hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-15 20:16:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,403 Commits 1,708 Branches 162 Tags
629c19e7191be5aea9d2f490dabb92cf93877703
Commit Graph

6403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
629c19e719 Java: Autoformat. 2019-08-21 14:38:17 +02:00
zlaski-semmle
c2d1a52b39 Merge pull request #1732 from geoffw0/qldoceg6 
CPP: Add syntax examples to QLDoc in Block.qll, Stmt.qll
 2019-08-20 16:34:35 -07:00
Anders Schack-Mulligen
9150682ada Merge pull request #1757 from jbj/pyrameterized-taint 
C++: Use pyrameterized modules for TaintTracking
 2019-08-20 16:33:22 +02:00
Calum Grant
35017786cf Merge pull request #1739 from hvitved/csharp/ssa/delegate-call-source 
C#: Search from delegate creation in `delegateCallSource()`
 2019-08-20 15:16:20 +01:00
Jonas Jensen
7c4938c035 C#: Get rid of TaintTrackingUtil.qll 2019-08-20 13:56:13 +02:00
Jonas Jensen
bc702debf9 C++/Java: Change notes for Configuration2 rename 2019-08-20 13:46:04 +02:00
Jonas Jensen
11583b69e0 C#: Use pyrameterized modules for TaintTracking 
To keep the code changes minimal, and to keep the implementation similar
to C++ and Java, the `TaintTracking{Public,Private}` files are now
imported together through `TaintTrackingUtil`. This has the side effect
of exposing `localAdditionalTaintStep`. The corresponding predicate for
Java was already exposed.
 2019-08-20 13:45:38 +02:00
Jonas Jensen
f1e6e36ce6 Java: Remove wrong definition of taint tracking 
This explanation, taken from C/C++, was not correct for Java.
 2019-08-20 13:45:38 +02:00
Jonas Jensen
9ac0cdd2a2 Java: Don't use the deprecated Configuration2 2019-08-20 13:45:37 +02:00
Jonas Jensen
aeb2323128 Java: Use pyrameterized modules for TaintTracking 2019-08-20 13:45:37 +02:00
Jonas Jensen
d65b09d94a C++: Proper fix for TaintTracking2 parameter 2019-08-20 13:45:37 +02:00
Jonas Jensen
b1cd64bbf4 C++: Fix mismatch between taint and dataflow copy 2019-08-20 13:45:37 +02:00
Jonas Jensen
d388be7d3b C++: Use pyrameterized modules for TaintTracking 2019-08-20 13:45:37 +02:00
semmle-qlci
7698240484 Merge pull request #1769 from asger-semmle/ts-rest-pattern-default 
Approved by esben-semmle
 2019-08-20 10:02:43 +01:00
Jonas Jensen
432b0a4698 Merge pull request #1766 from aschackmull/java/nested-storestep 
Java/C++/C#: Add field flow support for stores in nested fields.
 2019-08-20 10:06:19 +02:00
Asger F
75e85e4402 TS: Fix handling of erroneous rest pattern with default 2019-08-19 17:34:45 +01:00
Taus
b33e9f229b Merge pull request #1767 from markshannon/temporary-test-removal 
Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass
 2019-08-19 18:06:19 +02:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
Geoffrey White
4ea999872b Merge pull request #1746 from jbj/ast-field-flow-ctor 
C++: Field flow through ConstructorFieldInit
 2019-08-19 09:14:02 +01:00
Anders Schack-Mulligen
4dc460bba9 Merge pull request #1764 from yh-semmle/java-vcs-remove 
Java: remove unused VCS relations, library and queries
 2019-08-19 10:04:01 +02:00
zlaski-semmle
ce71b45649 Zlaski/cpp386a (#1753) 
* [CPP-386] Cumulative patch.

