hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,353 Commits 1,673 Branches 157 Tags
a5d2fbd25d9cb8336bb5e33fdb883fdf3f59cd3b
Commit Graph

8353 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
a5d2fbd25d CPP: Resolve remaining comments from the original PR. 2019-11-13 09:46:09 +00:00
Ziemowit Laski
5cc92b7502 [CPP-418] Mention that GNU vector initializers are syntactically 
similar to array initializers.
 2019-11-12 17:35:50 +00:00
Ziemowit Laski
d0069fcacd [CPP-418] Literals. 2019-11-12 17:35:50 +00:00
Ziemowit Laski
20e28b8a97 [CPP-418] Reformat. 2019-11-12 17:35:50 +00:00
Ziemowit Laski
2baa748390 Address further review comments. 2019-11-12 17:35:50 +00:00
Ziemowit Laski
faf4342d8e [CPP-418] Update references to BuiltInOperationBuiltInOffsetOf and __builtin_offsetof. 2019-11-12 17:35:50 +00:00
Ziemowit Laski
6eac51dba4 [CPP-418] Address review comments. 2019-11-12 17:35:49 +00:00
Ziemowit Laski
e2d5a82735 [CPP-418] Expressions. 2019-11-12 17:35:49 +00:00
Ziemowit Laski
1f337e943f [CPP-418] Typo. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
98eca4743a [CPP-418] Calls, casts, assignments and other goodness. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
e647dc341a [CPP-418] Fill in examples for ErroneousType, UnknownType, and 
assorted complex/imaginary arithmetic operations.
 2019-11-12 17:33:08 +00:00
Ziemowit Laski
09f538a4bf [CPP-418] Merge detritus. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
f255977027 [CPP-418] Some more complex numbers, vectors. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
89655612b0 [CPP-418] Tweak vector initializer syntax. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
ecb700c8f4 [CPP-418] Some assignments and call expressions. Some could not be divined. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
113481d096 [CPP-418] Add concrete syntax for arithmetic operation, EXCEPT for assorted complex number operations, where surface syntax could not be determined. 2019-11-12 17:33:08 +00:00
Ziemowit Laski
e328e781b5 [CPP-418] Address @geoffw0's review comments. 2019-11-12 17:33:07 +00:00
Ziemowit Laski
3fdf84ddb4 [CPP-418] Logical and comparison operators; reformat built-ins. 2019-11-12 17:33:07 +00:00
Ziemowit Laski
b0a93481cb [CPP-418] Add QLDoc entries for typedef types, user types, bitwise operations and built-in operations. 2019-11-12 17:33:07 +00:00
Ziemowit Laski
1f35f4bb52 [CPP-418] Add descriptions for QL classes in Type.qll. (Still need to figure out how to describe unknown and erroneous types.) 2019-11-12 16:47:29 +00:00
Ziemowit Laski
f54e0d0d07 [CPP-418] Initial modifications to Type.qll. To be continued. 2019-11-12 16:47:29 +00:00
Anders Schack-Mulligen
e6d0a2eca5 Merge pull request #2215 from yh-semmle/java-remove-obsolete-queries 
Java: remove some obsolete metric queries
 2019-11-12 10:14:55 +01:00
Jonas Jensen
c36b73f09c Merge pull request #2232 from geoffw0/formatsymbols 
CPP: Fully support n$ in format strings
 2019-11-12 09:43:20 +01:00
Dave Bartolomeo
303bab61b5 Merge pull request #2289 from jbj/ConvertToNonVirtualBaseInstruction 
C++ IR: clearly distinguish between virtual and non-virtual base conversions
 2019-11-11 13:37:07 -07:00
Jonas Jensen
ec79bfacf8 Merge pull request #2249 from geoffw0/tlsperf 
CPP: TlsSettingsMisconfiguration.ql performance and cleanup
 2019-11-11 16:47:53 +01:00
Geoffrey White
a4250be72f CPP: Un-deprecate getNumArgNeeded(n). Turns out I missed a place where it's used. 2019-11-11 15:28:09 +00:00
Geoffrey White
ed87f25886 CPP: Performance improvement. 2019-11-11 15:28:09 +00:00
Geoffrey White
695d4ff511 CPP: Change note. 2019-11-11 15:28:08 +00:00
Geoffrey White
a9fbe221ba CPP: Try to make the predicate names and qldoc a bit more consistent. 2019-11-11 15:27:23 +00:00
Geoffrey White
dff21e02db CPP: Fully support positional arguments. 2019-11-11 15:27:23 +00:00
Geoffrey White
2430bf4c83 CPP: Deprecate helper version of getNumArgNeeded. 2019-11-11 15:27:23 +00:00
Geoffrey White
27478640f2 CPP: Bring the logic for argument indices together in getFormatArgumentIndexFor. 2019-11-11 15:27:22 +00:00
Geoffrey White
760884051c CPP: Add test cases using various combinations of width and precision specifiers, positional arguments, and flags. 2019-11-11 15:27:22 +00:00
Jonas Jensen
f2a9876c2a Merge pull request #2003 from geoffw0/formatarg 
CPP: WrongTypeFormatArguments.ql Fix
 2019-11-11 16:07:37 +01:00
Jonas Jensen
d9bdb2cd4e Merge pull request #2274 from geoffw0/oddsends 
CPP: Clean up new queries and libraries
 2019-11-11 16:05:20 +01:00
Taus
e576395c90 Merge pull request #2241 from RasmusWL/python-always-legacy-conf 
Python: Always enable legacy taint tracking configuration
 2019-11-11 16:00:04 +01:00
Jonas Jensen
eb55d964a8 C++: Fix semantic merge conflict 
This test output must have been wrong because I produced it with an
extractor that didn't have #2153 applied.
 2019-11-11 15:39:53 +01:00
James Fletcher
c33d28542e Merge pull request #2294 from felicitymay/1.22-mergeback-master 
1.22 mergeback master
 2019-11-11 14:14:09 +00:00
Geoffrey White
e77fefaf9e Merge pull request #2295 from jbj/self-comparison-templates 
C++: Suppress PointlessSelfComparison.ql on templates
 2019-11-11 14:12:55 +00:00
Felicity Chapman
37c78bf1ea Fix poor conflict resolution in training slides 2019-11-11 13:11:28 +00:00
Jonas Jensen
97cc0ebc8c C++: Suppress PointlessSelfComparison on templates 
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
 2019-11-11 14:00:00 +01:00
Jonas Jensen
281d512178 C++: Add tests for self-comparison template FP 2019-11-11 13:52:22 +01:00
Felicity Chapman
b3c3677cbf Merge branch 'rc/1.22' into 1.22-mergeback-master 
Conflicts resolved in favour of master:
	docs/language/learn-ql/cpp/conversions-classes.rst
	docs/language/learn-ql/cpp/function-classes.rst
	docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
	docs/language/learn-ql/csharp/ql-for-csharp.rst
	docs/language/learn-ql/javascript/introduce-libraries-ts.rst
	docs/language/learn-ql/python/introduce-libraries-python.rst
	docs/language/ql-training/cpp/bad-overflow-guard.rst
	docs/language/ql-training/cpp/control-flow-cpp.rst
	docs/language/ql-training/cpp/global-data-flow-cpp.rst
	docs/language/ql-training/cpp/intro-ql-cpp.rst
	docs/language/ql-training/cpp/program-representation-cpp.rst
	docs/language/ql-training/cpp/snprintf.rst
	docs/language/ql-training/index.rst
	docs/language/ql-training/java/global-data-flow-java.rst
	docs/language/ql-training/java/intro-ql-java.rst
	docs/language/ql-training/java/program-representation-java.rst
	docs/language/ql-training/java/query-injection-java.rst
 2019-11-11 10:18:43 +00:00
Rasmus Wriedt Larsen
9151a7e433 Python: Always enable legacy taint tracking configuration 
If the legacy configuration is only enabled if there are no other
configurations, defining a configuration in an imported library can lead to
unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)`
would *stop* working, if it did not define its own configuration. (this actually
happened to us)

