hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,399 Commits 1,693 Branches 161 Tags
9fd1bf60fa533633802d1e2f29512a6301a2cfbb
Commit Graph

17399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
9fd1bf60fa Merge branch 'main' of github.com:github/codeql into python-port-path-injection 2020-10-28 10:24:23 +01:00
Tom Hvitved
02ca8fe3b7 Merge pull request #4556 from hvitved/csharp/dataflow/tuple-perf 
C#: Fix bad join-order in `System.Tuple` flow-summaries
 2020-10-28 08:50:37 +01:00
Dave Bartolomeo
27ad7bc297 Merge pull request #4560 from MathiasVP/instruction-tag-for-this-addr-and-load 
C++: Make sure getInstructionTagId has a result for `this` related IPA branches
 2020-10-27 21:01:09 -04:00
Mathias Vorreiter Pedersen
ad9e7b7343 C++: Give getInstructionTagId a result when tag is ThisAddressTag or ThisLoadTag 2020-10-27 22:16:01 +01:00
Tom Hvitved
090ea01249 C#: Fix bad join-order in System.Tuple flow-summaries 2020-10-27 14:51:11 +01:00
Rasmus Lerchedahl Petersen
164acf4055 Python: test that aliasing is not a problem 2020-10-27 11:25:58 +01:00
Jonas Jensen
8f6dbe982e Merge pull request #4468 from github/rdmarsh2/cpp/output-iterators-2 
C++: flow through output iterators with user-defined operator= and operator*
 2020-10-27 08:36:14 +01:00
Rasmus Lerchedahl Petersen
2baed20067 Python: Test false negative from review 2020-10-27 08:30:16 +01:00
Rasmus Lerchedahl Petersen
b6313dddb9 Python: Add concept tests 2020-10-27 08:26:00 +01:00
Jonas Jensen
45cd47ea77 Merge pull request #4535 from criemen/jump-to-def 
C++: Extend jump-to-def support to template instantiations.
 2020-10-27 08:16:57 +01:00
Rasmus Lerchedahl Petersen
8350d64763 Python: Add concept test definitions 2020-10-27 08:00:53 +01:00
Geoffrey White
12233e5874 Merge pull request #4533 from MathiasVP/mathiasvp/fix-broken-qhelp 
C++: Fix broken qhelp links
 2020-10-26 14:40:52 +00:00
Mathias Vorreiter Pedersen
9db66a1b94 Delete the msdn reference in NestedLoopSameVar 
It was a Visual Basic reference anyway, and it doesn't seem to provide more information than the link we have already.
 2020-10-26 15:27:24 +01:00
Rasmus Lerchedahl Petersen
601a803ee2 Python: DataFlow/TaintTrackin 3/4 2020-10-26 14:42:18 +01:00
Tom Hvitved
212b49f3dc Merge pull request #4416 from hvitved/csharp/dataflow/tuples 
C#: Add flow summaries for `System.[Value]Tuple`
 2020-10-26 13:48:24 +01:00
CodeQL CI
e825af2791 Merge pull request #4548 from asgerf/js/handle-empty-package-json 
Approved by erik-krogh
 2020-10-26 11:51:12 +00:00
Chris Smowton
68876b02fe Merge pull request #4519 from smowton/smowton/cleanup/loggertype-dead-code 
C#: Remove dead LoggerType class
 2020-10-26 11:19:27 +00:00
Mathias Vorreiter Pedersen
02bcb6d971 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-10-26 11:39:54 +01:00
Joe Farebrother
2050f82553 Merge pull request #4383 from joefarebrother/guava-strings 
Java: Add modelling for Guava
 2020-10-26 10:16:55 +00:00
Asger Feldthaus
c353f61091 JS: Add test case 2020-10-26 09:58:37 +00:00
Asger Feldthaus
f6c0972523 JS: Guard other uses of Gson.fromJson 2020-10-26 09:54:55 +00:00
Asger Feldthaus
fc12b0bb5e JS: Do not crash on empty package.json file 2020-10-26 09:54:51 +00:00
Tom Hvitved
492b1141ef Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg 
C#: Use CFG nodes instead of AST nodes in sign/modulus analysis
 2020-10-26 09:45:38 +01:00
Cornelius Riemenschneider
07452c0159 C++: Add comment, explaining where this query is used. 2020-10-26 09:28:24 +01:00
Cornelius Riemenschneider
fca141146b C++: Address review. 2020-10-26 09:27:29 +01:00
Rasmus Lerchedahl Petersen
d89e985246 Python: Test showing chaining FP 2020-10-24 09:20:30 +02:00
Rasmus Lerchedahl Petersen
022cf0b2cc Python: Add test from tracking issue 
All tests pass, but there are spurious paths
due to configuration chaining.