* Restore dataflow libraries clobbered by my last commit.
 2019-08-19 10:03:18 +02:00
yh-semmle
7bfed6e517 Java: add change note for VCS.qll removal 2019-08-18 15:37:25 -04:00
yh-semmle
73d8e16cd0 Java: remove obsolete VCS.qll and associated queries 2019-08-18 14:53:46 -04:00
yh-semmle
8cada4b154 Merge pull request #1758 from aschackmull/java/silly-dataflow-perf-fix 
Java: Improve performance in all dataflow queries.
 2019-08-16 21:21:10 -04:00
Geoffrey White
9b9986be58 Merge pull request #1762 from jbj/ast-field-flow-LambdaExpression 
C++: Support flow through LambdaExpression
 2019-08-16 16:45:59 +01:00
Jonas Jensen
84adeda167 C++: Support flow through LambdaExpression 
I've checked with a temporary workaround for the locations problem that
my annotations in the test cpp files are on the correct lines.
 2019-08-16 16:20:22 +02:00
Anders Schack-Mulligen
9e4f2f8594 Java: Don't use default dataflow in libs imported by default. 2019-08-16 13:27:53 +02:00
Calum Grant
0df9a625ba Merge pull request #1717 from hvitved/csharp/ssa/adjacent-perf 
C#: Improve performance of SSA adjacent reads calculation
 2019-08-16 12:11:57 +01:00
Calum Grant
b28241ac6d Merge pull request #1741 from hvitved/csharp/extract-field-inits 
C#: Extract assignments for field/property initializers
 2019-08-16 11:51:37 +01:00
Taus
a6db9efd0c Merge pull request #1756 from markshannon/python-forward-compatible-taint-api 
Python points-to: add .getAstNode() method to TaintedNode
 2019-08-16 12:34:08 +02:00
Geoffrey White
eb39346d85 Merge pull request #1744 from jbj/ast-field-flow-aggregate-init 
C++: Field flow through ClassAggregateLiteral
 2019-08-16 09:56:11 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
jf205
eead7f6106 Merge pull request #1610 from xiemaisi/js/library-customizations 
JavaScript: Start documenting extension points provided by the standard library.
 2019-08-16 09:49:57 +01:00
Jonas Jensen
ee8c0cb29a C++: Support member initializer lists > 1000 items 2019-08-16 09:36:34 +02:00
Max Schaefer
50b1ddfef8 JavaScript: Apply suggestions from code review 
Co-Authored-By: jf205 <42464962+jf205@users.noreply.github.com>
 2019-08-16 08:26:39 +01:00
Jonas Jensen
503cbf13bb C++: Flow from parameters to ConstructorFieldInit 
Because `ConstructorFieldInit` (member initializer lists) are not part
of the control flow graph, there was no data flow from the initial value
of parameters to their uses in member initializers. This commit adds the
necessary flow under the assumption that parameters are not overwritten
in member initializers.
 2019-08-16 09:10:31 +02:00
Jonas Jensen
45eefdb218 C++: Field flow through ConstructorFieldInit 
This allows a member initializer list to be seen as a sequence of field
assignments. For example, the constructor

    C() : a(taint()) { }

now has data flow similar to

    C() { this.a = taint(); }
 2019-08-16 09:10:17 +02:00
Jonas Jensen
1be2380511 C++: Rephrase ThisFlow to get space for ctor inits 2019-08-16 08:46:11 +02:00
Jonas Jensen
f3f89ffe3f Merge pull request #1742 from geoffw0/lambdataint 
CPP: Tests for taint through lambdas
 2019-08-16 08:45:14 +02:00
Geoffrey White
a6902bdb37 CPP: Test dataflow through lambdas. 2019-08-15 19:43:24 +01:00
Dave Bartolomeo
f1bbc9bb7e Merge pull request #1745 from jbj/ast-field-flow-ABC 
C++: Annotate field-flow tests in [ABC].cpp
 2019-08-15 09:13:26 -07:00
Dave Bartolomeo
230ff92c03 Merge pull request #1743 from nickrolfe/hmap 
C++: delete headermaps test
 2019-08-15 09:01:23 -07:00
Tom Hvitved
495e5bc628 C#: Extract assignments for field/property initializers 2019-08-15 16:18:23 +02:00
Max Schaefer
e92a1c3169 JavaScript: Apply suggestions from code review 
Co-Authored-By: jf205 <42464962+jf205@users.noreply.github.com>
 2019-08-15 14:46:07 +01:00
Geoffrey White
1bd4aeebad CPP: Effects of #1715. 2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640 CPP: Test taint through lambdas. 2019-08-15 14:00:45 +01:00
Geoffrey White
b6cf341124 Merge pull request #1715 from jbj/ast-field-flow 
C++: Initial AST-based flow through fields
 2019-08-15 13:38:58 +01:00
Taus
f5bc8b5b5f Merge pull request #1728 from markshannon/python-points-to-support-type-checking 
Python: Enhance points-to to support type-hint analysis.
 2019-08-15 14:17:53 +02:00
Nick Rolfe
c26aef2381 C++: delete headermaps test 2019-08-15 12:39:58 +01:00