hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 13:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,001 Commits 1,714 Branches 162 Tags
5eb63ae0486c23fd9f2f06d6dfa313c8dc8b1a9e
Commit Graph

4001 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Geoffrey White
8a693699fc Merge pull request #1139 from jbj/return-stack-allocated-typo 
C++: Fix typo in ReturnStackAllocatedMemory.ql
 2019-03-20 11:36:12 +00:00
Jonas Jensen
401b5648be C++: Fix typo in ReturnStackAllocatedMemory.ql 2019-03-20 11:27:34 +01:00
zlaski-semmle
241994d1f8 Merge pull request #1107 from zlaski-semmle/cpp355 
Updated query to look for Microsoft-specific '_alloca' and '_malloca'
Merge to Semmle/ql:master.
 2019-03-19 13:40:27 -07:00
Ziemowit Laski
09e729ff59 Turns out that '__builtin_alloca' takes 'unsigned long', not 'unsigned long long'; rename some parameters to align with C11 standard. 2019-03-19 13:27:14 -07:00
Ziemowit Laski
11ed4f3312 Change __builtin_alloca declaration to use an unsigned long long parameter. 2019-03-19 13:12:29 -07:00
Ziemowit Laski
ff3430d8d0 Use '// GOOD' and '// BAD' annotations for query diagnostics. 2019-03-19 12:29:38 -07:00
Max Schaefer
b211a54181 Merge pull request #1132 from xiemaisi/mergeback-2019-03-19 
Merge rc/1.20 into master
 2019-03-19 17:28:52 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
semmle-qlci
17e8b64f59 Merge pull request #1131 from xiemaisi/js/simplify-flow-summary-queries 
Approved by asger-semmle
 2019-03-19 13:35:06 +00:00
semmle-qlci
6fdba626ad Merge pull request #1121 from jbj/return-stack-allocated-1.20-fixes 
Approved by geoffw0
 2019-03-19 13:28:55 +00:00
Jonas Jensen
a31794f20c Merge pull request #1129 from geoffw0/unusedstatic 
CPP: Add to UnusedStaticVariables tests.
 2019-03-19 14:16:30 +01:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jonas Jensen
111a462d16 C++: Recover some of the good results we lost 
My recent changes to suppress FPs in `ReturnStackAllocatedMemory.ql`
caused us to lose all results where there was a `Conversion` at the
initial address escape. We cannot handle conversions in general, but
this commit restores the good results for the trivial types of
conversion that we can handle.
 2019-03-19 11:09:58 +01:00
Jonas Jensen
d864df5b7f C++: Tests for new false negatives 2019-03-19 10:30:14 +01:00
yh-semmle
13cd7d0f15 Merge pull request #1122 from felicity-semmle/1.20/SD-3061-java-versions 
QL 1.20 docs: Be more explicit about Java versions supported
 2019-03-18 18:32:52 -04:00
yh-semmle
23f71714e5 Merge pull request #1117 from felicity-semmle/1.20/java-change-notes 
1.20: minor changes to java change notes
 2019-03-18 18:30:11 -04:00
Ziemowit Laski
566fdc3f70 Change names of parameters to memcpy(), as per Geoff. 2019-03-18 11:15:43 -07:00
ian-semmle
3f5c6b0032 Merge pull request #1123 from nickrolfe/tarballs 
C++: accept test output from changes to extractor TRAP ordering
 2019-03-18 17:31:17 +00:00
Geoffrey White
73b7b980c8 CPP: Add to UnusedStaticVariables tests. 2019-03-18 16:43:48 +00:00
Felicity Chapman
e05387f237 Correct information about build support 2019-03-18 15:44:47 +00:00
Felicity Chapman
e1a3fde52a Remove 'change details' for new query 2019-03-18 15:38:58 +00:00
Felicity Chapman
975605bfa9 Merge pull request #1125 from markshannon/python-taint-tracking-change-note 
Python: Add change note for new taint-tracking configuration API.
 2019-03-18 12:51:08 +00:00
Mark Shannon
33929ab01f Python: Add change note for new taint-tracking configuration API. Needs links to full documentation added. 2019-03-18 12:43:09 +00:00
Nick Rolfe
8e9aeffdbc C++: accept test output from changes to extractor TRAP ordering 2019-03-18 10:44:18 +00:00
Felicity Chapman
94f525ff72 Be more explicit about Java versions supported 2019-03-18 10:17:56 +00:00
semmle-qlci
285f8b06bd Merge pull request #1118 from jcreedcmu/jcreed/tarslip 
Approved by xiemaisi
 2019-03-18 08:18:13 +00:00
Jonas Jensen
6b1cd17009 C++: Fix FPs due to data flow Conversion handling 
Since we cannot track data flow from a fully-converted expression but
only the unconverted expression, we should check whether the address
initially escapes into the unconverted expression, not the
fully-converted one.

This fixes most of the false positives observed on lgtm.com.
 2019-03-16 20:50:27 +01:00
Jonas Jensen
1a7351ef6e C++: Add tests for three FPs observed on lgtm.com 2019-03-16 20:50:27 +01:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Calum Grant
5a3cf2c5bb Merge pull request #1054 from raulgarciamsft/users/raulga/ICryptoTransformLambda 
2n part of ICryptoTransform.
 2019-03-15 12:55:09 +00:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Jonas Jensen
690e2ae514 Merge pull request #1116 from rdmarsh2/rdmarsh/cpp/ir-guards-perf 
C++: fix cartesian product in IRGuards.qll
 2019-03-15 11:35:15 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Pavel Avgustinov
7386ca911b Merge pull request #763 from sjvs/patch-1 
Make licensing text in README.md more generic
 2019-03-15 09:02:08 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Felicity Chapman
ee9e083f2a Minor text changes to analysis notes 2019-03-15 08:03:27 +00:00
Robert Marsh
dfb7076fae C++: fix cartesian product in IRGuards.qll 2019-03-14 13:37:35 -07:00
Robin Neatherway
6453b05a41 Merge pull request #1087 from jf205/update-qhelp-style-guide 
Docs: mention lgtm in qhelp style guide
 2019-03-14 19:28:43 +00:00
Ziemowit Laski
2d5bdc85b0 Add 'restrict' support to the C++ test cases. 2019-03-14 12:12:45 -07:00
Raul Garcia
110c75051c Update .gitignore 2019-03-14 11:04:03 -07:00
Raul Garcia
2521848322 Merging the scenarios. 2019-03-14 10:57:22 -07:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00