hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
810 Commits 1,712 Branches 163 Tags
99816d77e3e447ebbd7ea54b676c8a1356d8a8ba
Commit Graph

810 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
99816d77e3 CPP: Additional test case fixed in combination with typedef work. 2018-10-05 17:13:50 +01:00
Geoffrey White
998b28b359 CPP: Change note. 2018-10-05 16:52:06 +01:00
Geoffrey White
67a7b75b84 CPP: Simplify getAFormatterWideType. 2018-10-05 16:40:54 +01:00
Geoffrey White
605db444a6 CPP: Fix for consistency. 2018-10-05 16:40:54 +01:00
Geoffrey White
94ff2e5693 CPP: Lets just not report when we're not sure. 2018-10-05 16:40:54 +01:00
Geoffrey White
2841897e3a CPP: Make getAFormatterWideType more general and move it into FormattingFunction.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
580471ab1d CPP: Replace stripTopLevelSpecifiers to emulate old behaviour. 2018-10-05 16:40:54 +01:00
Geoffrey White
89c56486b5 CPP: Test getDefaultCharType etc. 2018-10-05 16:40:54 +01:00
Geoffrey White
e2be19b555 CPP: New mechanism for string types in printf.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
1af6c10888 CPP: Add a test where different word sizes are present. 2018-10-05 16:40:54 +01:00
Geoffrey White
800555865a CPP: More test cases. 2018-10-05 16:40:54 +01:00
Geoffrey White
2af56b89b1 CPP: Add a test where different wide types are present. 2018-10-05 15:32:36 +01:00
Geoffrey White
39f030b8f7 CPP: Annotate test. 2018-10-05 15:32:36 +01:00
Geoffrey White
e74721e3a4 CPP: Test fixes as a result of changes. 2018-10-05 15:32:36 +01:00
Geoffrey White
6e5207ce3c CPP: Allow declarations of library printf functions in source (repairs most of the tests). 2018-10-05 15:32:36 +01:00
Robert Marsh
fe8f7e9624 C++: consider attributes when finding wide string functions 2018-10-05 15:32:36 +01:00
Robert Marsh
5b8925c699 C++: document new predicate 2018-10-05 15:32:36 +01:00
Robert Marsh
a3459ddf08 C++: add support for custom wide character sizes 
Certain Microsoft projects, such as CoreCLR and ChakraCore, use a
library called the PAL, which enables two-byte strings in the printf
family of functions, even when built on a platform with four-byte
strings. This adds support for determining the size of a wide character
from the definitions of such functions, rather than assuming that they
match the compiler's wchar_t.
 2018-10-05 15:32:35 +01:00
Jonas Jensen
4720c5ab60 Merge pull request #264 from raulgarciamsft/users/raulga/c6276 
C++: incorrect string type conversion
 2018-10-04 21:06:07 +02:00
semmle-qlci
03f2d8f605 Merge pull request #247 from aschackmull/java/dispatchflow-typepruning 
Approved by yh-semmle
 2018-10-04 18:22:44 +01:00
Robert Marsh
d6f6d67c13 Merge pull request #281 from kevinbackhouse/GlobalValueNumberingBugFix 
Workaround for getFullyConverted returning multiple results.
