hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
6,386 Commits 1,740 Branches 165 Tags
d105de81a368282ff27f2c79fbde5e8ebeafc92f
Commit Graph

6386 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
d105de81a3 JavaScript: Raise precision of UndocumentedParameter to high. 
This is more consistent with the other JSDoc queries. Results are still not shown on LGTM by default, but the query can now be enabled selectively for projects that care about JSDoc.
 2019-08-20 09:32:00 +01:00
Jonas Jensen
432b0a4698 Merge pull request #1766 from aschackmull/java/nested-storestep 
Java/C++/C#: Add field flow support for stores in nested fields.
 2019-08-20 10:06:19 +02:00
Taus
b33e9f229b Merge pull request #1767 from markshannon/temporary-test-removal 
Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass
 2019-08-19 18:06:19 +02:00
Mark Shannon
edb50c129d Python tests: TEMPORARILY remove 5 tests to allow modification of extractor CFG pass. 2019-08-19 16:00:28 +01:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
Geoffrey White
4ea999872b Merge pull request #1746 from jbj/ast-field-flow-ctor 
C++: Field flow through ConstructorFieldInit
 2019-08-19 09:14:02 +01:00
Anders Schack-Mulligen
4dc460bba9 Merge pull request #1764 from yh-semmle/java-vcs-remove 
Java: remove unused VCS relations, library and queries
 2019-08-19 10:04:01 +02:00
zlaski-semmle
ce71b45649 Zlaski/cpp386a (#1753) 
* [CPP-386] Cumulative patch.

* Restore dataflow libraries clobbered by my last commit.
 2019-08-19 10:03:18 +02:00
yh-semmle
7bfed6e517 Java: add change note for VCS.qll removal 2019-08-18 15:37:25 -04:00
yh-semmle
73d8e16cd0 Java: remove obsolete VCS.qll and associated queries 2019-08-18 14:53:46 -04:00
yh-semmle
8cada4b154 Merge pull request #1758 from aschackmull/java/silly-dataflow-perf-fix 
Java: Improve performance in all dataflow queries.
 2019-08-16 21:21:10 -04:00
Geoffrey White
9b9986be58 Merge pull request #1762 from jbj/ast-field-flow-LambdaExpression 
C++: Support flow through LambdaExpression
 2019-08-16 16:45:59 +01:00
Jonas Jensen
84adeda167 C++: Support flow through LambdaExpression 
I've checked with a temporary workaround for the locations problem that
my annotations in the test cpp files are on the correct lines.
 2019-08-16 16:20:22 +02:00
Anders Schack-Mulligen
9e4f2f8594 Java: Don't use default dataflow in libs imported by default. 2019-08-16 13:27:53 +02:00
Calum Grant
0df9a625ba Merge pull request #1717 from hvitved/csharp/ssa/adjacent-perf 
C#: Improve performance of SSA adjacent reads calculation
 2019-08-16 12:11:57 +01:00
Calum Grant
b28241ac6d Merge pull request #1741 from hvitved/csharp/extract-field-inits 
C#: Extract assignments for field/property initializers
 2019-08-16 11:51:37 +01:00
Taus
a6db9efd0c Merge pull request #1756 from markshannon/python-forward-compatible-taint-api 
Python points-to: add .getAstNode() method to TaintedNode
 2019-08-16 12:34:08 +02:00
Geoffrey White
eb39346d85 Merge pull request #1744 from jbj/ast-field-flow-aggregate-init 
C++: Field flow through ClassAggregateLiteral
 2019-08-16 09:56:11 +01:00
Mark Shannon
453ae19881 Python points-to: Add .getAstNode() method to TaintedNode for forward compatibility with upcoming taint-tracking enhancements. 2019-08-16 09:54:11 +01:00
jf205
eead7f6106 Merge pull request #1610 from xiemaisi/js/library-customizations 
JavaScript: Start documenting extension points provided by the standard library.
 2019-08-16 09:49:57 +01:00
Jonas Jensen
ee8c0cb29a C++: Support member initializer lists > 1000 items 2019-08-16 09:36:34 +02:00
Max Schaefer
50b1ddfef8 JavaScript: Apply suggestions from code review 
Co-Authored-By: jf205 <42464962+jf205@users.noreply.github.com>
 2019-08-16 08:26:39 +01:00
Jonas Jensen
503cbf13bb C++: Flow from parameters to ConstructorFieldInit 
Because `ConstructorFieldInit` (member initializer lists) are not part
of the control flow graph, there was no data flow from the initial value
of parameters to their uses in member initializers. This commit adds the
necessary flow under the assumption that parameters are not overwritten
in member initializers.
 2019-08-16 09:10:31 +02:00
Jonas Jensen
45eefdb218 C++: Field flow through ConstructorFieldInit 
This allows a member initializer list to be seen as a sequence of field
assignments. For example, the constructor

