hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-07 11:40:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,597 Commits 1,676 Branches 157 Tags
92dbfb28588c6ef1b61aa3f02468782dd05fdcee
Commit Graph

9597 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
92dbfb2858 JS: Handle LGTM_WORKSPACE and fix emptiness check 2020-01-30 12:31:25 +00:00
Asger Feldthaus
141d4bfb70 TS: Handle multiple slashes in scope name 2020-01-30 12:28:16 +00:00
Asger Feldthaus
7fa0fea253 TS: Address comments in guessMainFile 2020-01-24 10:11:53 +00:00
Asger Feldthaus
1f647223e0 TS: Move definition of mainStr 2020-01-24 10:02:06 +00:00
Asger Feldthaus
9ed77585a7 Merge branch 'ts-monorepo-deps' of github.com:asger-semmle/ql into ts-monorepo-deps 2020-01-24 09:58:35 +00:00
Asger F
5448bffede Update javascript/extractor/lib/typescript/src/main.ts 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-24 09:58:27 +00:00
Asger Feldthaus
3ca5a3dbe4 TS: Document nodeModulesRex 2020-01-24 09:57:40 +00:00
Asger Feldthaus
804aef507f TS: Remove unneeded alias PackageLocationMap 2020-01-24 09:51:03 +00:00
Asger Feldthaus
542ce816dc TS: Simplify string equality check 2020-01-24 09:49:11 +00:00
Asger Feldthaus
fc04e06456 TS: Allow .js extensions in cross package imports 2020-01-24 09:48:43 +00:00
Asger Feldthaus
852b90a6c9 TS: Be compatible with odasa/qltest 2020-01-23 16:13:53 +00:00
Asger Feldthaus
dc30dcf1f8 TS: Only require SCRATCH_DIR when installing dependencies 2020-01-23 12:39:19 +00:00
Asger Feldthaus
7e8fb1428e TS: Support tsconfig.json extending from ./node_modules 2020-01-22 15:03:03 +00:00
Asger Feldthaus
5719b44fa5 TS: Add some documentation 2020-01-22 11:47:02 +00:00
Asger Feldthaus
a220268ad8 TS: Install deps under scratch dir 2020-01-22 11:47:02 +00:00
Asger Feldthaus
303bac9710 TS: Guess main file location 2020-01-22 11:25:24 +00:00
Asger Feldthaus
21eecc4c9c JS: Make return type class for installDependencies() 2020-01-22 10:52:38 +00:00
Asger Feldthaus
71b540755d TS: Print TypeScript semantic errors in log 2020-01-22 10:52:37 +00:00
Asger Feldthaus
dde0f868b3 TS: Handle monorepos by rewriting package.json 2020-01-22 10:52:37 +00:00
Jonas Jensen
53e10e4c7f Merge pull request #2634 from MathiasVP/overrideable-taint-sources 
C++: Overrideable taint sources in DefaultTaintTracking
 2020-01-17 13:01:03 +01:00
Jonas Jensen
5d08a0e338 Merge pull request #2558 from MathiasVP/ast-classes-should-not-be-abstract 
C++: Ast classes should not be abstract
 2020-01-17 08:47:55 +01:00
semmle-qlci
8dff8e77e1 Merge pull request #2637 from hvitved/csharp/non-assigned-fields-bad-magic 
Approved by calumgrant
 2020-01-16 15:44:25 +00:00
semmle-qlci
4efc418e2c Merge pull request #2617 from asger-semmle/prototype-pollution-utility 
Approved by esbena, mchammer01
 2020-01-16 13:02:07 +00:00
Tom Hvitved
f4c255cb62 C#: Fix bad magic optimization in NonAssignedFields.ql 2020-01-16 12:31:14 +01:00
Mathias Vorreiter Pedersen
87c59e0017 C++: Overrideable taint sources in DefaultTaintTracking 2020-01-16 11:10:43 +01:00
Asger F
7a1d068f1c Update javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-01-16 09:47:18 +00:00
Mathias Vorreiter Pedersen
603b1c26a7 Merge branch 'master' into ast-classes-should-not-be-abstract 2020-01-16 10:16:03 +01:00
semmle-qlci
8128d23b6e Merge pull request #2505 from erik-krogh/EventEmitter 
Approved by esbena, max-schaefer
 2020-01-16 08:47:38 +00:00
semmle-qlci
18879386bf Merge pull request #2627 from asger-semmle/js-useless-expression-trycatch 
Approved by esbena
 2020-01-16 08:40:57 +00:00
Dave Bartolomeo
48301e1187 Merge pull request #2594 from rdmarsh2/ir-overlappingVariableMemoryLocations 
C++: compute overlap on irvars with vvar indexes
 2020-01-15 13:06:33 -07:00
Tom Hvitved
e5abaa79ae Merge pull request #2585 from calumgrant/cs/serialization-check-bypass 
C#: Improvements to cs/serialization-check-bypass
 2020-01-15 20:40:51 +01:00
Robert Marsh
a91f10fe40 Merge pull request #2629 from dbartol/dbartol/missing-vvars 
C++/C#: Fix missing virtual variables
 2020-01-15 08:32:43 -08:00
Calum Grant
6790028d4c C#: Use guards library 2020-01-15 15:46:19 +00:00
Asger Feldthaus
7141f15858 JS: Add change note 2020-01-15 11:49:57 +00:00
Asger Feldthaus
6d9306366c JS: ignore useless-expr in first stmt in try block 2020-01-15 11:49:23 +00:00
Tom Hvitved
f7278d36e1 Merge pull request #2498 from aschackmull/java/taint-getter 
Java/C++/C#: Add support for taint-getter/setter summaries in data flow.
 2020-01-15 09:55:19 +01:00
Dave Bartolomeo
e60f902c36 C++/C#: Fix missing virtual variables 
The aliased SSA code was assuming that, for every automatic variable, there would be at least one memory access that reads or writes the entire variable. We've encountered a couple cases where that isn't true due to extractor issues. As a workaround, we now always create the `VariableMemoryLocation` for every local variable.