 2020-10-24 09:07:43 +02:00
Robert Marsh
aab9797c2f Merge branch 'main' into rdmarsh2/cpp/output-iterators-2 
Resolve merge conflict in tests
 2020-10-23 13:50:15 -07:00
Rasmus Lerchedahl Petersen
c4d1affaf8 Python: Suggestions from reviewer 2020-10-23 16:57:11 +02:00
yoff
15167753c6 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 16:52:13 +02:00
Rasmus Lerchedahl Petersen
d6e9b351e5 Python: Add qldocs 2020-10-23 16:39:38 +02:00
Rasmus Lerchedahl Petersen
821b0c918a Python: Additional taintstep for normpath 
Is it ok to have this in general?
 2020-10-23 16:35:10 +02:00
CodeQL CI
6218a48e88 Merge pull request #4545 from RasmusWL/python-model-django-v1 
Approved by tausbn
 2020-10-23 15:27:42 +01:00
Rasmus Lerchedahl Petersen
6317db1622 Python: Reword explanation (slightly) 2020-10-23 15:54:52 +02:00
Rasmus Wriedt Larsen
aa9f15af76 Python: Fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 15:39:38 +02:00
Cornelius Riemenschneider
a82cf74161 C++: Improve performance of definitions.qll. 2020-10-23 15:16:53 +02:00
Rasmus Lerchedahl Petersen
9eda84debb Python: PathCheck -> Path::SafeAccessCheck 2020-10-23 15:01:43 +02:00
Rasmus Lerchedahl Petersen
cf8462fa58 Python: Simplify chained configs 2020-10-23 14:52:47 +02:00
Rasmus Lerchedahl Petersen
f87845b1ec Python: Copy old test 2020-10-23 14:52:07 +02:00
Rasmus Wriedt Larsen
7993a83750 Merge pull request #4544 from tausbn/python-fix-bad-join-in-use-use-ssa 
Python: Fix bad join order in `adjacentUseUseSameVar`
 2020-10-23 14:37:27 +02:00
CodeQL CI
bbda22c769 Merge pull request #4534 from RasmusWL/python-update-flask-modeling 
Approved by tausbn
 2020-10-23 13:28:19 +01:00
Rasmus Wriedt Larsen
b3e53f8d0a Python: Model django.conf.urls.url (v 1.x) 2020-10-23 14:26:37 +02:00
Taus Brock-Nannestad
6d81ca12c4 Python: Fix bad join order in adjacentUseUseSameVar 2020-10-23 14:08:45 +02:00
Rasmus Wriedt Larsen
ed0fe29d7d Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 13:53:16 +02:00
Rasmus Wriedt Larsen
be166d9c02 Python: Expand Django 2/3 routing tests with 1.x way 
Added it to the `testapp` so it's easy to run the server to SEE that it works.

Added it to `routing_test` so it's obvious this is supported by our modeling
when we _know_ it's running Django 2/3.
 2020-10-23 13:43:27 +02:00
yoff
462e839a83 Update python/ql/src/experimental/Security-new-dataflow/CWE-022/PathInjection.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-23 13:35:13 +02:00
Jonas Jensen
08bf464437 Merge pull request #4540 from criemen/printast-performance 
C++: Improve PrintAST performance if only individual files are printed
 2020-10-23 12:46:34 +02:00
Rasmus Wriedt Larsen
ae60ac211b Python: Annotate django v1 routing tests 
Again need to remove trailing $, since inline-expectation tests still don't
handle $
 2020-10-23 12:05:05 +02:00
Rasmus Wriedt Larsen
78ab637b54 Python: Port django v1 tests 2020-10-23 12:00:27 +02:00
Rasmus Lerchedahl Petersen
f88cc3c98e Python: Use custom PathGraph 2020-10-23 01:10:21 +02:00