hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,921 Commits 1,746 Branches 166 Tags
cc25298f673d7acebbeac2d2783f7d64661e57ba
Commit Graph

10921 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
cc25298f67 C++: Demonstrate false positives when a const variable is initialized in a parameter list 2020-03-13 17:00:54 +01:00
Anders Schack-Mulligen
9fc75f1f92 Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen
2a2484ee0f Merge pull request #2800 from SpaceWhite/CWE-643 
CWE-643 XPathInjection on java
 2020-03-13 13:40:17 +01:00
semmle-qlci
25b9fcfafd Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix 
Approved by max-schaefer
 2020-03-13 11:49:49 +00:00
Felicity Chapman
d7f37056a6 Merge pull request #3042 from felicitymay/merge-123-master-2 
Merge rc/1.23 into master
 2020-03-13 11:18:43 +00:00
Rasmus Wriedt Larsen
b45f8ff41d Merge pull request #3053 from tausbn/python-make-test-not-depend-on-minor-version 
Python: Make two tests not depend on minor Python version.
 2020-03-13 10:56:40 +01:00
Felicity Chapman
7779862671 Merge pull request #3052 from felicitymay/2176-cobol 
Remove information about COBOL analysis
 2020-03-13 08:50:35 +00:00
yo-h
5104fd8692 Merge pull request #3051 from aschackmull/java/queue-taint-steps 
Java: Add taint steps for java.util.Queue methods.
 2020-03-12 20:54:11 -04:00
Felicity Chapman
9d32ae7fc1 Apply suggestions from code review 
Replace COBOL with Go

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-03-12 19:32:30 +00:00
Taus Brock-Nannestad
3d0ee90880 Python: Make two tests not depend on minor Python version. 
For syntax errors, we simply report the major version.

For unused imports, we were getting a result for `typing.py` when run under
Python 3.7.3. To prevent this import from being considered, I've set the maximum
import depth to `0`.
 2020-03-12 18:19:53 +01:00
Felicity Chapman
8c931bfc66 Remove information about COBOL analysis 2020-03-12 16:37:29 +00:00
Anders Schack-Mulligen
99c55b6edb Java: Add taint steps for java.util.Queue methods. 2020-03-12 15:02:06 +01:00
Taus
099997088a Merge pull request #3005 from RasmusWL/python-modernise-string-taint 
Python: Modernise StringKind files
 2020-03-12 15:01:18 +01:00
Asger Feldthaus
4391b70b5f JS: Fix perf issue in mayReceiveArgument 2020-03-12 13:45:34 +00:00
Jonas Jensen
917b984909 Merge pull request #3050 from geoffw0/mismatching_placement_new 
C++: Fix mismatching new/free FP in template code.
 2020-03-12 12:42:29 +01:00
SpaceWhite
300aee39be nit: add dot to qhelp 2020-03-12 20:38:03 +09:00
SpaceWhite
bb1ea94c54 Nit: Fix qhelp and ql autoformat 2020-03-12 20:35:01 +09:00
SpaceWhite
822bfcd36c Nit: fix qhelp 2020-03-12 20:25:23 +09:00
semmle-qlci
4355f8d2b4 Merge pull request #3023 from erik-krogh/RedundantUpdate 
Approved by esbena
 2020-03-12 09:34:53 +00:00
Pavel Avgustinov
ecded4c11c Merge pull request #3048 from jbj/desemmlify 
Docs: Remove some Semmle references
 2020-03-12 09:27:36 +00:00
Geoffrey White
f84c94b5fb C++: Change note. 2020-03-11 18:11:51 +00:00
Geoffrey White
b2c5ce8dbd C++: Exclude code in templates. 2020-03-11 18:11:45 +00:00
Geoffrey White
d454c8457d C++: Test case. 2020-03-11 18:09:09 +00:00
Rasmus Wriedt Larsen
e52fec03f8 Python: Fix code formatting 2020-03-11 18:16:55 +01:00
Rebecca Valentine
f80e206d33 Merge pull request #3008 from RasmusWL/python-modernise-security-files 
Python: modernise remaining security files
 2020-03-11 08:56:19 -07:00
Jonas Jensen
86ad4d0357 Docs: Remove some Semmle references 
The only Semmle references now left in the public Markdown files are in
URLs and in legal text. There are also two Semmle references left in
`docs/language/vale-styles/README.md` because I didn't understand them
well enough to change them.
 2020-03-11 15:20:15 +01:00
Erik Krogh Kristensen
dd261c51f7 add change note 2020-03-11 14:42:57 +01:00
Erik Krogh Kristensen
e88dac3dea remove FP for js/redundant-operation 2020-03-11 14:42:32 +01:00
yo-h
38581663a4 Merge pull request #3047 from aschackmull/java/typeflow-testcase 
Java: Add test case to typeflow qltest.
 2020-03-11 09:25:36 -04:00
semmle-qlci
1d5fba85f9 Merge pull request #3034 from esbena/js/sharpen-useless-regexp-character-escape 
Approved by asgerf
 2020-03-11 12:29:45 +00:00
Ian Lynagh
9265540704 Merge pull request #2911 from matt-gretton-dann/ql-docs/update-supported-languages 
QL docs: update supported C/C++ language versions
 2020-03-11 12:14:14 +00:00
Anders Schack-Mulligen
e1a0c2d846 Java: Add minor test case to typeflow qltest. 2020-03-11 13:13:19 +01:00
Rasmus Wriedt Larsen
f5a8084a33 Merge pull request #2827 from BekaValentine/objectapi-to-valueapi-expectedmappingforformatstring 
Python: ObjectAPI to ValueAPI: ExpectedMappingForFormatString
 2020-03-11 10:52:48 +01:00
Rasmus Wriedt Larsen
47cd9c8956 Merge pull request #3038 from BekaValentine/python-objectapi-to-valueapi-deprecatedslicemethod 
Python: ObjectAPI to ValueAPI: DeprecatedSliceMethod
 2020-03-11 10:51:01 +01:00
Mathias Vorreiter Pedersen
f4e8f7a1cc Merge pull request #2970 from jbj/multiple-types-test 
C++: Tests for variables with ambiguous types
 2020-03-11 09:53:59 +01:00
Dave Bartolomeo
66fd566b66 Merge pull request #3006 from jbj/ir-no-static-init 
C++: IR: Ignore constant static initializers
 2020-03-10 15:46:56 -04:00
Dave Bartolomeo
ef194d3332 C++: Accept test output 2020-03-10 13:49:20 -04:00
Felicity Chapman
9a30df3a6d Merge branch 'rc/1.23' into merge-123-master-2 2020-03-10 17:03:53 +00:00
Jonas Jensen
bf43475ff7 C++: Unroll recursion in inStaticInitializer 
This gets rid of some slow recursive magic.