I've also added a sanity test to detect this condition in the future.

Along the way, I had to fix a perf issue in the PrintIR code. When determining the ID of a result based on line number, we were considering all `Instruction`s generated for a particular line, regardless of whether they were all in the same `IRFunction`. In addition, the predicate had what appeared to be a bad join order that made it take forever on large snapshots. I've scoped it down to just consider `Instruction`s in the same function, and outlined that predicate to fix the join order issue. This causes some numbering changes, but they're for the better. I don't think there was actually any nondeterminism there before, but now the numbering won't depend on the number of instantiations of a template, either.
 2020-01-14 17:57:15 -07:00
Robert Marsh
42be28b211 C++: autoformat 2020-01-14 13:17:57 -08:00
Robert Marsh
5a5832b7de Merge pull request #2569 from jbj/ir-total-chi-flow 
C++: IR data flow through total chi operands
 2020-01-14 12:47:58 -08:00
semmle-qlci
3c4749be88 Merge pull request #2624 from asger-semmle/js-duplicate-alert-strict-mode 
Approved by max-schaefer
 2020-01-14 11:59:45 +00:00
Anders Schack-Mulligen
241b8a05e4 Java/C++/C#: Address review comment. 2020-01-14 11:59:55 +01:00
Asger Feldthaus
2245882441 JS: Add change note and fix cwe tags 2020-01-14 10:53:40 +00:00
Asger Feldthaus
d76859b7df JS: Address review comments 2020-01-14 10:53:00 +00:00
Asger F
2c05ee8ab8 JS: Add regression test 2020-01-14 10:53:00 +00:00
Asger F
9bd3c4a11c JS: Add sanitizer for "in" exprs 2020-01-14 10:53:00 +00:00
Asger Feldthaus
7ac30e2289 JS: Add test for rephinement nodes 2020-01-14 10:53:00 +00:00
Asger F
a447645c10 JS: Add test with typeof on value 2020-01-14 10:52:59 +00:00
Asger F
bd9405ab84 JS: Guard against more FPs 2020-01-14 10:52:59 +00:00
Asger F
738123d3f5 JS: More sanitizers 2020-01-14 10:52:59 +00:00
Asger F
f7543aec95 JS: Support Reflect.ownKeys 2020-01-14 10:52:59 +00:00