hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,043 Commits 1,723 Branches 164 Tags
bf04664bd7e895ca58439d307e0da242f5de444e
Commit Graph

4043 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
bf04664bd7 Update javascript/ql/src/semmle/javascript/GeneratedCode.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-03-26 10:01:24 +01:00
Esben Sparre Andreasen
3cd93129a6 JS: classify HTML files with > 20 elements on a line as generated 2019-03-26 08:03:56 +01:00
Esben Sparre Andreasen
4ab3407726 JS: add classification test cases 2019-03-25 10:45:44 +01:00
Esben Sparre Andreasen
335a969946 JS: fix performance in ObjectDefinePropertyAsPropWrite::getRhs 2019-03-22 12:29:34 +01:00
semmle-qlci
4075f570e2 Merge pull request #1151 from xiemaisi/rc/1.20-merge-master 
Approved by asger-semmle, hvitved
 2019-03-22 07:34:00 +00:00
Mark Shannon
8ab4dae2fa Merge pull request #1150 from taus-semmle/python-fix-insecure-default-protocol-fp 
Python: Fix false positive for `py/insecure-default-protocol`.
 2019-03-21 18:16:05 +00:00
Mark Shannon
d056af323d Merge pull request #1140 from taus-semmle/python-rename-query-suites 
Python: Copy query suites from `python2` to `python`.
 2019-03-21 17:51:05 +00:00
Jonas Jensen
db8db8669b Merge pull request #1141 from geoffw0/newfreebug 
CPP: Fix a bug in NewFree.qll
 2019-03-21 17:22:00 +01:00
Geoffrey White
37bd4725ee Merge pull request #1149 from jbj/resource-not-released-in-destructor-Qt 
C++: Fix special-casing of Qt library in resource-not-released-in-destructor
 2019-03-21 16:13:25 +00:00
Max Schaefer
8c460ae385 Merge remote-tracking branch 'upstream/master' into rc/1.20-merge-master 
Conflict in `javascript/extractor/src/com/semmle/js/extractor/Main.java` resolved
in favour of `master`.
 2019-03-21 14:46:29 +00:00
semmle-qlci
fb499b02d5 Merge pull request #1138 from asger-semmle/ts-import-namespace-as-type 
Approved by xiemaisi
 2019-03-21 14:43:48 +00:00
semmle-qlci
313134cb8c Merge pull request #1148 from xiemaisi/js/adm-zip 
Approved by esben-semmle
 2019-03-21 14:00:30 +00:00
semmle-qlci
395089d35e Merge pull request #1147 from xiemaisi/js/show-char-code 
Approved by asger-semmle
 2019-03-21 13:59:59 +00:00
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Jonas Jensen
552842346c C++: Fix special-casing of Qt library 
The `Expr.getType` predicate returns a pointer type since that's the
type of the `new`-expression as a whole. To find the class type, we use
`NewExpr.getAllocatedType`.

This commit reduces the number of alerts in a Qt snapshot from 229 to
51, and it removes the two false positives in
https://github.com/Subsurface-divelog/subsurface.
 2019-03-21 13:37:18 +01:00
Jonas Jensen
a59a9f6075 C++: Add test cases for Qt's QObject 
The Qt library requires client code to call `new` but not `delete`.
