
`enclosing` variable, and re-ordering the resulting lines to what they
were before #2872.
 2020-04-06 10:04:50 +02:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Rasmus Wriedt Larsen
4ce3d5b748 Merge pull request #3040 from BekaValentine/python-objectapi-to-valueapi-iterreturnsnonself 
Python: ObjectAPI to ValueAPI: IterReturnsNonSelf
 2020-04-06 09:37:40 +02:00
Rebecca Valentine
be86c9c066 Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: ObjectAPI.qll: Explains why getAnInferredReturnType is weird for builtins 2020-04-03 15:16:16 -07:00
Rebecca Valentine
64b17888e5 Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: ObjectAPI.qll: Reorganizes getAnInferredReturnType() 2020-04-03 15:14:25 -07:00
Robert Marsh
316d932829 Merge pull request #3198 from MathiasVP/valuenumbering-provider-new-file 
C++/C#: Prevent accidental import of ValueNumberPropertyProvider
 2020-04-03 13:31:11 -07:00
semmle-qlci
a8098a2b2d Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
semmle-qlci
676da02118 Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Mathias Vorreiter Pedersen
c54cddead1 C++: Include PrintValueNumbering in testcase 2020-04-03 12:42:06 +02:00
Jonas Jensen
16c7a35b1c Merge pull request #3195 from geoffw0/taintstring 
C++: Model taint flow through std::string constructor and c_str()
 2020-04-03 12:05:07 +02:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
semmle-qlci
dc774e0eac Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00
Geoffrey White
73bfd819d9 C++: Rename classes. 2020-04-03 09:23:31 +01:00
Geoffrey White
1bcf187c3e C++: Rename Strings.qll -> StdString.qll. 2020-04-03 09:17:33 +01:00
Mathias Vorreiter Pedersen
1e73528102 C++/C#: Add synchronization 2020-04-03 10:08:00 +02:00
Mathias Vorreiter Pedersen
0b12c1519b C++/C#: Sync identical files 2020-04-03 10:06:37 +02:00
Mathias Vorreiter Pedersen
0f70944a5b C++: Move ValueNumberPropertyProvider into its own file to prevent accidental imports 2020-04-03 09:55:41 +02:00
Erik Krogh Kristensen
e46cde17a1 add a "../" removing taint-step for js/path-injection 2020-04-03 09:42:05 +02:00
Geoffrey White
c9ec30fa2a C++: Update use of deprecated methods. 2020-04-02 19:49:42 +01:00
Geoffrey White
e9132d833c C++: Autoformat. 2020-04-02 19:49:42 +01:00
Geoffrey White
ab716ebe75 C++: Change note. 2020-04-02 19:49:42 +01:00
Geoffrey White
73171682b7 C++: Switch to taint flow as suggested in the old PR. 2020-04-02 19:49:41 +01:00
Geoffrey White
b14b52d0ac C++: Add models for std::string (as in old PR). 2020-04-02 19:49:41 +01:00
Geoffrey White
69f6790c83 C++: Add a test of taint through std::strings, based on the one in the old PR. 2020-04-02 19:49:31 +01:00
Rebecca Valentine
712fb8badc Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: Autoformats 2020-04-02 09:19:41 -07:00
Rebecca Valentine
cdda80623d Merge branch 'master' into python-objectapi-to-valueapi-iterreturnsnonself 2020-04-02 09:16:23 -07:00
Jonas Jensen
604731ba6b Merge pull request #3171 from MathiasVP/init-dynamic-alloc-newexpr 
C++: Emit InitializeDynamicAllocation instructions for NewExpr and NewArrayExpr
 2020-04-02 17:37:05 +02:00
Mathias Vorreiter Pedersen
e2908eaf63 C++: Add comment explaining why we can split call and allocation side effects 2020-04-02 15:11:13 +02:00
Mathias Vorreiter Pedersen
a273917e51 Merge branch 'master' into init-dynamic-alloc-newexpr 2020-04-02 14:11:03 +02:00
Jonas Jensen
4825774ce2 Merge pull request #3173 from geoffw0/opnew 
C++: Support operator new and operator delete in models library
 2020-04-02 14:01:10 +02:00
Anders Schack-Mulligen
01157e43e3 Merge pull request #2899 from p-/cwe-036 
Java: Calling openStream on URLs created from remote source can lead to file disclosure
 2020-04-02 13:55:06 +02:00
semmle-qlci
6757924183 Merge pull request #3157 from tausbn/python-fix-analysis-qhelp-link 
Approved by felicitymay
 2020-04-02 11:43:15 +01:00
Asger Feldthaus
3a9d047cf5 JS: Ignore delete expressions in js/missing-await 2020-04-02 11:35:09 +01:00
Asger Feldthaus
ccce0205b4 JS: Add test 2020-04-02 11:34:07 +01:00
Taus
d540bf6ce5 Merge pull request #3039 from BekaValentine/python-objectapi-to-valueapi-returnvalueignored 
Python: ObjectAPI to ValueAPI: ReturnValueIgnored
 2020-04-02 11:42:01 +02:00
Geoffrey White
ead5feb921 C++: Autoformat. 2020-04-02 09:50:14 +01:00
semmle-qlci
32cf0f14dc Merge pull request #3179 from asger-semmle/js/underscore_int_literals 
Approved by erik-krogh
 2020-04-02 09:48:41 +01:00
Peter Stöckli
ca80bfda4f Fix tags 2020-04-02 07:43:55 +02:00
Mathias Vorreiter Pedersen
8fdc4b037a C++: Ensure that no call side effect is an allocation side effect 2020-04-02 07:30:56 +02:00
Robert Marsh
bbb69d524e Merge pull request #3188 from geoffw0/swap4 
C++: Add a user defined swap function to taint tests.
 2020-04-01 17:28:46 -07:00
Robert Marsh
8e89c379f5 Merge pull request #1319 from geoffw0/av114 
CPP: Improve locations for AV Rule 114.ql.
 2020-04-01 16:48:21 -07:00
Rebecca Valentine
cc53b15a5d Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Reorganizes predicates 2020-04-01 14:41:49 -07:00
Taus
bd41bb59ec Merge pull request #3032 from BekaValentine/python-objectapi-to-valueapi-signatureoverriddenmethod 
Python: ObjectAPI to ValueAPI: SignatureOverriddenMethod
 2020-04-01 23:03:27 +02:00
Rebecca Valentine
09349f1957 Python: ObjectAPI to ValueAPI: ReturnValueIgnored: Autoformats 2020-04-01 12:54:42 -07:00
Rebecca Valentine
28319ee0f7 Python: ObjectAPI to ValueAPI: SignatureOverriddenMethod: Autoformats 2020-04-01 12:32:21 -07:00
Geoffrey White
6b5f4d9e12 Merge branch 'master' into av114 2020-04-01 18:23:21 +01:00
Geoffrey White
7a98919879 C++: Add a non-standard swap to taint tests. 2020-04-01 17:14:38 +01:00
Peter Stöckli
36c351dc68 Add input from documentation review 2020-04-01 17:59:45 +02:00
Rebecca Valentine
838e37ca98 Python: ObjectAPI to ValueAPI: ReturnValueIgnore: Moves getAnInferredType to CallableObjectInternal 2020-04-01 08:45:27 -07:00