hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,928 Commits 1,723 Branches 164 Tags
b6038f3caadbcf4f2e5df12944cb26fb8a5b608c
Commit Graph

7928 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
b6038f3caa C++: Remove best-bound logic from test 
This logic, in an improved form, is now part of the library itself.
 2019-10-29 11:54:32 +01:00
Jonas Jensen
311963906b C++: Only give the best delta in range analysis 
This mirrors Java's 6b85fe087a.
 2019-10-29 11:49:49 +01:00
semmle-qlci
2cddb82f10 Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference 
Approved by asger-semmle, esbena
 2019-10-29 08:08:51 +00:00
Jonas Jensen
0b2c2620cd Merge pull request #2184 from dave-bartolomeo/dave/AliasedUse 
C++/C#: Add `AliasedUse` instruction to all functions
 2019-10-29 08:37:57 +01:00
Taus
04e3683035 Merge pull request #2194 from RasmusWL/python-improve-getbasetype-qldoc 
Python: Improve qldoc for ClassValue::getABaseType
 2019-10-28 17:07:19 +01:00
Anders Schack-Mulligen
0ffcf9ce64 Merge pull request #2192 from JLLeitschuh/feature/JLL/http_response_splitting_netty 
Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders
 2019-10-28 15:01:20 +01:00
semmle-qlci
70b114b827 Merge pull request #2208 from hvitved/csharp/codeql/no-bundled-nuget 
Approved by p0
 2019-10-28 13:47:50 +00:00
semmle-qlci
30a907861b Merge pull request #2193 from max-schaefer/js/autobuilder-exclude-node_modules 
Approved by asger-semmle
 2019-10-28 11:26:51 +00:00
Tom Hvitved
8a08038ff3 C#: Use system-nuget in Autobuilder when SEMMLE_PLATFORM_TOOLS is not set 2019-10-28 10:59:26 +01:00
Geoffrey White
8839bdd688 Merge pull request #1428 from jbj/infinite-loops-visible 
C++: Make cpp/comparison-with-wider-type visible
 2019-10-28 09:49:38 +00:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Pavel Avgustinov
d501316c76 Merge pull request #2195 from hmakholm/pr/chain-to-codeql 
codeqlmanifest: explicitly chain to ./codeql if we have it
 2019-10-26 21:55:50 +01:00
Dave Bartolomeo
cc5a689293 C++/C#: Fix up after merge from master 2019-10-25 14:11:34 -07:00
Dave Bartolomeo
f5e320e988 Merge from master 2019-10-25 13:24:19 -07:00
Dave Bartolomeo
56cbd0c152 C++/C#: Make AliasedUse access only non-local memory 
The `AliasedUse` instruction is supposed to represent future uses of aliased memory after the function returns. Since local variables from that function are no longer allocated after the function returns, the `AliasedUse` instruction should access only the set of aliased locations that does not include locals from the current stack frame.
 2019-10-25 13:10:39 -07:00
Jonathan Leitschuh
934eed97df Apply suggestions from code review for netty DefaultHttpHeaders 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-10-25 12:30:16 -04:00
semmle-qlci
d2f3574427 Merge pull request #2165 from erik-krogh/dosHigh 
Approved by asger-semmle
 2019-10-25 16:28:07 +01:00
Jonas Jensen
d63cc3d287 Merge remote-tracking branch 'upstream/master' into infinite-loops-visible 
Moved the change note to 1.23.
 2019-10-25 15:44:03 +02:00
Max Schaefer
d4b9beb010 JavaScript: Teach autobuilder not to extract node_modules and bower_components folders. 2019-10-25 14:25:02 +01:00
Max Schaefer
bd6109484d JavaScript: Rename node_modules to vendor in AutoBuildTests. 2019-10-25 14:25:02 +01:00
Max Schaefer
89f68f47a0 JavaScript: Improve type inference for captured variables. 2019-10-25 14:22:24 +01:00
Max Schaefer
6269dd99ab JavaScript: Improve type inference for destructuring assignments. 2019-10-25 14:22:24 +01:00
Asger F
04ee483c9e JS: update test output 2019-10-25 14:10:18 +01:00
Asger F
4e3f6c5107 JS: Add change note 2019-10-25 13:09:39 +01:00
Asger F
7ed31baeea JS: Rename to upward navigation 2019-10-25 13:07:07 +01:00
Asger F
39e2d1480e JS: Default to imprecision zero by default 2019-10-25 12:20:16 +01:00
Rasmus Wriedt Larsen
f1004b10ba Merge pull request #2147 from tausbn/python-cyclic-import-package-fp 
Python: Fix cyclic import FP relating to packages.
