hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,126 Commits 1,671 Branches 157 Tags
c2175b678caf7183fd17e8001334459280f84dab
Commit Graph

16126 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
c2175b678c Merge pull request #4263 from erik-krogh/importScripts 
Approved by esbena
 2020-09-16 06:01:35 -07:00
Tamás Vajk
5079deb92a Merge pull request #4268 from tamasvajk/feature/java-range-analysis-fn 
Java: Fix range analysis false negative
 2020-09-16 11:08:33 +02:00
Joe Farebrother
4f70af500c Merge pull request #4261 from joefarebrother/printAST-java 
Java: Add PrintAst
 2020-09-16 09:46:19 +01:00
Rasmus Wriedt Larsen
d828bc5f3a Merge pull request #4251 from yoff/SharedDataflow_BarrierGuards 
Python: Implement `BarrierGuard`
 2020-09-16 10:00:26 +02:00
Mathias Vorreiter Pedersen
c8a3baf356 Merge pull request #4272 from jbj/dataflow-partial-access 
C++: Add AST flow through arrays
 2020-09-16 09:29:39 +02:00
Rasmus Lerchedahl Petersen
e46ae9b98d Python: Move some query predicates to debug 2020-09-15 21:45:47 +02:00
Matthew Gretton-Dann
17bd678699 Merge pull request #4140 from github/matt-gretton-dann/fix-deleted-constructors 
Update tests for extractor changes with ctors
 2020-09-15 19:34:42 +01:00
Matthew Gretton-Dann
795bf0d93c Update tests for extractor changes with ctors 2020-09-15 17:58:37 +01:00
Matthew Gretton-Dann
9296a12a91 Merge pull request #4260 from github/igfoo/coroutines 
C++: Add coroutines* tables
 2020-09-15 17:39:38 +01:00
Joe
7e9b1a2975 Java: PrintAst: Fix more formatting issues 2020-09-15 17:15:00 +01:00
Ian Lynagh
a912a328a2 C++: Add an upgrade script 2020-09-15 15:36:19 +01:00
Ian Lynagh
56388b57bd C++: Update stats for new coroutines* tables 2020-09-15 15:36:19 +01:00
Ian Lynagh
99c4bc5175 C++: Add coroutine metadata tables 2020-09-15 15:36:19 +01:00
Jonas Jensen
78560833a1 C++: Add a test distilled from real code 
Author: @rvermeulen.

The consistency warnings go away because `sink` is defined with a body
in this file.
 2020-09-15 16:24:37 +02:00
Joe
3be8fa5155 Java: PrintAst: Fix formatting 2020-09-15 15:10:56 +01:00
Joe
28338eb32e Java: PrintAst: Various minor fixes of typos 
Fix references to C#

Fix getAPrimaryQlClass for JavadocTag

Fix typo for Import

Update test outputs
 2020-09-15 15:02:56 +01:00
Jonas Jensen
b3c50aed5e Merge pull request #4262 from github/igfoo/location 
C++: Deprecate Location subclasses
 2020-09-15 15:49:36 +02:00
Joe
53ab8dac06 Java: PrintAst: Fix failing tests 2020-09-15 14:45:48 +01:00
Joe
112b6d28a1 Java: PrintAst: Handle multiple javadocs in one element correctly 2020-09-15 14:45:48 +01:00
Joe
e38b583ec4 Java: PrintAst: Add tests 2020-09-15 14:45:48 +01:00
Joe
b73e7d8390 Java: PrintAST: Support Javadoc 2020-09-15 14:45:48 +01:00
Joe
c3320eeb3c Java: Improve getAPrimaryQlClass 
Implement it for more types
Fix typos
 2020-09-15 14:45:48 +01:00
Joe
908f025888 Java: PrintAst: Fix a couple of issues related to Annotations 2020-09-15 14:45:48 +01:00
Joe
c20f802666 Java: PrintAst: Supprt generic parameters 2020-09-15 14:45:48 +01:00
Joe
19af3e5e30 Java: Add PrintAST 2020-09-15 14:45:48 +01:00
Anders Schack-Mulligen
159353d545 Merge pull request #4269 from joefarebrother/PrintAST-java-rename 
Java: Rename PrintAst.qll to PrettyPrintAst.qll
 2020-09-15 15:43:24 +02:00
Jonas Jensen
bdce24735c C++: Add flow through arrays 
This works by adding data-flow edges to skip over array expressions when
reading from arrays. On the post-update side, there was already code to
skip over array expressions when storing to arrays. That happens in
`valueToUpdate` in `AddressFlow.qll`, which needed just a small tweak to
support assignments with non-field expressions at the top-level LHS,
like `*a = ...` or `a[0] = ...`.

