hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,681 Commits 1,741 Branches 166 Tags
b87abc96029feb64fc8e8709eacf2bc97f9fbe56
Commit Graph

2681 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
c6f9a043ca JS: support additional import statements for Flow 2019-01-13 22:10:56 +01:00
Robert Marsh
eabc674bb3 Merge pull request #747 from jbj/cfg-remove-cfg.ql 
C++: Delete library-tests/qlcfg/cfg.ql
 2019-01-11 11:57:26 -08:00
Jonas Jensen
ef331ee68c Merge pull request #633 from Semmle/rdmarsh/cpp/range-analysis 
C++: New range analysis
 2019-01-11 19:32:20 +01:00
Geoffrey White
c8cbc8ea5a Merge pull request #751 from jbj/hides-parameter-crossfile 
C++: Improvements to "Declaration hides parameter"
 2019-01-11 18:00:50 +00:00
Geoffrey White
a656c692bb Merge pull request #752 from jbj/large-parameter-assignment 
C++: Exclude copy assignment in LargeParameter.ql
 2019-01-11 17:54:30 +00:00
semmle-qlci
04c15028ab Merge pull request #750 from aschackmull/javascript/autoformat 
Approved by xiemaisi
 2019-01-11 16:35:38 +00:00
calum
e76eb1641a C#: Address review comment. 2019-01-11 16:13:04 +00:00
Taus
dcdbc00430 Merge pull request #753 from markshannon/python-fix-regex-test-depth 
Python tests: Increase import depth to ensure sre_constants module is imported.
 2019-01-11 16:46:56 +01:00
Nick Rolfe
e8f4127fe5 C++: fix wording in GVN qldoc comment 2019-01-11 13:56:52 +00:00
Tom Hvitved
36e4b879e9 C#: Remove comment 2019-01-11 14:32:34 +01:00
Anders Schack-Mulligen
db9407bae5 Javascript: Update .expected files. 2019-01-11 14:27:16 +01:00
Jonas Jensen
b65e2f8b79 C++: Put QLDoc on two helper predicates 2019-01-11 14:07:22 +01:00
Tom Hvitved
390ebc96ae C#: Autoformat QL files 2019-01-11 13:55:28 +01:00
Taus Brock-Nannestad
b5dc0134a7 Python: Move query suites to public repo. 2019-01-11 13:46:47 +01:00
calum
de4f592bba C#: Add alert suppression comments for cs/similar-file 2019-01-11 12:36:20 +00:00
calum
a44a86bf6f C#: Add alert suppression comments. Rename e to ex in catch clauses for consistency. 2019-01-11 12:32:24 +00:00
Mark Shannon
33a2315ba0 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-11 12:15:56 +00:00
calum
fb0cae87a8 C#: Fix some alerts, and fix a potential NullReferenceException. 2019-01-11 12:12:11 +00:00
Jonas Jensen
1cc36dd969 C++: Exclude copy assignment in LargeParameter.ql 
The purpose of the copy assignment operator is to copy the object, so we
should not complain that a copy happens when passing the parameter. See
https://en.wikibooks.org/wiki/More_C++_Idioms/Copy-and-swap for details.
 2019-01-11 12:00:02 +01:00
Jonas Jensen
4ea3849595 C++: Add failing test case for LargeParameter.ql 2019-01-11 11:53:04 +01:00
semmle-qlci
b0dd3dfeb1 Merge pull request #502 from xiemaisi/js/summaries 
Approved by asger-semmle
 2019-01-11 10:27:03 +00:00
Jonas Jensen
b38ca944f4 C++: Work around CPP-331 
This change suppresses results from "Declaration hides parameter" where
the ParameterDeclarationEntry does not link up to the right
FunctionDeclarationEntry.
 2019-01-11 11:26:43 +01:00
Max Schaefer
f9d704bdcf JavaScript: Add example of indirect command injection. 2019-01-11 10:24:41 +00:00
Jonas Jensen
2268f1fee6 C++: Speed up "Declaration hides parameter" 
Bad magic ended up in `LocalVariable.getFunction` and effectively
created a Cartesian product. Before this change, the timing looked like
this:

    Variable::LocalVariable::getFunction_dispred#bb ... 50.1s
    #select#cpe#123#fff ............................... 20.6s

After this change, those predicates become much faster:

    Variable::LocalVariable::getFunction_dispred#ff ... 121ms
    DeclarationHidesParameter::localVariableNames#fff . 77ms
    #select#cpe#123#fff ............................... 28ms

