hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,548 Commits 1,683 Branches 158 Tags
750e9786f6e36a1d24288564402e5dffaab829fe
Commit Graph

9548 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
750e9786f6 add change note for EventEmitter 2020-01-22 10:31:38 +01:00
Erik Krogh Kristensen
86477a2249 changes based on review 2020-01-21 16:45:53 +01:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Erik Krogh Kristensen
4e880e2f96 implement SocketIO on top of the EventEmitter model 2020-01-16 11:02:36 +01:00
semmle-qlci
8128d23b6e Merge pull request #2505 from erik-krogh/EventEmitter 
Approved by esbena, max-schaefer
 2020-01-16 08:47:38 +00:00
semmle-qlci
18879386bf Merge pull request #2627 from asger-semmle/js-useless-expression-trycatch 
Approved by esbena
 2020-01-16 08:40:57 +00:00
Dave Bartolomeo
48301e1187 Merge pull request #2594 from rdmarsh2/ir-overlappingVariableMemoryLocations 
C++: compute overlap on irvars with vvar indexes
 2020-01-15 13:06:33 -07:00
Tom Hvitved
e5abaa79ae Merge pull request #2585 from calumgrant/cs/serialization-check-bypass 
C#: Improvements to cs/serialization-check-bypass
 2020-01-15 20:40:51 +01:00
Robert Marsh
a91f10fe40 Merge pull request #2629 from dbartol/dbartol/missing-vvars 
C++/C#: Fix missing virtual variables
 2020-01-15 08:32:43 -08:00
Calum Grant
6790028d4c C#: Use guards library 2020-01-15 15:46:19 +00:00
Asger Feldthaus
7141f15858 JS: Add change note 2020-01-15 11:49:57 +00:00
Asger Feldthaus
6d9306366c JS: ignore useless-expr in first stmt in try block 2020-01-15 11:49:23 +00:00
Tom Hvitved
f7278d36e1 Merge pull request #2498 from aschackmull/java/taint-getter 
Java/C++/C#: Add support for taint-getter/setter summaries in data flow.
 2020-01-15 09:55:19 +01:00
Dave Bartolomeo
e60f902c36 C++/C#: Fix missing virtual variables 
The aliased SSA code was assuming that, for every automatic variable, there would be at least one memory access that reads or writes the entire variable. We've encountered a couple cases where that isn't true due to extractor issues. As a workaround, we now always create the `VariableMemoryLocation` for every local variable.

I've also added a sanity test to detect this condition in the future.

