hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,284 Commits 1,712 Branches 163 Tags
b671ef504da698483cd2e9dcccec2bc4e5d75bd3
Commit Graph

1284 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
b671ef504d Merge pull request #413 from jbj/return-this-getblock 
C++: Restore `exists(getBlock())` in AV Rule 82
 2018-11-06 17:04:05 +00:00
Anders Schack-Mulligen
2004445817 Merge pull request #409 from yh-semmle/java/move-tests 
Java: move/tweak some tests
 2018-11-06 16:38:03 +01:00
Jonas Jensen
9382c9d528 C++: Regression tests for AV Rule 82 
Without the last commit, this addition to the test gives the following
results:

```
+| AV Rule 82.cpp:176:14:176:22 | operator= | Assignment operator in class Forgivable does not return a reference to *this. |
+| AV Rule 82.cpp:181:14:181:22 | operator= | Assignment operator in class Forgivable does not return a reference to *this. |
```
 2018-11-06 16:13:44 +01:00
Jonas Jensen
da73a033e5 C++: Restore exists(getBlock()) in AV Rule 82 
I removed this condition in #362, thinking it was covered by the new
conditions on return statements, but it turns out it wasn't in at least
the following cases.

1. Assignment operators that are deleted or marked private in order to
   make them inaccessible.
2. Templates whose body was not extracted.

While some of these results are technically valid, they are not nearly
as interesting as the results that this query was designed to produce.
 2018-11-06 13:42:20 +01:00
semmle-qlci
76475fef3b Merge pull request #406 from xiemaisi/js/configuration-fiddling 
Approved by asger-semmle
 2018-11-06 11:51:12 +00:00
Jonas Jensen
786377d8dc Merge pull request #408 from dave-bartolomeo/dave/NonVirtualDestructorInBaseClass 
C++: Fork AV Rule 78 into NonVirtualDestructorInBaseClass
 2018-11-06 09:51:27 +01:00
Dave Bartolomeo
3133bf6675 C++: Fix test expectation 2018-11-05 14:19:59 -08:00
Dave Bartolomeo
0c796de831 C++: Fork AV Rule 78 into NonVirtualDestructorInBaseClass 
AV Rule 78 has proved too noisy for use on lgtm.com. However, if we make the rule less noisy by, say, allowing a protected destructor to be non-virtual, we're no longer actually enforcing AV Rule 78. Instead, I've copied AV Rule 78 into NonVirtualDestructorInBaseClass.ql, given the new query the `@id` that AV Rule 78 had, and given AV Rule 78 a new JSF-specific `@id`. The new rule allows non-public non-virtual destructors, which is the problem originally reported by an lgtm.com user.
 2018-11-05 14:16:35 -08:00
Jonas Jensen
ba91f3e77c Merge pull request #401 from geoffw0/loopdir 
CPP: Speed up inconsistentLoopDirection.ql.
 2018-11-05 18:22:19 +01:00
yh-semmle
64a50c522d Java: tweak a test 2018-11-05 12:10:08 -05:00
yh-semmle
c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
yh-semmle
f3fbc8a153 Java: move a few tests 2018-11-05 12:08:42 -05:00
Geoffrey White
5cd7103841 Merge pull request #403 from jbj/FlowVar-getAnAccess-perf 
C++: Performance fix for FlowVar.getAnAccess
 2018-11-05 16:46:49 +00:00
semmle-qlci
5c9939b8ef Merge pull request #390 from esben-semmle/js/improve-useless-conditional-message 
Approved by xiemaisi
 2018-11-05 16:34:59 +00:00
Geoffrey White
a38fefe7ba CPP: Fix trailing space. 2018-11-05 15:21:27 +00:00
Esben Sparre Andreasen
651f32514b JS: use 'Util::describeExpression' in js/trivial-conditional 2018-11-05 13:00:07 +01:00
Esben Sparre Andreasen
4e54af3b41 JS: introduce 'Util::describeExpression' 2018-11-05 12:58:12 +01:00
Tom Hvitved
2846d80f1c Merge pull request #359 from calumgrant/cs/with-stubs 
C#: Sources and sinks for ASP.NET Core
 2018-11-05 11:46:02 +01:00
Jonas Jensen
9a3907c97f C++: Performance fix for FlowVar.getAnAccess 
The previous formulation of this predicate caused a CP in snapshots
where a variable had a large number of definitions and also reached a
large number of sub-basic-blocks.

This should fix performance of https://github.com/FrodeSolheim/fs-uae
and https://github.com/libretro/libretro-uae.

The `FlowVar.getAnAccess` predicate is still at risk of CP'ing when a
large group of defs has a large group of uses, but that has not been
observed to happen in practice yet. We would need to make
`localFlowStep` expose phi definitions in order to avoid that risk.
 2018-11-05 10:52:17 +01:00
semmle-qlci
b743ee4179 Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic 
Approved by xiemaisi
 2018-11-05 07:37:36 +00:00
Arthur Baars
a525c181e2 Merge pull request #400 from adityasharad/merge/1.18-master-021118 
Merge rc/1.18 into master.
 2018-11-03 20:43:48 +01:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
13f0a401f3 C#: Update analysis change notes. 2018-11-02 16:46:48 +00:00
calum
aff47c9f38 C#: Tidy up whitespace. 2018-11-02 16:45:48 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Geoffrey White
1561363582 CPP: Speed up illDefined*ForStmt in inconsistentLoopDirection.ql. 2018-11-02 16:01:23 +00:00
Aditya Sharad
3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Max Schaefer
e77ea62179 JavaScript: Tweak storeStep predicate. 2018-11-01 21:24:16 -04:00
Max Schaefer
94bba88080 JavaScript: Avoid unhelpful magic. 2018-11-01 21:22:51 -04:00
Max Schaefer
a72507a621 JavaScript: Remove a pragma[noopt]. 2018-11-01 21:22:03 -04:00
Aditya Sharad
3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
semmle-qlci
b130335adb Merge pull request #398 from aschackmull/java/autoformat 
Approved by yh-semmle
 2018-11-01 16:57:30 +00:00
Anders Schack-Mulligen
41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
semmle-qlci
08833465a0 Merge pull request #386 from xiemaisi/js/lodash_partial 
Approved by esben-semmle
 2018-11-01 09:44:14 +00:00
semmle-qlci
86b3f0156b Merge pull request #387 from xiemaisi/js/amd-fixes 
Approved by esben-semmle
 2018-11-01 09:42:17 +00:00
semmle-qlci
a22aa3524e Merge pull request #388 from asger-semmle/revert-useless-conditional 
Approved by esben-semmle
 2018-11-01 09:23:19 +00:00
Jonas Jensen
ea601b2dc0 Merge pull request #352 from dave-bartolomeo/dave/Operands 
C++: Operands as IPA types
 2018-11-01 10:12:38 +01:00
semmle-qlci
fa81084d79 Merge pull request #330 from aschackmull/java/zipslip 
Approved by yh-semmle
 2018-10-31 14:40:43 +00:00
Max Schaefer
3d2a27b039 JavaScript: Make a useful member predicate public. 2018-10-31 06:46:09 -04:00
semmle-qlci
f00863fb58 Merge pull request #383 from esben-semmle/js/unused-eval-variable 
Approved by xiemaisi
 2018-10-31 10:42:55 +00:00
Asger F
2c11844c5b Revert "Merge pull request #380 from asger-semmle/generalize-useless-conditional" 
This reverts commit 28f3b686a7, reversing
changes made to dc3c5a684c.
 2018-10-31 10:38:38 +00:00