    C() : a(taint()) { }

now has data flow similar to

    C() { this.a = taint(); }
 2019-08-16 09:10:17 +02:00
Jonas Jensen
1be2380511 C++: Rephrase ThisFlow to get space for ctor inits 2019-08-16 08:46:11 +02:00
Jonas Jensen
f3f89ffe3f Merge pull request #1742 from geoffw0/lambdataint 
CPP: Tests for taint through lambdas
 2019-08-16 08:45:14 +02:00
Geoffrey White
a6902bdb37 CPP: Test dataflow through lambdas. 2019-08-15 19:43:24 +01:00
Dave Bartolomeo
f1bbc9bb7e Merge pull request #1745 from jbj/ast-field-flow-ABC 
C++: Annotate field-flow tests in [ABC].cpp
 2019-08-15 09:13:26 -07:00
Dave Bartolomeo
230ff92c03 Merge pull request #1743 from nickrolfe/hmap 
C++: delete headermaps test
 2019-08-15 09:01:23 -07:00
Tom Hvitved
495e5bc628 C#: Extract assignments for field/property initializers 2019-08-15 16:18:23 +02:00
Max Schaefer
e92a1c3169 JavaScript: Apply suggestions from code review 
Co-Authored-By: jf205 <42464962+jf205@users.noreply.github.com>
 2019-08-15 14:46:07 +01:00
Geoffrey White
1bd4aeebad CPP: Effects of #1715. 2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640 CPP: Test taint through lambdas. 2019-08-15 14:00:45 +01:00
Geoffrey White
b6cf341124 Merge pull request #1715 from jbj/ast-field-flow 
C++: Initial AST-based flow through fields
 2019-08-15 13:38:58 +01:00
Taus
f5bc8b5b5f Merge pull request #1728 from markshannon/python-points-to-support-type-checking 
Python: Enhance points-to to support type-hint analysis.
 2019-08-15 14:17:53 +02:00
Nick Rolfe
c26aef2381 C++: delete headermaps test 2019-08-15 12:39:58 +01:00
Mark Shannon
902871bd48 Python: update tests results after rebase. 2019-08-15 11:37:07 +01:00
Mark Shannon
45f5825b47 Python API: Add ClassValue.getABaseType() 2019-08-15 11:35:14 +01:00
Mark Shannon
6c6e35f541 Python: Enhance points-to to support type-hint analysis. 2019-08-15 11:35:14 +01:00
Jonas Jensen
1b4b352316 C++: Field flow through ClassAggregateLiteral 2019-08-15 12:01:42 +02:00
Jonas Jensen
e419ea0140 C++: Test showing no flow through aggregate init 2019-08-15 11:33:25 +02:00
Jonas Jensen
fdd8de79da C++: Remove redundant toString override 
This time I left a comment to prevent myself from getting confused again
and adding the override in the future.
 2019-08-15 11:32:11 +02:00
Calum Grant
3fab5140a7 Merge pull request #1673 from hvitved/csharp/cfg/split-static-limit 
C#: Apply static CFG splitting limit
 2019-08-15 10:04:38 +01:00
Jonas Jensen
ed1e3ed1ef C++: Annotate field-flow tests in [ABC].cpp 
This brings the annotation style in sync with how we annotate new tests
these days. I also changed a few annotations to have different expected
outcome based on my understanding of the code.
 2019-08-15 10:30:46 +02:00
Jonas Jensen
e94dbe926b C++: Add forgotten toString override 
This makes `PostConstructorCallNode`s show up in the test output.
 2019-08-14 16:26:49 +02:00
semmle-qlci
01fd161c03 Merge pull request #1740 from Semmle/fix/yaml-javad0c 
Approved by xiemaisi
 2019-08-14 15:12:56 +01:00
Jonas Jensen
4662e71d4d Merge pull request #1738 from aschackmull/java/dataflow-joinorder-fix 
Java: Dataflow joinorder fix
 2019-08-14 13:39:01 +02:00
Pavel Avgustinov
356424308b YAMLExtractor: Update javadoc link 
Recent SnakeYAML has removed the linked method; replace the
link with a reference to what it became.
 2019-08-14 12:36:26 +01:00
semmle-qlci
09b87d8957 Merge pull request #1733 from pavgust/imp/yaml-snippets 
Approved by esben-semmle
 2019-08-14 11:09:44 +01:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00