Along the way, I had to fix a perf issue in the PrintIR code. When determining the ID of a result based on line number, we were considering all `Instruction`s generated for a particular line, regardless of whether they were all in the same `IRFunction`. In addition, the predicate had what appeared to be a bad join order that made it take forever on large snapshots. I've scoped it down to just consider `Instruction`s in the same function, and outlined that predicate to fix the join order issue. This causes some numbering changes, but they're for the better. I don't think there was actually any nondeterminism there before, but now the numbering won't depend on the number of instantiations of a template, either.
 2020-01-14 17:57:15 -07:00
Robert Marsh
42be28b211 C++: autoformat 2020-01-14 13:17:57 -08:00
Robert Marsh
5a5832b7de Merge pull request #2569 from jbj/ir-total-chi-flow 
C++: IR data flow through total chi operands
 2020-01-14 12:47:58 -08:00
semmle-qlci
3c4749be88 Merge pull request #2624 from asger-semmle/js-duplicate-alert-strict-mode 
Approved by max-schaefer
 2020-01-14 11:59:45 +00:00
Anders Schack-Mulligen
241b8a05e4 Java/C++/C#: Address review comment. 2020-01-14 11:59:55 +01:00
Tom Hvitved
5a4be67d81 Merge pull request #2597 from calumgrant/cs/multiline-alert-suppression 
C#: Alert suppression through single-line /* */ style comments
 2020-01-14 10:35:11 +01:00
Asger Feldthaus
73e60a7400 JS: Ignore strict-mode-call-stack-introspection for expr stmts 2020-01-13 16:03:03 +00:00
Anders Schack-Mulligen
041bcc5812 Java/C++/C#: Small perf improvement and simplification. 2020-01-13 17:00:56 +01:00
Jonas Jensen
b8ee5a63db Merge pull request #2614 from geoffw0/arithun 
CPP: Speed up ArithmeticUncontrolled.ql
 2020-01-13 15:25:12 +01:00
Jonas Jensen
3183893a98 Merge pull request #2530 from geoffw0/hiddenqueries2 
CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql.
 2020-01-13 15:23:55 +01:00
semmle-qlci
40de391490 Merge pull request #2616 from asger-semmle/promise-missing-await-change-note 
Approved by mchammer01
 2020-01-13 12:03:11 +00:00
Asger F
6c4da30a64 Update change-notes/1.24/analysis-javascript.md 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-01-13 11:05:03 +00:00
Anders Schack-Mulligen
183fd91a01 Merge pull request #2615 from yo-h/java-add-change-note 
Java: add change note for `java/maven/non-https-url`
 2020-01-13 09:54:48 +01:00
Erik Krogh Kristensen
1619a98bc8 make the default registration/dispatch extend DataFlow::InvokeNode 2020-01-10 17:40:16 +01:00
yo-h
bf8ef42c1a Java: add change note for java/maven/non-https-url 2020-01-10 11:03:48 -05:00
Taus
cfb84be7b1 Merge pull request #2540 from RasmusWL/python-modernise-variables-queries 
Python: modernise variables queries
 2020-01-10 14:45:12 +01:00
Geoffrey White
9176529799 Merge pull request #2599 from MathiasVP/assign-where-compare-meant-false-positives 
Assign where compare meant false positives
 2020-01-10 13:39:39 +00:00
Mathias Vorreiter Pedersen
111f1dbd19 Merge branch 'assign-where-compare-meant-false-positives' of github.com:MathiasVP/ql into assign-where-compare-meant-false-positives 2020-01-10 13:14:00 +01:00
Mathias Vorreiter Pedersen
f80c13abd7 C++: Fixed incorrect comments in testcases 2020-01-10 12:24:43 +01:00
Asger Feldthaus
18db551e10 JS: Add change note for js/missing-await 2020-01-10 11:10:57 +00:00
Mathias Vorreiter Pedersen
f181753c35 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:49:03 +01:00
Mathias Vorreiter Pedersen
21c99d1827 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:46:14 +01:00
Anders Schack-Mulligen
ad92d6fe0f Merge pull request #2607 from yo-h/java-alert-suppression-block-comment 
Java: allow single-line `/* ... */` comments for alert suppression
 2020-01-10 11:05:23 +01:00
yo-h
7ffa517803 Merge pull request #2584 from aschackmull/java/nonnull-final-field 
Java: Include non-null final fields in clearlyNotNull.
 2020-01-09 18:48:45 -05:00
Erik Krogh Kristensen
87bbbd643c changes based on review feedback 2020-01-09 16:18:32 +01:00
Erik Krogh Kristensen
af8b36b750 Merge remote-tracking branch 'upstream/master' into EventEmitter 2020-01-09 15:09:43 +01:00
Geoffrey White
1d615d311c CPP: Autoformat. 2020-01-09 13:48:58 +00:00
Geoffrey White
f6f7df4e8f CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql. 2020-01-09 13:48:13 +00:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
semmle-qlci
f1f69ef85d Merge pull request #2589 from esbena/js/ignore-duplicate-params-for-empty-functions 
Approved by erik-krogh
 2020-01-09 11:58:04 +00:00
Robert Marsh
9b361f1701 Merge pull request #2601 from dbartol/dbartol/OpcodeProperties 
C++: Consolidate opcode properties onto `Opcode` class
 2020-01-08 11:05:41 -08:00
Geoffrey White
cf5dd85944 Merge pull request #2577 from MathiasVP/multiplication-overflow-not-possible-due-to-type-width 
Multiplication overflow not possible due to type width
 2020-01-08 17:18:33 +00:00
shati-patel
ad0ad3a3e4 Merge pull request #2612 from jf205/recent-changes 
CodeQL docs: port recent fixes to rc/1.23
 2020-01-08 16:36:27 +00:00
james
2407eb103a docs: fix list 
(cherry picked from commit 618a3f91d8)
 2020-01-08 16:16:39 +00:00
Rasmus Wriedt Larsen
cdcca630f3 docs: remove extra comma in dataflow articles 
(cherry picked from commit e882060839)
 2020-01-08 16:16:39 +00:00
Rasmus Wriedt Larsen
24e551905e docs: Fix Python taint tracking links 
at some point we moved security/TaintTracking.qll to dataflow/TaintTracking.qll

(cherry picked from commit f44ce7d647)
 2020-01-08 16:16:39 +00:00
james
97d3d1fca3 docs: fix ast node link 
(cherry picked from commit cff5df0779)
 2020-01-08 16:16:39 +00:00