 2019-10-25 11:57:55 +02:00
Asger F
5636d42c13 JS: Update test 2019-10-25 09:57:10 +01:00
Asger F
ad645d3d50 JS: Restrict sendfile sink 2019-10-25 09:57:10 +01:00
semmle-qlci
89896c02c4 Merge pull request #2176 from Semmle/esbena-patch-1 
Approved by erik-krogh
 2019-10-25 09:26:12 +01:00
Jonas Jensen
22de0efc58 Merge pull request #2008 from dave-bartolomeo/dave/IRType2 
C++: Implement language-neutral IR type system
 2019-10-25 09:42:23 +02:00
yh-semmle
80fd5b2ada Merge pull request #2175 from aschackmull/java/continue-in-false-loop 
Java: Port C++ query cpp/continue-in-false-loop to Java.
 2019-10-24 20:47:59 -04:00
Dave Bartolomeo
80e29dce8b C++: Fix comment and remove unnecessary max() 2019-10-24 14:15:59 -07:00
Dave Bartolomeo
1223388ab6 C++: Fix test expectations 2019-10-24 13:54:21 -07:00
Dave Bartolomeo
956c18f976 C++/C#: Fix formatting 2019-10-24 13:54:09 -07:00
Ziemowit Łąski
01035f15cf Merge pull request #2123 from geoffw0/comparison2 
CPP: Reword ComparisonPrecedence.ql query message.
 2019-10-24 12:05:59 -07:00
Tom Hvitved
6d22e351f1 Merge pull request #2151 from raulgarciamsft/users/raul/oss 
Users/raul/oss
 2019-10-24 19:35:40 +02:00
Geoffrey White
f2656d8556 CPP: Autoformat. 2019-10-24 17:29:05 +01:00
Geoffrey White
73c677d417 Merge pull request #2189 from jbj/eivc-2019 
C++: Minor tweaks to ExprInVoidContext
 2019-10-24 16:50:35 +01:00
Henning Makholm
8dd0fcbf46 codeqlmanifest: explicitly chain to ./codeql if we have it 2019-10-24 17:40:43 +02:00
Geoffrey White
e48936244d CPP: Reword the query message. 2019-10-24 16:22:51 +01:00
Rasmus Wriedt Larsen
c50d366527 Python: Improve qldoc for ClassValue::getABaseType 
Hopefully it is more clear that you can get multiple results from getABaseType
because of multiple inheritance, and not because we are following the chain of
inheritance
 2019-10-24 17:10:42 +02:00
Jonas Jensen
73e217a51e C++: Un-deprecate class Qualifier 
It turns out this was used in the internal repo.
 2019-10-24 16:47:29 +02:00
Jonathan Leitschuh
dcbd6e0a11 Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders 
Closes #2185
 2019-10-24 10:27:40 -04:00
Hening Makholm
c927a4c354 Merge pull request #2191 from lcartey/lgtm-selectors 
Update new-style suite definitions
 2019-10-24 16:15:56 +02:00
Calum Grant
ad867bb855 Merge pull request #2186 from hvitved/csharp/new-env-variables 
C#: Teach extractor and autobuilder about new environment variables
 2019-10-24 15:12:13 +01:00
Luke Cartey
6bcfb4e5cc Update new-style suite definitions 
Capture path-problem as well as problem queries.
 2019-10-24 14:54:13 +01:00
Jonas Jensen
6c069ff444 C++: The update of a for-loop is ExprInVoidContext 2019-10-24 15:27:54 +02:00
Jonas Jensen
edc9e23a9d C++: Deprecate class Qualifier 
It's not used anywhere outside `VoidContext.qll`, where it was defined.
The use in `VoidContext.qll` is 10 years old and was a workaround for an
extractor bug that no longer exists.
 2019-10-24 15:22:44 +02:00