hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,700 Commits 1,714 Branches 163 Tags
4e0dfce427df8e6564d2b771b01dda7205388d2f
Commit Graph

8700 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
4e0dfce427 JS: cache charpred for NodeJS::Require 2019-11-28 08:10:25 +01:00
Esben Sparre Andreasen
d909653a6b JS: simplify charpred for NodeJS::Require 2019-11-28 08:10:25 +01:00
Felicity Chapman
eaf68e86e0 Merge pull request #2443 from tausbn/python-finalise-change-notes 
Python: Update change note for 1.23.
 2019-11-27 11:51:04 +00:00
Taus Brock-Nannestad
b503cdb9d4 Python: Final change note fixes. 
- `false positives` becomes `false positive results`
- Items are listed alphabetically.
- Query IDs are listed.

Also, some of the queries had the wrong name (query message rather than the
actual query name). These have been fixed.
 2019-11-27 12:10:28 +01:00
Taus
8372039205 Apply suggestions from documentation review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-27 11:50:37 +01:00
Anders Schack-Mulligen
42b51d4ebb Merge pull request #2449 from felicitymay/1.23/SD-4095-finalize-change-notes-java2 
Update data-flow note to match that for C/C++
 2019-11-27 08:50:31 +01:00
semmle-qlci
380a5fc166 Merge pull request #2444 from esbena/js/flow-spread-prop-types 
Approved by max-schaefer
 2019-11-26 22:42:23 +00:00
Felicity Chapman
403565bb06 Update data-flow note to match that for C/C++ 2019-11-26 18:07:51 +00:00
Jonas Jensen
95bceae915 Merge pull request #2434 from felicitymay/1.23/SD-4095-finalize-change-notes-cpp 
1.23: SD-4095 finalize change notes for C/C++
 2019-11-26 18:56:22 +01:00
Felicity Chapman
4f6660887c Update shared data-flow note for feedback 2019-11-26 16:41:30 +00:00
Taus
e585f1ba85 Merge pull request #1332 from lcartey/python/change-kind 
Python: Update filter queries to have appropriate kind
 2019-11-26 17:15:38 +01:00
Esben Sparre Andreasen
9ffe03bcce JS: support additional Flow syntax: ... in object types 2019-11-26 15:24:27 +01:00
Taus Brock-Nannestad
35e3e3d2a1 Python: Update change note for 1.23. 2019-11-26 13:58:22 +01:00
semmle-qlci
3d5d178b19 Merge pull request #2439 from erik-krogh/useOfReturnlessFunctionHotfix 
Approved by max-schaefer
 2019-11-26 11:56:57 +00:00
Erik Krogh Kristensen
fed2675f76 remove FP in use-of-returnless-function FP related to calls to super() 2019-11-26 10:17:04 +01:00
Erik Krogh Kristensen
89dac23969 remove 3 FP sources from use-of-returnless-function 2019-11-26 10:16:18 +01:00
yo-h
1a07f215ad Merge pull request #2436 from felicitymay/1.23/SD-4095-finalize-change-notes-java 
1.23: SD-4095 finalize change notes for Java
 2019-11-25 18:19:25 -05:00
Felicity Chapman
87fca1fde6 Remove backticks from 'struct' 2019-11-25 15:56:29 +00:00
Felicity Chapman
49bdf7ed1c Fix table sort order 2019-11-25 15:36:58 +00:00
Felicity Chapman
f75b61e2f0 Minor text changes 2019-11-25 15:36:37 +00:00
Felicity Chapman
f5bf877671 Fix table sort order 2019-11-25 15:18:30 +00:00
Felicity Chapman
dc258f13e3 Minor text changes 2019-11-25 15:17:02 +00:00
Geoffrey White
1d26d4c5e4 Merge pull request #2404 from jbj/signed-overflow-macro 
C++: Fix SignedOverflowCheck.ql performance
 2019-11-25 15:15:57 +00:00
Dave Bartolomeo
4a21123107 Merge pull request #2427 from jbj/comparison-with-wider-type-notc 
C++: Stricter loop-variant check
 2019-11-25 07:38:02 -07:00
shati-patel
9b5437c91e Merge pull request #2318 from rdmarsh2/rdmarsh/docs/cpp/taint-tracking-sanitizer-example 
C++/Docs: add example based on NtohlArrayNoBound
 2019-11-25 12:24:01 +00:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Jonas Jensen
eb0b0d1e7f C++: Fix remaining FP on MAME 
This should fix a FP in libretro/mame2003-plus-libretro.
 2019-11-22 16:05:17 +01:00
Geoffrey White
9471134064 Merge pull request #2417 from jbj/enclosing-reeval 
C++: Prevent cached stages from being re-evaluated
 2019-11-22 09:55:01 +00:00
Jonas Jensen
bd4fa10ffb C++: Tie macro exclusion to <, not + 
This fixes a failing qltest and makes the exclusion similar to what's in
`PointerOverflow.ql`. It's possible we should exclude based on both `+`
and `<`, but we can revisit that if false positives show up.
 2019-11-22 09:20:00 +01:00
Jonas Jensen
ca1b91aab2 Merge pull request #2414 from dbartol/dbartol/FixWarnings 
C++/C#: Fix QL compilation warnings/errors
 2019-11-22 09:14:33 +01:00
Jonas Jensen
0e4ed1cbbf C++: Prevent cached stages from being re-evaluated 
Before this change, evaluating `cpp/constant-comparison` followed by
`cpp/signed-overflow-check` would result in re-evaluation of almost all
the cached stages they share: CFG, basic blocks, SSA, and range
analysis. The same effect could be seen on `cpp/bad-strncpy-size`, which
also uses the GVN library.
 2019-11-22 08:45:49 +01:00
Robert Marsh
a5e6b83dbd Merge pull request #2400 from jbj/1.23-changenote 
C++: Tweak 1.23 change note
 2019-11-21 13:53:28 -08:00
Dave Bartolomeo
fb67d3eae4 C++: Fix override errors in MagicDraw.qll 2019-11-21 13:18:45 -07:00
Dave Bartolomeo
27cc6b1e4f C++/C#: Fix compilation error in PrintSSA.qll 
We were privately importing `semmle.code.<lang>.ir.internal.Overlap`, but `PrintSSA.qll` was depending on it being public. This is made a little more complicated by the presence of cross-langage pyrameterized modules.
 2019-11-21 13:18:25 -07:00
James Fletcher
0b274e5b23 Merge pull request #2386 from shati-patel/docs/demos 
QL docs: Update links to blog/demos
 2019-11-21 13:53:05 +00:00
Jonas Jensen
f98cd673fd C++: Autoformat 2019-11-21 14:02:53 +01:00
Jonas Jensen
7f26f078eb C++: Fix isFromMacroDefinition join order 
This fixes the performance of `SignedOverflowCheck.ql` on
jluttine/suitesparse.
 2019-11-21 11:01:50 +01:00
Jonas Jensen
82499b035b C++: Use isFromMacroDefinition for exclusion 
The `SignedOverflowCheck.ql` query was very slow on certain snapshots
(jluttine/suitesparse and Chromium) due to bad magic in
`MacroInvocation::getAnAffectedElement_dispred#fb`. This commit doesn't
fix the bad magic but changes the exclusion mechanism to use a predicate
where we can better control the magic and optimization.

