hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 17:58:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,896 Commits 1,721 Branches 164 Tags
aaa8bfb874961c04f581f48a1e514196636eda42
Commit Graph

3896 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
Max Schaefer
23d77f3e6a Merge pull request #1130 from felicity-semmle/1.20/javascript-extractor 
1.20: Update JavaScript extraction notes and supported versions
 2019-03-19 17:09:05 +00:00
Mark Shannon
29c4e274e1 Merge pull request #1127 from felicity-semmle/1.20/python-change-notes 
1.20: finalize python change notes
 2019-03-19 16:53:59 +00:00
Calum Grant
fb9c587c86 Merge pull request #1126 from hvitved/csharp/performance-tweaks 
C#: Fix a few minor performance regressions
 2019-03-19 16:01:49 +00:00
semmle-qlci
17e8b64f59 Merge pull request #1131 from xiemaisi/js/simplify-flow-summary-queries 
Approved by asger-semmle
 2019-03-19 13:35:06 +00:00
semmle-qlci
6fdba626ad Merge pull request #1121 from jbj/return-stack-allocated-1.20-fixes 
Approved by geoffw0
 2019-03-19 13:28:55 +00:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jonas Jensen
111a462d16 C++: Recover some of the good results we lost 
My recent changes to suppress FPs in `ReturnStackAllocatedMemory.ql`
caused us to lose all results where there was a `Conversion` at the
initial address escape. We cannot handle conversions in general, but
this commit restores the good results for the trivial types of
conversion that we can handle.
 2019-03-19 11:09:58 +01:00
Jonas Jensen
d864df5b7f C++: Tests for new false negatives 2019-03-19 10:30:14 +01:00
yh-semmle
13cd7d0f15 Merge pull request #1122 from felicity-semmle/1.20/SD-3061-java-versions 
QL 1.20 docs: Be more explicit about Java versions supported
 2019-03-18 18:32:52 -04:00
yh-semmle
23f71714e5 Merge pull request #1117 from felicity-semmle/1.20/java-change-notes 
1.20: minor changes to java change notes
 2019-03-18 18:30:11 -04:00
Felicity Chapman
06fcd8a150 Reword information on parallel extraction 2019-03-18 17:09:23 +00:00
Felicity Chapman
5031153ba2 Update JavaScript extraction notes and supported versions 2019-03-18 16:17:20 +00:00
Felicity Chapman
4ab8417734 Fix US spelling 2019-03-18 16:10:03 +00:00
Felicity Chapman
e05387f237 Correct information about build support 2019-03-18 15:44:47 +00:00
Felicity Chapman
e1a3fde52a Remove 'change details' for new query 2019-03-18 15:38:58 +00:00
Felicity Chapman
d07b958bcd Finalize text for 1.20 release 2019-03-18 15:25:46 +00:00
Tom Hvitved
6cd87757f6 C#: Fix a few minor performance regressions 2019-03-18 14:36:41 +01:00
Felicity Chapman
95ead47b21 Organization changes and boiler-plate text deletion 2019-03-18 12:57:40 +00:00
Felicity Chapman
975605bfa9 Merge pull request #1125 from markshannon/python-taint-tracking-change-note 
Python: Add change note for new taint-tracking configuration API.
 2019-03-18 12:51:08 +00:00
Mark Shannon
33929ab01f Python: Add change note for new taint-tracking configuration API. Needs links to full documentation added. 2019-03-18 12:43:09 +00:00
Felicity Chapman
94f525ff72 Be more explicit about Java versions supported 2019-03-18 10:17:56 +00:00
Jonas Jensen
6b1cd17009 C++: Fix FPs due to data flow Conversion handling 
Since we cannot track data flow from a fully-converted expression but
only the unconverted expression, we should check whether the address
initially escapes into the unconverted expression, not the
fully-converted one.

