hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,999 Commits 1,747 Branches 166 Tags
b974dadca178577bbd3541e5702e397828332854
Commit Graph

14999 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
0cf4c99986 C#: Change compiler generated flag for length arguments of implicitly sized arrays 2020-08-18 12:06:01 +02:00
Tamas Vajk
99e62ceee6 C#: Add test for length argument of implicitly sized arrays 2020-08-18 11:44:24 +02:00
Jonas Jensen
b6b72729f6 C++: SimpleRangeAnalysis for MulExpr by constant 2020-08-18 11:37:59 +02:00
Erik Krogh Kristensen
03cb95c82b bump extractor version 2020-08-18 11:20:04 +02:00
Tamas Vajk
6ae53b1865 C#: Add change notes for C# analysis 2020-08-18 11:10:04 +02:00
Jonas Jensen
2e2f99cabf C++: Correctly classify the MulExpr rounding bugs 2020-08-18 10:39:57 +02:00
Jonas Jensen
a7d9715fd9 C++: BinaryOperation.hasOperands 
QLDoc borrowed from JavaScript. Implementation borrowed from Java.
Parameter names changed.
 2020-08-18 10:28:59 +02:00
Tamas Vajk
beeadea48f Add extra tests for partial methods 2020-08-18 10:26:31 +02:00
Erik Krogh Kristensen
d1b3963e2d correctly treat ES2015 modules as being in strict-mode in the extractor 2020-08-18 10:13:20 +02:00
Jonas Jensen
27345c64f3 C++: Also accept PointlessComparison test changes 2020-08-18 09:32:05 +02:00
Tamas Vajk
eba2c4331f Add launch.json to gitignore 2020-08-18 09:23:38 +02:00
Erik Krogh Kristensen
61d4648893 update expected output of trap test 2020-08-17 22:53:16 +02:00
Erik Krogh Kristensen
eb5dfe8438 autoformat 2020-08-17 22:46:20 +02:00
Geoffrey White
5d485859af Merge remote-tracking branch 'upstream/main' into 
uncontrolled-alloc-size
 2020-08-17 20:49:35 +01:00
Geoffrey White
be91cec7ad C++: Add change note. 2020-08-17 20:45:49 +01:00
Geoffrey White
d76b25ec22 C++: Change note. 2020-08-17 17:55:52 +01:00
Geoffrey White
390af0d7d2 C++: Autoformat. 2020-08-17 17:55:52 +01:00
Geoffrey White
0234bca6ca C++: Fix a hole in StdStringAppend and clarify comments. 2020-08-17 17:55:44 +01:00
Robert Marsh
9decb47bf0 Merge pull request #4076 from jbj/SimpleRangeAnalysis-AssignOperation 
C++: Fix SimpleRangeAnalysis for AssignOperation
 2020-08-17 12:55:26 -04:00
Geoffrey White
a11ca06189 C++: Implement more std::string models. 2020-08-17 17:33:09 +01:00
Geoffrey White
9204940830 C++: Add test cases for std::string methods. 2020-08-17 17:31:26 +01:00
Geoffrey White
789e781eb7 C++: Add prototypes for std::string methods to test. 2020-08-17 16:01:25 +01:00
Geoffrey White
4b4b8a9faa Merge pull request #4074 from jbj/SimpleRangeAnalysis-extensible 
C++: extensible range analysis
 2020-08-17 14:46:57 +01:00
Tom Hvitved
a2fc92b9db Data flow: Address review comments 2020-08-17 15:46:43 +02:00
Erik Krogh Kristensen
c28889225a skip binary files when extracting JavaScript 2020-08-17 15:21:15 +02:00
Jonas Jensen
e03fe81ce7 C++: Accept float.toString changes in tests 2020-08-17 15:07:00 +02:00
CodeQL CI
c917cd02bd Merge pull request #4054 from erik-krogh/urlIncludes 
Approved by esbena
 2020-08-17 13:54:25 +01:00
Erik Krogh Kristensen
6f28ddf1f8 proper support for this inside a JSX-name 2020-08-17 14:23:42 +02:00
Jonas Jensen
edc5e5fbcf C++: Simplify defDependsOnDef for AssignOperation 
These cases were unnecessarily transitive. There is no need for
`defDependsOnDef` to be transitive since that's handled in
`defDependsOnDefTransitively`.