The new code in `AddressFlow.qll` is copy-pasted from `EscapesTree.qll`,
and there is already a note in these files saying that they share a lot
of code and must be maintained in sync.
 2020-09-15 14:46:11 +02:00
Jonas Jensen
27b8dc2b13 C++: Add tests for flow through arrays 2020-09-15 14:19:34 +02:00
CodeQL CI
951e3093d2 Merge pull request #4231 from erik-krogh/CVE767 
Approved by asgerf
 2020-09-15 03:47:40 -07:00
Joe
efe3ac0a37 Java: Rename the existing file called PrintAst.qll 2020-09-15 11:30:56 +01:00
Erik Krogh Kristensen
2de94abe9f Merge pull request #4244 from erik-krogh/badJQueryJoin 
JS: Fix Bad join orders in UnsafeJQueryPlugin
 2020-09-15 12:29:25 +02:00
Erik Krogh Kristensen
fa255f3534 add test for self.importScripts(..) 2020-09-15 12:23:48 +02:00
Jonas Jensen
25412da845 Merge pull request #4253 from geoffw0/stringstream2 
C++: Model more stringstream features
 2020-09-15 12:19:26 +02:00
Erik Krogh Kristensen
cc5109d693 Update change-notes/1.26/analysis-javascript.md 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-09-15 12:14:51 +02:00
Tamas Vajk
23a9d0764e Java: Fix range analysis false negative 2020-09-15 12:09:05 +02:00
Mathias Vorreiter Pedersen
1fbb0fbf54 Merge pull request #4266 from geoffw0/cwe190tests 
C++: CWE-190 Tests.
 2020-09-15 12:08:00 +02:00
Tamas Vajk
c66473cb8a Java: Add test for range analysis 2020-09-15 12:07:30 +02:00
Tom Hvitved
d095d6b56b Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty 
C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty
 2020-09-15 09:30:29 +02:00
Geoffrey White
6ca9c449af C++: Add a test demonstrating the recent regression. 2020-09-14 17:55:20 +01:00
Rasmus Lerchedahl Petersen
839cd829ce Python: Fix formatting 2020-09-14 18:48:55 +02:00
yoff
5efc06da2c Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 17:08:39 +02:00
Rasmus Lerchedahl Petersen
4c02852358 Python: add missing * (and a rename) 2020-09-14 16:56:46 +02:00
Erik Krogh Kristensen
03a3c4f4b2 update expected output 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
f4f96ce04d use new source in client-side-url-redirect test 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
cb7de2714a add onmessage handlers registered using global property as PostMessageEventHandler 2020-09-14 16:50:45 +02:00
Asger F
c106b6777c Merge pull request #4254 from asgerf/js/bump-extractor-version-string 
JS: Bump extractor version string
 2020-09-14 15:17:29 +01:00
Erik Krogh Kristensen
283be19201 add change-note for importScripts 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
6e84ac8e6c add test for importScripts 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
2e3df74dce add importScripts as a sink for js/client-side-unvalidated-url-redirection 2020-09-14 16:02:34 +02:00
Geoffrey White
22097a9e13 C++: Add some CWE-190 tests I had lying around. 2020-09-14 14:39:02 +01:00