This fixes most of the false positives observed on lgtm.com.
 2019-03-16 20:50:27 +01:00
Jonas Jensen
1a7351ef6e C++: Add tests for three FPs observed on lgtm.com 2019-03-16 20:50:27 +01:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Jonas Jensen
690e2ae514 Merge pull request #1116 from rdmarsh2/rdmarsh/cpp/ir-guards-perf 
C++: fix cartesian product in IRGuards.qll
 2019-03-15 11:35:15 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Pavel Avgustinov
7386ca911b Merge pull request #763 from sjvs/patch-1 
Make licensing text in README.md more generic
 2019-03-15 09:02:08 +00:00
Felicity Chapman
ee9e083f2a Minor text changes to analysis notes 2019-03-15 08:03:27 +00:00
Robert Marsh
dfb7076fae C++: fix cartesian product in IRGuards.qll 2019-03-14 13:37:35 -07:00
Robin Neatherway
6453b05a41 Merge pull request #1087 from jf205/update-qhelp-style-guide 
Docs: mention lgtm in qhelp style guide
 2019-03-14 19:28:43 +00:00
semmle-qlci
e648477d14 Merge pull request #1114 from xiemaisi/js/yield-import 
Approved by asger-semmle
 2019-03-14 16:48:04 +00:00
Calum Grant
0471471d46 Merge pull request #1109 from hvitved/csharp/conditional-bypass 
C#: Fix performance regression in `cs/user-controlled-bypass`
 2019-03-14 16:19:47 +00:00
Taus
95eb4cf90d Merge pull request #1089 from markshannon/python-fix-redundant-comparison-complex-test 
Fix false positive for redundant comparison query
 2019-03-14 17:12:44 +01:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
semmle-qlci
bd3792a49a Merge pull request #1108 from xiemaisi/js/make-zipslip-visible-by-default 
Approved by esben-semmle
 2019-03-14 11:58:00 +00:00
Max Schaefer
8e52528219 JavaScript: Refactor reachableFromInput to improve join. 2019-03-14 11:53:46 +00:00
Max Schaefer
993345fb7b JavaScript: Track Electron browser objects locally only. 2019-03-14 11:53:46 +00:00
Mark Shannon
ab23a157ef Python: Move taint-tracking library to new location and extend configuration to match API of other languages. 2019-03-14 10:22:57 +00:00
Tom Hvitved
84c3073c2a C#: Fix performance regression in cs/user-controlled-bypass 2019-03-14 10:36:50 +01:00
Felicity Chapman
01b8770b7c Merge pull request #1065 from yh-semmle/java-frameworks-notes 
Java: update frameworks list for 1.20 release
 2019-03-14 09:15:46 +00:00
Max Schaefer
cc8d68082e JavaScript: Show ZipSlip results by default. 2019-03-14 08:50:47 +00:00
semmle-qlci
28efd91bbc Merge pull request #1106 from xiemaisi/js/fix-backtrack-example 
Approved by asger-semmle
 2019-03-14 08:18:00 +00:00
yh-semmle
d7925ee2ec Java: tweak change note as per review comment 2019-03-13 14:31:13 -04:00
Max Schaefer
e2cb8c5ceb JavaScript: Fix example in TypeBackTracker qldoc. 2019-03-13 15:20:41 +00:00
Max Schaefer
03a2204c30 JavaScript: Improve support for dynamic imports. 
`yield import(...)` previously caused a syntax error, now it is parsed
correctly.

`parseYield` is the only place where the value of `startsExpr` matters,
so this change should not affect anything else.
 2019-03-13 14:40:12 +00:00
Tom Hvitved
5b491a8564 Merge pull request #1100 from felicity-semmle/1.20/csharp-change-notes 
1.20: minor updates to C# change notes
 2019-03-13 13:31:23 +01:00
Max Schaefer
bce3cd8d2f Merge pull request #1097 from felicity-semmle/1.20/javascript-change-notes 
1.20: minor updates to the javascript change notes
 2019-03-13 12:28:31 +00:00
Mark Shannon
3fbe3c37aa Add change note. 2019-03-13 12:00:42 +00:00