On Wireshark, this improves the timing of the involved predicates from

    m#Variable::runtimeExprInStaticInitializer#b ..................... 3.1s (executed 86 times)
    Variable::runtimeExprInStaticInitializer#b#antijoin_rhs .......... 1.6s
    Variable::runtimeExprInStaticInitializer#b ....................... 985ms (executed 6 times)
    Variable::runtimeExprInStaticInitializer#b#loop_invariant_prefix . 845ms
    #Expr::Expr::getParent_dispred#fbPlus ............................ 3.6s (executed 86 times)
    #Expr::Expr::getParent_dispred#fbPlus_10#join_rhs ................ 988ms

to

    Variable::runtimeExprInStaticInitializer#f#antijoin_rhs . 1.8s
    Variable::runtimeExprInStaticInitializer#f .............. 1.1s (executed 6 times)
    Variable::inStaticInitializer#f ......................... 3.2s (executed 86 times)
 2020-03-10 17:07:44 +01:00
Jonas Jensen
5e01b4b858 C++: Share the constant initializer detection 
Since this code is shared between the AST CFG and the IR construction,
it seems right to have only one copy. That copy lives on a new class
`StaticStorageDurationVariable`, which may prove useful on its own.
 2020-03-10 17:05:22 +01:00
Taus
11b5c54a0e Merge pull request #2820 from RasmusWL/python-modernise-statements 
Python: modernise Statements/ queries
 2020-03-10 16:46:50 +01:00
semmle-qlci
e3fed39f88 Merge pull request #3000 from asger-semmle/js/late-barrier-guards 
Approved by erik-krogh
 2020-03-10 15:38:35 +00:00
Rebecca Valentine
b36214ae47 Python: Modernizes query and updates expecteds 2020-03-10 08:33:29 -07:00
Felicity Chapman
1a992ba9ed Merge pull request #3037 from felicitymay/1.23/2209-update-links 
Replace remaining links to semmle.com in 'docs' directory
 2020-03-10 15:22:48 +00:00
semmle-qlci
4c1d76ee9a Merge pull request #2937 from BekaValentine/python-objectapi-to-valueapi-wrongnumberargumentsforformat 
Approved by tausbn
 2020-03-10 15:04:05 +00:00
Rebecca Valentine
909e064016 Merge branch 'objectapi-to-valueapi-expectedmappingforformatstring' of github.com:BekaValentine/ql into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:54:56 -07:00
Rebecca Valentine
1234cb6e0f Python: Incorporates updates from new master 2020-03-10 07:54:28 -07:00
Rebecca Valentine
b7bcf6c3d0 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-03-10 07:51:48 -07:00
Rebecca Valentine
c690e2595c Merge pull request #3007 from RasmusWL/python-remove-use-of-deprecated-getvalue 
Python: Remove usage of deprecated .getValue()
 2020-03-10 07:18:41 -07:00
Taus
ea5aa57151 Merge pull request #3031 from BekaValentine/python-objectapi-to-valueapi-signaturespecialmethods 
Python: ObjectAPI to ValueAPI: SignatureSpecialMethods
 2020-03-10 14:54:39 +01:00