Introducing the predicate `localVariableNames` ensures that we can do
the main join on two columns simultaneously, so that's a change we
should keep even if we remove the `pragma[nomagic]` later.
 2019-01-11 11:06:18 +01:00
Jonas Jensen
8a435ae321 C++: Autoformat "Declaration hides parameter" 2019-01-11 11:02:52 +01:00
Anders Schack-Mulligen
e58094c732 Javascript: Autoformat. 2019-01-11 11:02:42 +01:00
Max Schaefer
7d2d33840a JavaScript: Track flow through forwarding higher-order calls. 2019-01-11 09:15:58 +00:00
Tom Hvitved
c06fc2af09 C#: Remove DefUse.qll 2019-01-11 09:35:38 +01:00
Max Schaefer
59bac829b1 JavaScript: Refactor flowsIntoHigherOrderCall predicate. 2019-01-11 08:34:09 +00:00
Max Schaefer
edc5117dfd JavaScript: Track flow into (simple) higher-order function calls. 
The only case we support for now are functions that invoke one of their arguments, passing another argument as input.
 2019-01-11 08:11:15 +00:00
Max Schaefer
414ab8ea8c JavaScript: Refactor argumentPassing. 2019-01-11 07:57:58 +00:00
Esben Sparre Andreasen
9af6a81a58 JS: change note for ODASA-7636 fix 2019-01-11 08:37:01 +01:00
Esben Sparre Andreasen
d0372dd290 JS: reuse a variable 2019-01-11 08:34:17 +01:00
Esben Sparre Andreasen
d3543b74c0 JS: fixup: use the basic block of the actual write (ODASA-7636) 2019-01-11 08:34:17 +01:00
Jonas Jensen
88a251c05a C++: Delete library-tests/qlcfg/cfg.ql 
This test was intended to catch regressions in the CFG, but it looks
like it's just catching insignificant extractor changes. The test has
started failing after some recent extractor changes, but I have no way
to pinpoint the failure and understand whether it's a problem or not, so
I think it's better to delete this test.

The remaining tests check whether the QL-based CFG generates the same
graph as the extractor-based CFG. Furthermore, the `successor-tests`
check that the extractor-based CFG works as intended.
 2019-01-11 08:24:07 +01:00
Tom Hvitved
0f7dc51e89 C#: Fix performance issue in isValidExplicitParamsType() 2019-01-10 21:19:23 +01:00
Tom Hvitved
2197736128 C#: Speedup cs/missed-readonly-modifier 2019-01-10 20:57:36 +01:00
Robert Marsh
c455db9e59 C++: update test expectations 2019-01-10 11:24:13 -08:00
Geoffrey White
87569d14b9 CPP: QLDoc comments. 2019-01-10 17:38:42 +00:00
Geoffrey White
ba3bc1596b CPP: Manual fixup. 2019-01-10 15:28:13 +00:00
Geoffrey White
c4b01d0816 CPP: Autoformat some other untidy source files. 2019-01-10 15:28:13 +00:00
Geoffrey White
28261d6787 Merge pull request #737 from jbj/cfg-perf 
C++: QL CFG performance and tweaks
 2019-01-10 14:45:53 +00:00
Asger F
2b803693f1 JS: add comment about how to generate isLodashMember 2019-01-10 14:00:20 +00:00
Ian Lynagh
8ce2890824 C++: Add a changenote for Namespace.isInline() 2019-01-10 12:56:16 +00:00
Ian Lynagh
e5b6e61d45 C++: Update stats to include namespace_inline 2019-01-10 11:35:49 +00:00
Geoffrey White
346bc1ac62 CPP: Autoformat some code from Critical. 2019-01-10 10:40:39 +00:00
Geoffrey White
b7febb06af CPP: Autoformat some Power of 10 queries. 2019-01-10 10:40:39 +00:00
semmle-qlci
f474fdd0f9 Merge pull request #731 from xiemaisi/js/performance-fiddling 
Approved by asger-semmle, esben-semmle
 2019-01-10 10:01:02 +00:00
Jonas Jensen
9219214d64 Merge pull request #695 from raulgarciamsft/users/raulga/c6324 
cpp - Using the return value of a strcpy or related string copy function in an if statement
 2019-01-10 08:34:17 +01:00
Max Schaefer
583734a4e2 JavaScript: Fix semantic merge conflict. 
https://github.com/Semmle/ql/pull/698 removed `document.cookie` as a remote flow source, which some of the tests relied on. We now use `location.search` instead.
 2019-01-09 16:09:06 +00:00