hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,373 Commits 1,747 Branches 166 Tags
b1bf7f9f3d162de88d55cde328250524a5f0643a
Commit Graph

11373 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
b1bf7f9f3d introduce pseudoProperty helper predicates 2020-04-01 14:08:56 +02:00
Erik Krogh Kristensen
59840149e8 introduce a PseudoProperty type in Collections.qll 2020-04-01 12:16:09 +02:00
Erik Krogh Kristensen
b2b009cdd9 qldoc adjustment 2020-04-01 11:34:25 +02:00
Erik Krogh Kristensen
1be326a37b add a CopyStep type-tracking step, for loadStoreSteps that loads and stores the same property 2020-04-01 11:21:05 +02:00
Erik Krogh Kristensen
9fc8ed17cd remove unused import 2020-04-01 11:18:11 +02:00
Erik Krogh Kristensen
a188c6f804 qldoc changes and renaming 2020-04-01 11:12:54 +02:00
Erik Krogh Kristensen
49a8a48a72 autoformat 2020-03-31 20:27:05 +02:00
Erik Krogh Kristensen
cec2cd3b14 update expected output 2020-03-31 14:05:05 +02:00
Erik Krogh Kristensen
64c813612f autoformat 2020-03-31 13:56:01 +02:00
Erik Krogh Kristensen
8ae55fb1c4 add top level QLDoc to MapAndSet.qll 2020-03-31 13:55:34 +02:00
Erik Krogh Kristensen
546431c83d dataflow and typetracking steps for Maps and Sets 2020-03-31 11:21:34 +02:00
Erik Krogh Kristensen
25aea900b6 add more dataflow steps for Arrays 2020-03-31 11:21:25 +02:00
Erik Krogh Kristensen
a02213e745 change LoadStoreStep such that it can store in different property 2020-03-31 11:20:57 +02:00
semmle-qlci
0feb7f87e4 Merge pull request #2761 from erik-krogh/UrlSearch 
Approved by asgerf
 2020-03-31 09:46:48 +01:00
semmle-qlci
5c920eb625 Merge pull request #3120 from asger-semmle/js/prefer-typescript-file 
Approved by esbena
 2020-03-31 09:32:14 +01:00
semmle-qlci
73dd4c8686 Merge pull request #3133 from asger-semmle/js/dictionary-taint-step-regression 
Approved by esbena
 2020-03-31 09:28:55 +01:00
Jonas Jensen
93f7c950ea Merge pull request #3152 from dbartol/dbartol/sync-files 
Move `sync-identical-files.py` into public repo as `sync-files.py`
 2020-03-31 08:31:00 +02:00
Taus
e31143c9f8 Merge pull request #2889 from RasmusWL/python-add-custom-sanitizer-example 
Python: Add example for how to write your own sanitizer
 2020-03-30 22:59:56 +02:00
Robert Marsh
4bbf4628d4 Merge pull request #3162 from jbj/argHasPostUpdate-cpp 
C++: Remove noise from argHasPostUpdate check
 2020-03-30 13:20:09 -07:00
semmle-qlci
3027e5d316 Merge pull request #3161 from Semmle/max-schaefer-patch-1 
Approved by felicitymay
 2020-03-30 19:44:06 +01:00
Rasmus Wriedt Larsen
6127d8b8f4 Python: Fixup comment alignment 2020-03-30 18:32:31 +02:00
Rasmus Wriedt Larsen
fad03e77cc Python: Move helper predicate outside of class 
otherwise the helper predicate can (and sometimes will) be evaluated once _per_
instance of that class.
 2020-03-30 18:31:16 +02:00
Rasmus Wriedt Larsen
663dc24753 Python: Apply suggestion from Taus 
rewrote the qldoc to explain it as well.
 2020-03-30 18:29:08 +02:00
Jonas Jensen
531ef64c5d C++: Fix other copies of the argHasPostUpdate test 2020-03-30 17:45:53 +02:00
Rasmus Wriedt Larsen
0b4bfed726 Merge pull request #3156 from tausbn/python-autoformat-all-ql-files 
Python: Autoformat all `.ql` files.
 2020-03-30 16:24:18 +02:00
Rasmus Wriedt Larsen
573494d313 Merge pull request #3096 from tausbn/python-autoformat-almost-everything 
Python: Autoformat (almost) all `.qll` files.
 2020-03-30 16:19:23 +02:00
Jonas Jensen
dd322be238 C++: Remove noise from argHasPostUpdate check 
This consistency check seems to have value for AST data flow, but I've
disabled it on the IR for now.