 2019-03-21 13:31:50 +01:00
Asger F
1a6c95c908 TS: update test expectation 2019-03-21 11:06:04 +00:00
Geoffrey White
867f357b36 CPP: Correct the test. 2019-03-21 10:57:44 +00:00
Calum Grant
f20041d41f Merge pull request #1133 from hvitved/csharp/more-performance-tweaks 
C#: More performance tweaks
 2019-03-21 10:46:07 +00:00
Max Schaefer
1835028b93 JavaScript: Show character code when reporting unexpected character. 2019-03-21 10:44:49 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Geoffrey White
5a56740ee6 Merge pull request #1124 from jbj/weak-cryptographic-algorithm-perf 
C++: Fix performance of BrokenCryptoAlgorithm.ql
 2019-03-20 18:01:58 +00:00
Geoffrey White
2fdd33eecd CPP: Change note. 2019-03-20 15:48:02 +00:00
Geoffrey White
91bef02257 CPP: Add a 1.21 CPP change notes file (couldn't find the templates). 2019-03-20 15:48:00 +00:00
Geoffrey White
faeb326bf8 CPP: Use newer dataflow for the fix. 2019-03-20 15:47:48 +00:00
Geoffrey White
7d8886e30c CPP: Fix over-enthusiastic dataflow in allocExprOrIndirect. 2019-03-20 15:40:02 +00:00
Geoffrey White
ea7e8927fe CPP: Add a test similar to the false positive in arvidn/libtorrent. 2019-03-20 15:35:58 +00:00
Tom Hvitved
414b7243c2 C#: More performance tweaks 2019-03-20 15:43:38 +01:00
Taus Brock-Nannestad
a6708572c0 Python: Copy query suites from python2 to python. 2019-03-20 15:33:54 +01:00
Asger F
5768d85c7b TS: fix trap test output 2019-03-20 12:46:52 +00:00
Geoffrey White
8a693699fc Merge pull request #1139 from jbj/return-stack-allocated-typo 
C++: Fix typo in ReturnStackAllocatedMemory.ql
 2019-03-20 11:36:12 +00:00
Jonas Jensen
401b5648be C++: Fix typo in ReturnStackAllocatedMemory.ql 2019-03-20 11:27:34 +01:00
Asger F
8201e7ea27 TS: update trap test output 2019-03-20 10:23:28 +00:00
Asger F
aaa8bfb874 TS: allow namespace imports as types 2019-03-20 10:09:18 +00:00
zlaski-semmle
241994d1f8 Merge pull request #1107 from zlaski-semmle/cpp355 
Updated query to look for Microsoft-specific '_alloca' and '_malloca'
Merge to Semmle/ql:master.
 2019-03-19 13:40:27 -07:00
Ziemowit Laski
09e729ff59 Turns out that '__builtin_alloca' takes 'unsigned long', not 'unsigned long long'; rename some parameters to align with C11 standard. 2019-03-19 13:27:14 -07:00
Ziemowit Laski
11ed4f3312 Change __builtin_alloca declaration to use an unsigned long long parameter. 2019-03-19 13:12:29 -07:00
Ziemowit Laski
ff3430d8d0 Use '// GOOD' and '// BAD' annotations for query diagnostics. 2019-03-19 12:29:38 -07:00
Max Schaefer
b211a54181 Merge pull request #1132 from xiemaisi/mergeback-2019-03-19 
Merge rc/1.20 into master
 2019-03-19 17:28:52 +00:00
Max Schaefer
23d77f3e6a Merge pull request #1130 from felicity-semmle/1.20/javascript-extractor 
1.20: Update JavaScript extraction notes and supported versions
 2019-03-19 17:09:05 +00:00
Mark Shannon
29c4e274e1 Merge pull request #1127 from felicity-semmle/1.20/python-change-notes 
1.20: finalize python change notes
 2019-03-19 16:53:59 +00:00
Calum Grant
fb9c587c86 Merge pull request #1126 from hvitved/csharp/performance-tweaks 
C#: Fix a few minor performance regressions
 2019-03-19 16:01:49 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
semmle-qlci
17e8b64f59 Merge pull request #1131 from xiemaisi/js/simplify-flow-summary-queries 
Approved by asger-semmle
 2019-03-19 13:35:06 +00:00
semmle-qlci
6fdba626ad Merge pull request #1121 from jbj/return-stack-allocated-1.20-fixes 
Approved by geoffw0
 2019-03-19 13:28:55 +00:00
Jonas Jensen
a31794f20c Merge pull request #1129 from geoffw0/unusedstatic 
CPP: Add to UnusedStaticVariables tests.
 2019-03-19 14:16:30 +01:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jonas Jensen
111a462d16 C++: Recover some of the good results we lost 
My recent changes to suppress FPs in `ReturnStackAllocatedMemory.ql`
caused us to lose all results where there was a `Conversion` at the
initial address escape. We cannot handle conversions in general, but
this commit restores the good results for the trivial types of
conversion that we can handle.
 2019-03-19 11:09:58 +01:00
Jonas Jensen
d864df5b7f C++: Tests for new false negatives 2019-03-19 10:30:14 +01:00