The query should also give more good results due to this new exclusion
mechanism, which is the same one used in its sibling,
`PointerOverflow.ql`.
 2019-11-21 10:40:36 +01:00
Robert Marsh
15f50e6a38 Update docs/language/learn-ql/cpp/dataflow.rst 
Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-20 15:44:29 -08:00
Jonas Jensen
6616eb852e C++: Mention flow through fields 2019-11-20 16:25:13 +01:00
Jonas Jensen
4ad8995440 C++: Group all the 1.23 data flow changes 2019-11-20 15:34:49 +01:00
Jonas Jensen
a48f347db9 C++: Don't mention predicate hasStdName 
This predicate was removed before #1585 was merged, but we forgot to
remove it from the change note.
 2019-11-20 15:33:32 +01:00
Robert Marsh
53709deb9d Merge pull request #2342 from jbj/overflow-doc-fixes 
C++: Signed Overflow Check qhelp improvements
 2019-11-19 15:37:52 -08:00
Shati Patel
49c2398bda QL docs: Update links to blog/demos 2019-11-19 15:06:26 +00:00
Jonas Jensen
466f7fe6b2 C++: Use <ol> for recommendations 2019-11-19 12:57:02 +01:00
James Fletcher
c73ae5399d Merge pull request #2380 from shati-patel/docs/blog-links 
Docs: Update links from blog to security lab
 2019-11-19 11:09:13 +00:00
Shati Patel
820a11294d Docs: Update links from blog to security lab 2019-11-19 10:54:19 +00:00
yh-semmle
3d837542e8 Merge pull request #2373 from aschackmull/java/changenote-update 
Java: Update change note to cover #2304 and #2346.
 2019-11-18 12:14:07 -05:00
James Fletcher
e6574cc259 Merge pull request #2370 from shati-patel/docs/readme 
Docs: Update readme in docs folder (cherry-pick from master)
 2019-11-18 12:29:41 +00:00
Anders Schack-Mulligen
645cc99383 Java: Update change note to cover #2304 and #2346. 2019-11-18 13:26:50 +01:00