The dependency information from the LHS of an `AssignmentOperation` is
now deduced the say way as the information from the RHS: by calling
`exprDependsOnDef`. This should effectively give us the same information
and recursion structure as if the operation (`x += e`) were desugared
(`x = x + e`).
 2020-08-17 11:06:39 +02:00
Tom Hvitved
8876dd51c7 Merge pull request #4079 from hvitved/csharp/xml-data-flow-config 
C#: Use `DataFlow3` instead of `DataFlow2` in `Xml.qll` to avoid overlap
 2020-08-17 10:36:56 +02:00
Tom Hvitved
28a7656813 Merge pull request #4073 from aschackmull/java/move-test 
Java: Temporarily move a qltest.
 2020-08-17 09:08:44 +02:00
Jonas Jensen
768e5190a1 Merge pull request #4080 from geoffw0/split 
C++: Split test file stl.cpp
 2020-08-14 15:59:46 +02:00
Geoffrey White
89c2b6dc4b Merge remote-tracking branch 'upstream/master' into split 2020-08-14 14:03:34 +01:00
Tom Hvitved
357109a410 C#: Use DataFlow3 instead of DataFlow2 in Xml.qll to avoid overlap 
`semmle.code.csharp.frameworks.system.Xml` is imported in `LibraryTypeDataFlow.qll`,
and therefore part of the default namespace. This means that the use of `DataFlow2`
inside `Xml.qll` overlaps with some queries. Bumping to `DataFlow3` resolves the issue.
 2020-08-14 14:33:12 +02:00
Rasmus Lerchedahl Petersen
2817602a97 Merge branch 'master' of github.com:github/codeql into SharedDataflow_ParameterTests 2020-08-14 14:27:57 +02:00
Jonas Jensen
fe72b559d3 C++: Range analysis for unsigned AssignMulExpr 
This is essentially a copy-paste job of `AssignAddExpr`, together with
the math from the `UnsignedMulExpr` support.
 2020-08-14 14:19:54 +02:00
CodeQL CI
e9a36b2524 Merge pull request #4062 from tausbn/python-fix-unknown-import-star 
Approved by yoff
 2020-08-14 13:17:45 +01:00
Jonas Jensen
f90d779122 C++: Fix SimpleRangeAnalysis for AssignOperation 
The range analysis wasn't producing useful bounds for `AssignOperation`s
(`+=`, `-=`) unless their RHS involved a variable. This is because a
shortcut was made in the `analyzableDef` predicate, which used to
specify that an analyzable definition was one for which we'd specified
the dependencies. But we can't distinguish between having _no
dependencies_ and having _no specification of the dependencies_.

The fix is to be more explicit about which definitions are analyzable.
To avoid too much repetition I'm still calling out to `analyzableExpr`
in the new code.
 2020-08-14 14:15:58 +02:00
Taus
8cbd4974ae Merge pull request #3981 from yoff/SharedDataflow_Classes 
Python: Dataflow, test magic methods
 2020-08-14 12:45:55 +02:00
Jonas Jensen
e01e702f46 Merge pull request #4060 from bgianfo/patch-1 
C++: Detect GoogleTest tests cases in FNumberOfTests.ql
 2020-08-14 12:42:12 +02:00
Jonas Jensen
f7273b8665 C++: Add custom modeling to extensibility.ql 2020-08-14 12:27:30 +02:00
Jonas Jensen
ee3312503e C++: Add test for extensible range analysis 
This commit demonstrates that the range is too wide before custom
modeling has been added to the test.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
bf7732ec9d C++: Silence QL compiler errors 2020-08-14 12:27:30 +02:00
Jonas Jensen
1deb1e6429 C++: Add SimpleRangeAnalysisExpr.dependsOnChild 2020-08-14 12:27:30 +02:00
Jonas Jensen
1b5b374a8e C++: Move getFullyConverted{Upper,Lower}Bounds 
Rather than being public, these internal predicates are now exposed
through a `SimpleRangeAnalysisInternal` module so it's clear that they
are not for general use.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
18ba562c25 C++: Fix: remember to bind e 2020-08-14 12:27:30 +02:00
Jonas Jensen
1c0e83a374 C++: Autoformat fixup 2020-08-14 12:27:30 +02:00
Jonas Jensen
aa78c6e750 C++: Move to experimental 
And rename to `SimpleRangeAnalysisExpr` to clarify which of our range
analysis libraries this belongs to.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
cdddf5fd40 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-extensible-base 2020-08-14 12:26:59 +02:00
Rasmus Lerchedahl Petersen
9556937840 Python: address review comments 2020-08-14 11:29:58 +02:00