hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,989 Commits 1,723 Branches 164 Tags
6fbf4875247ef4c898bb5379e7be92091d41bb90
Commit Graph

3989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
semmle-qlci
17e8b64f59 Merge pull request #1131 from xiemaisi/js/simplify-flow-summary-queries 
Approved by asger-semmle
 2019-03-19 13:35:06 +00:00
semmle-qlci
6fdba626ad Merge pull request #1121 from jbj/return-stack-allocated-1.20-fixes 
Approved by geoffw0
 2019-03-19 13:28:55 +00:00
Jonas Jensen
a31794f20c Merge pull request #1129 from geoffw0/unusedstatic 
CPP: Add to UnusedStaticVariables tests.
 2019-03-19 14:16:30 +01:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jonas Jensen
111a462d16 C++: Recover some of the good results we lost 
My recent changes to suppress FPs in `ReturnStackAllocatedMemory.ql`
caused us to lose all results where there was a `Conversion` at the
initial address escape. We cannot handle conversions in general, but
this commit restores the good results for the trivial types of
conversion that we can handle.
 2019-03-19 11:09:58 +01:00
Jonas Jensen
d864df5b7f C++: Tests for new false negatives 2019-03-19 10:30:14 +01:00
yh-semmle
13cd7d0f15 Merge pull request #1122 from felicity-semmle/1.20/SD-3061-java-versions 
QL 1.20 docs: Be more explicit about Java versions supported
 2019-03-18 18:32:52 -04:00
yh-semmle
23f71714e5 Merge pull request #1117 from felicity-semmle/1.20/java-change-notes 
1.20: minor changes to java change notes
 2019-03-18 18:30:11 -04:00
ian-semmle
3f5c6b0032 Merge pull request #1123 from nickrolfe/tarballs 
C++: accept test output from changes to extractor TRAP ordering
 2019-03-18 17:31:17 +00:00
Geoffrey White
73b7b980c8 CPP: Add to UnusedStaticVariables tests. 2019-03-18 16:43:48 +00:00
Felicity Chapman
e05387f237 Correct information about build support 2019-03-18 15:44:47 +00:00
Felicity Chapman
e1a3fde52a Remove 'change details' for new query 2019-03-18 15:38:58 +00:00
Felicity Chapman
975605bfa9 Merge pull request #1125 from markshannon/python-taint-tracking-change-note 
Python: Add change note for new taint-tracking configuration API.
 2019-03-18 12:51:08 +00:00
Mark Shannon
33929ab01f Python: Add change note for new taint-tracking configuration API. Needs links to full documentation added. 2019-03-18 12:43:09 +00:00
Nick Rolfe
8e9aeffdbc C++: accept test output from changes to extractor TRAP ordering 2019-03-18 10:44:18 +00:00
Felicity Chapman
94f525ff72 Be more explicit about Java versions supported 2019-03-18 10:17:56 +00:00
semmle-qlci
285f8b06bd Merge pull request #1118 from jcreedcmu/jcreed/tarslip 
Approved by xiemaisi
 2019-03-18 08:18:13 +00:00
Jonas Jensen
6b1cd17009 C++: Fix FPs due to data flow Conversion handling 
Since we cannot track data flow from a fully-converted expression but
only the unconverted expression, we should check whether the address
initially escapes into the unconverted expression, not the
fully-converted one.

This fixes most of the false positives observed on lgtm.com.
 2019-03-16 20:50:27 +01:00
Jonas Jensen
1a7351ef6e C++: Add tests for three FPs observed on lgtm.com 2019-03-16 20:50:27 +01:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Calum Grant
5a3cf2c5bb Merge pull request #1054 from raulgarciamsft/users/raulga/ICryptoTransformLambda 
2n part of ICryptoTransform.
 2019-03-15 12:55:09 +00:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Jonas Jensen
690e2ae514 Merge pull request #1116 from rdmarsh2/rdmarsh/cpp/ir-guards-perf 
C++: fix cartesian product in IRGuards.qll
 2019-03-15 11:35:15 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Pavel Avgustinov
7386ca911b Merge pull request #763 from sjvs/patch-1 
Make licensing text in README.md more generic
 2019-03-15 09:02:08 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Felicity Chapman
ee9e083f2a Minor text changes to analysis notes 2019-03-15 08:03:27 +00:00
Robert Marsh
dfb7076fae C++: fix cartesian product in IRGuards.qll 2019-03-14 13:37:35 -07:00
Robin Neatherway
6453b05a41 Merge pull request #1087 from jf205/update-qhelp-style-guide 
Docs: mention lgtm in qhelp style guide
 2019-03-14 19:28:43 +00:00
Raul Garcia
110c75051c Update .gitignore 2019-03-14 11:04:03 -07:00
Raul Garcia
2521848322 Merging the scenarios. 2019-03-14 10:57:22 -07:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00
semmle-qlci
e648477d14 Merge pull request #1114 from xiemaisi/js/yield-import 
Approved by asger-semmle
 2019-03-14 16:48:04 +00:00
Calum Grant
0471471d46 Merge pull request #1109 from hvitved/csharp/conditional-bypass 
C#: Fix performance regression in `cs/user-controlled-bypass`
 2019-03-14 16:19:47 +00:00
Taus
95eb4cf90d Merge pull request #1089 from markshannon/python-fix-redundant-comparison-complex-test 
Fix false positive for redundant comparison query
 2019-03-14 17:12:44 +01:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
Esben Sparre Andreasen
bfc1c6ec8e JS: change notes 2019-03-14 14:53:26 +01:00
semmle-qlci
5d9d23ee71 Merge pull request #1110 from xiemaisi/js/yield-in-non-generator 
Approved by asger-semmle
 2019-03-14 11:59:43 +00:00
semmle-qlci
7513bcf7ec Merge pull request #1095 from xiemaisi/js/base64 
Approved by esben-semmle
 2019-03-14 11:58:50 +00:00
semmle-qlci
bd3792a49a Merge pull request #1108 from xiemaisi/js/make-zipslip-visible-by-default 
Approved by esben-semmle
 2019-03-14 11:58:00 +00:00
Max Schaefer
8e52528219 JavaScript: Refactor reachableFromInput to improve join. 2019-03-14 11:53:46 +00:00
Max Schaefer
993345fb7b JavaScript: Track Electron browser objects locally only. 2019-03-14 11:53:46 +00:00
Esben Sparre Andreasen
bd7eef08e8 JS: introduce CallToObjectDefineProperty::getAPropertyAttribute 2019-03-14 11:59:27 +01:00