 2018-10-04 09:54:36 -07:00
Anders Schack-Mulligen
1c2807e5e7 Java: Add missing private annotations. 2018-10-04 17:33:10 +02:00
Kevin Backhouse
6df9bc855a Workaround for getFullyConverted returning multiple results. 2018-10-04 15:40:18 +01:00
semmle-qlci
262cb998fc Merge pull request #278 from hvitved/csharp/metrics-queries-xml 
Approved by pavgust
 2018-10-04 14:10:40 +01:00
semmle-qlci
98254e87e1 Merge pull request #132 from denislevin/denisl/js/HttpToFileAccessTest 
Approved by xiemaisi
 2018-10-04 14:06:46 +01:00
semmle-qlci
30412caa16 Merge pull request #276 from jbj/PointlessComparison-templates 
Approved by kevinbackhouse
 2018-10-04 12:34:52 +01:00
Tom Hvitved
4ca10986cb C#: Remove queries.xml from the Metrics folder 2018-10-04 11:13:01 +02:00
Nick Rolfe
ae9b492b33 Merge pull request #277 from jbj/missing-return-high 
C++: Make cpp/missing-return visible on LGTM again
 2018-10-04 09:45:34 +01:00
semmle-qlci
bea86e52fb Merge pull request #275 from xiemaisi/js/workaround-for-nested-imports 
Approved by asger-semmle
 2018-10-04 08:25:52 +01:00
Raul Garcia
3873cbdde0 Chnaging the @name & @description. 2018-10-03 15:32:34 -07:00
Jonas Jensen
9c0ba51873 C++: Make cpp/missing-return visible on LGTM again 2018-10-03 15:02:15 +02:00
Jonas Jensen
364c9a6961 C++: Suppress pointless compare in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-03 14:48:11 +02:00
Jonas Jensen
2eea359f79 C++: Test for PointlessComparison with templates 2018-10-03 14:47:00 +02:00
Max Schaefer
220fcb59bd JavaScript: Add change note. 2018-10-03 13:08:31 +01:00
Max Schaefer
8b7bb8cecc JavaScript: Add test case for type inference in the presence of non-toplevel imports. 2018-10-03 13:08:31 +01:00
Max Schaefer
db32dc2bdf JavaScript: Generalise code that assumes imports only appear at the toplevel. 2018-10-03 13:08:31 +01:00
Max Schaefer
f05e777e64 JavaScript: Patch CFG to improve support for non-top level import declarations. 2018-10-03 13:08:31 +01:00
semmle-qlci
604ff232e2 Merge pull request #267 from xiemaisi/js/fix-deprecated-use 
Approved by asger-semmle
 2018-10-03 09:12:02 +01:00
semmle-qlci
e9adc63d91 Merge pull request #260 from xiemaisi/js/confusing-precedence 
Approved by esben-semmle, mc-semmle
 2018-10-03 09:07:18 +01:00
Jonas Jensen
4ad4b19911 Merge pull request #189 from geoffw0/wrongtypedef 
CPP: Permit more typedefs in WrongTypeFormatArguments.ql
 2018-10-03 09:40:06 +02:00
Max Schaefer
09aa04bf00 Merge pull request #268 from sjvs/fix-javascript-example 
JavaScript: fix two examples based on LGTM.com alerts
 2018-10-03 08:16:19 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
Robert Marsh
d44761eaca Merge pull request #269 from tosmolka/tosmolka/cpp/suspicious-call-to-memset 
C++: support Decltype in suspicious-call-to-memset
 2018-10-02 14:21:06 -07:00
Raul Garcia
492b511cdf Merge operation 2018-10-02 11:27:39 -07:00
Raul Garcia
230724c085 Updates based on feedback 2018-10-02 11:17:23 -07:00
Max Schaefer
425d2bfba7 Merge pull request #266 from esben-semmle/js/improve-dead-store-of-local 
JS: support noop parentheses in js/useless-assignment-to-local
 2018-10-02 16:19:56 +01:00
Tobias Smolka
51dcdeff59 C++: support Decltype in suspicious-call-to-memset 2018-10-02 16:47:04 +02:00
Bas van Schaik
c4eb6f0056 fix JS example based on LGTM.com alerts 
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js (x95b0280fcab9007a):1
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXss.js (xaef03a63aa3e02e4):1
 2018-10-02 14:47:52 +01:00
Max Schaefer
c7b4238408 JavaScript: Fix use of deprecated predicate. 2018-10-02 12:12:59 +01:00
Max Schaefer
18a74a2163 Merge pull request #255 from Semmle/js/typo-in-query-help 
JavaScript: Fix typo in query help.
 2018-10-02 11:33:03 +01:00