hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-29 03:38:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,773 Commits 1,723 Branches 164 Tags
9f0499cce95a7618ef9c8d70ae10de2594dece08
Commit Graph

7773 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
55ceb9be8b Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers 
Approved by xiemaisi
 2018-08-24 08:37:41 +01:00
Jonas Jensen
1f844e2a7c Merge pull request #95 from ian-semmle/resolveClass 
C++: Rename resolve to resolveClass, and remove unused isElement
 2018-08-23 22:13:13 +02:00
Jonas Jensen
58e993e877 Merge pull request #82 from dave-bartolomeo/dave/NewDelete2 
C++: IR generation for `new` and `new[]`
 2018-08-23 21:14:07 +02:00
calum
41382dd732 C#: A regression test for extractor crash when wrong expression type is used for a literal. 2018-08-23 17:45:40 +01:00
Dave Bartolomeo
72e72357c2 C++: Use glval<Unknown> as type of call target 
Also shared some code between `TranslatedFunctionCall` and `TranslatedAllocatorCall`, and fixed dumps of glval<Unknown> to not print the size.
 2018-08-23 09:43:58 -07:00
calumgrant
04bccd0137 Merge pull request #55 from denislevin/denisl/cs/DontInstallRootCertificate 
cs: Don't Install Root Certificate (CWE-327)
 2018-08-23 17:36:50 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Ian Lynagh
7ee5efcab0 C++: Rename internal.Type to internal.ResolveClass 2018-08-23 15:40:25 +01:00
shati-semmle
4965377283 QL style guide: Small fixes 
- Don't suggest new line after `deprecated`
- Add a missing backtick
 2018-08-23 15:15:47 +01:00
Esben Sparre Andreasen
a1d79ef906 JS: make the new .*indexOfSanitizer-classes private 2018-08-23 15:59:27 +02:00
Ian Lynagh
e808560c23 C++: Rename resolve to resolveClass, and remove unused isElement 2018-08-23 14:37:38 +01:00
Esben Sparre Andreasen
2b41f62eb0 JS: introduce RelationalComparison.isInclucive 2018-08-23 14:51:39 +02:00
Tom Hvitved
1dff900059 C#: Speed up throwMayBeUncaught() by not relying on definitelyHandles() 
The `definitelyHandles()` predicate calculates the relation for all exception
types, not just the ones that can actually be thrown (no automatic magic).
This commit inlines the definition of `definitelyHandles()` to get the proper
context (manual magic).
 2018-08-23 14:39:19 +02:00
Tom Hvitved
4684bc9d15 C#: Add QL doc to startsSplits() 2018-08-23 14:39:19 +02:00
Ian Lynagh
b76e03ca79 C++: Add a missing underlyingElement call 2018-08-23 13:14:04 +01:00
Pavel Avgustinov
3182274ce8 Merge pull request #87 from lukecartey/csharp/ccyclomatic-kind 
C#: Fix @kind property of CCyclomaticComplexity
 2018-08-23 03:50:36 -07:00
semmle-qlci
3b09ab97bf Merge pull request #92 from jbj/XMLFile-is-File 
Approved by ian-semmle
 2018-08-23 11:15:12 +01:00
Jonas Jensen
fc0330beb6 C++: Make XMLFile extend File again 
Commit a1e44041e made `XMLFile` no longer extend `File`. I'm guessing
this was necessary in the branch where `File` was an IPA-typed `Element`
and `XMLFile` was not, but it broke compilation of some of our internal
queries.
 2018-08-23 10:09:42 +02:00
Max Schaefer
2187b0c245 Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Dave Bartolomeo
bba7f16790 C++: Simplify TranslatedExpr hierarchy a bit 
I introduced some unnecessary base classes in the `TranslatedExpr` hierarchy with a previous commit. This commit refactors the hierarchy a bit to align with the following high-level description:
`TranslatedExpr` represents a translated piece of an `Expr`. Each `Expr` has exactly one `TranslatedCoreExpr`, which produces the result of that `Expr` ignoring any lvalue-to-rvalue conversion on its result. If an lvalue-to-rvalue converison is present, there is an additional `TranslatedLoad` for that `Expr` to do the conversion. For higher-level `Expr`s like `NewExpr`, there can also be additional `TranslatedExpr`s to represent the sub-operations within the overall `Expr`, such as the allocator call.
 2018-08-22 17:13:03 -07:00
Max Schaefer
1aa7a2cfc2 Merge pull request #80 from asger-semmle/ts-typescript3.0 
TypeScript: support TypeScript 3.0 features
 2018-08-22 20:19:18 +01:00
calumgrant
7c521708ac Merge pull request #76 from hvitved/csharp/cfg/generic-splitting 
C#: Generic control flow graph splitting
 2018-08-22 18:18:33 +01:00
Esben Sparre Andreasen
20b48a2d24 JS: support relational indexof comparison sanitizers 2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen
b4c77b8344 JS: s/can not/cannot/ 2018-08-22 14:08:14 +02:00
Esben Sparre Andreasen
218c0cb51a JS: address review comments 2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen
fef257b1ec JS: remove emptiness checks from the type confusion x.length sinks 2018-08-22 13:25:22 +02:00
Nick Rolfe
61bd003cf9 Merge pull request #86 from ian-semmle/typo 
C++: Fix a copy/paste error in a comment
 2018-08-22 10:18:38 +01:00
Asger F
35aa2e6fbb TypeScript: update test output 2018-08-22 10:18:38 +01:00
Asger F
1569f73ed8 TypeScript: update stats 2018-08-22 10:18:38 +01:00
Asger F
4eeaf63a3a TypeScript: update related test output 2018-08-22 10:18:38 +01:00
Asger F
d26aa04642 TypeScript: support optional and rest elements in static tuple type 2018-08-22 10:18:38 +01:00
Asger F
96005d2147 TypeScript: support unknown static type 2018-08-22 10:18:38 +01:00
Asger F
9a9bbac99e TypeScript: support syntax for unknown types 2018-08-22 10:18:38 +01:00
Asger F
4a9eb0fd3f TypeScript: Add tests for OptionalTypeExpr and RestTypeExpr 2018-08-22 10:18:38 +01:00
Asger F
241ce10da4 TypeScript: support syntax for rest elements in tuple types 2018-08-22 10:18:38 +01:00
Asger F
204b2a3002 TypeScript: support syntax for optional tuple type elements 2018-08-22 10:18:38 +01:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci
7661a98909 Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
semmle-qlci
bcfd02f62d Merge pull request #85 from esben-semmle/js/format-string-taint-step 
Approved by xiemaisi
 2018-08-21 21:47:53 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
7607b6beff JS: use DataFlow::SourceNode in two additional locations 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
6950bfe915 JS: review fixups in documentation and comments 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
605695e117 JS: review fixups in documentation 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
19e5db75a3 JS: make AnalyzedFunction public and move getAReturnValue there 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
ac947f10e7 JS: address some review comments 2018-08-21 22:08:08 +02:00
Esben Sparre Andreasen
21c895368d JS: change notes for improved inter-procedural type inference 2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen
6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen
3692667af2 JS: improve inter-procedural type inference for "local functions" 2018-08-21 22:07:11 +02:00
Esben Sparre Andreasen
4e45ad2d5a JS: generalize inter procedural IIFE type inference 2018-08-21 21:59:30 +02:00