This commit also includes two unrelated changes that seem to fix a
semantic merge conflict.
 2020-03-30 15:51:11 +02:00
Max Schaefer
365751412c Docs: Bump supported Go version. 
cf https://github.com/github/codeql-go/pull/39
 2020-03-30 14:24:22 +01:00
Taus Brock-Nannestad
b990fac97b Python: Fix test failures. 
How could the tests fail because of autoformatting, you may ask?

The answer is deprecation warnings. These specify the location of the deprecated
entity, and due to autoformatting these moved around.
 2020-03-30 13:55:38 +02:00
semmle-qlci
fce04f0bd0 Merge pull request #3127 from erik-krogh/PromiseTrack 
Approved by asgerf
 2020-03-30 11:56:33 +01:00
Tom Hvitved
9fa9c10361 Merge pull request #2921 from aschackmull/dataflow/consistency-checks 
Java: Add data-flow consistency checks.
 2020-03-30 12:47:41 +02:00
Taus Brock-Nannestad
ab4cef53c2 Python: Autoformat one final straggler. 2020-03-30 12:36:43 +02:00
Taus Brock-Nannestad
727cde31c9 Python: Autoformat a few final stragglers. 2020-03-30 12:30:14 +02:00
Taus Brock-Nannestad
6eb9c6f84d Merge branch 'master' into python-autoformat-almost-everything 2020-03-30 12:24:01 +02:00
Asger Feldthaus
a317b87b81 JS: Fix perf issue in DictionaryTaintStep 2020-03-30 11:23:47 +01:00
Anders Schack-Mulligen
caf0d1528f Merge pull request #3155 from max-schaefer/add-module-comment 
Data flow: Add module doc comment for `TaintTrackingImpl.qll`
 2020-03-30 12:07:08 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
Max Schaefer
e5e94e3357 Data flow: Add module doc comment for TaintTrackingImpl.qll 
Modelled after the correponding comment for `DataFlowImpl.qll`.
 2020-03-30 10:35:47 +01:00
Taus
b4fbfa029e Merge pull request #3132 from RasmusWL/python-fix-iterable-unpacking-taint-CP 
Python: Fix iterable-unpacking taint CP
 2020-03-30 11:22:03 +02:00
Anders Schack-Mulligen
b2769b42ed Merge pull request #3117 from adityasharad/java/jackson-taint-steps 
Java: Add taint steps through Jackson serialization methods.
 2020-03-30 10:34:56 +02:00
Anders Schack-Mulligen
57c9277601 Merge pull request #3142 from MathiasVP/no-magic-in-parameterThroughFlowCand 
Data flow: No magic in returnFlowCallableCand
 2020-03-30 10:15:48 +02:00
Dave Bartolomeo
3eef2747d5 Fix LGTM alerts 2020-03-29 03:12:27 -04:00
Dave Bartolomeo
0952064eb3 Move sync-identical-files.py into public repo as sync-files.py 
We currently use a script to keep certain duplicate QL files in sync across the repo. For historical reasons, this script has lived in the private repo alongside the rest of CodeQL, even though it's only used for files in the public `ql` repo. This PR moves the script into the public `ql` repo. It is still invoked by Jenkins scripts that live in the private repo during CI, but it can also be invoked directly without having a checkout of the private repo. This is useful for anyone who is modifying the dataflow or IR libraries with only a QL checkout.
 2020-03-29 02:59:14 -04:00
Nick Rolfe
1baf5df342 Merge pull request #3147 from dbartol/dbartol/FloatLiterals 
C++: Fix test expectations for complex literals
 2020-03-27 18:15:06 +00:00
Shati Patel
28e5904079 Merge pull request #3149 from Semmle/jf205-patch-2 
Change 'Set Literals' to 'Set literals'
 2020-03-27 16:47:58 +00:00
James Fletcher
2c571d3655 Update language.rst 2020-03-27 16:40:48 +00:00
Rasmus Wriedt Larsen
d55acc38df Python: Constrain execution paths for taint_at_depth 
Thanks Taus!
 2020-03-27 16:20:08 +01:00
Erik Krogh Kristensen
4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Dave Bartolomeo
3039aaf4f3 C++: Fix test expectations for complex literals 2020-03-27 10:33:19 -04:00
Shati Patel
0b62a1d980 Merge pull request #3144 from ginsbach/setliteralhandbook 
Mention set literals in handbook
 2020-03-27 14:25:56 +00:00