We performed a dist-compare to ensure there is not a performance deg ration by
doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e

Tests that were affected by this:

- RockPaperScissors + Simple: new edges because no configuration was defined for
  SqlInjectionTaint or CommandInjectionTaint
- CleartextLogging + CleartextStorage: new edges because no configuration was
  defined before, AND duplicate deges.
- TestNode: new edges because no configuration was defined before

- PathInjection: Duplicate edges
- TarSlip: Duplicate edges
- CommandInjection: Duplicate edges
- ReflectedXss: Duplicate edges
- SqlInjection: Duplicate edges
- CodeInjection: Duplicate edges
- StackTraceExposure: Duplicate edges
- UnsafeDeserialization: Duplicate edges
- UrlRedirect: Duplicate edges
 2019-11-11 11:17:21 +01:00
Anders Schack-Mulligen
b0fecbce28 Merge pull request #2230 from yh-semmle/java-move-cwe502-lib 
Java: move `UnsafeDeserialization.qll` to standard library location
 2019-11-11 10:44:52 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Jonas Jensen
751263db91 C++: Use ConvertToBaseInstruction in IR data flow 
This should make virtual dispatch work also for virtual bases.
 2019-11-10 11:17:35 +01:00
Jonas Jensen
7758b43e34 C++: Add ConvertToBase{Opcode,Instruction} classes 
These should make it easy to match base-class conversions when it's not
important whether the base class is virtual.
 2019-11-10 11:09:54 +01:00
Jonas Jensen
279fc16b60 C++: ConvertToBase -> ConvertToNonVirtualBase 
This rename was done with

    perl -p -i -e's/ConvertToBase/ConvertToNonVirtualBase/g' **/*.ql* **/*.expected

followed by re-running the affected tests.
 2019-11-10 10:35:53 +01:00
James Fletcher
aa05908d19 Merge pull request #2287 from felicitymay/1.22/support-codeql 
1.22: Update for support info for CodeQL term change
 2019-11-09 22:07:34 +00:00