hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,299 Commits 1,723 Branches 164 Tags
d9bdb2cd4e40e5185f201d30390915eb95c3eee3
Commit Graph

8299 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
d9bdb2cd4e Merge pull request #2274 from geoffw0/oddsends 
CPP: Clean up new queries and libraries
 2019-11-11 16:05:20 +01:00
Taus
e576395c90 Merge pull request #2241 from RasmusWL/python-always-legacy-conf 
Python: Always enable legacy taint tracking configuration
 2019-11-11 16:00:04 +01:00
James Fletcher
c33d28542e Merge pull request #2294 from felicitymay/1.22-mergeback-master 
1.22 mergeback master
 2019-11-11 14:14:09 +00:00
Geoffrey White
e77fefaf9e Merge pull request #2295 from jbj/self-comparison-templates 
C++: Suppress PointlessSelfComparison.ql on templates
 2019-11-11 14:12:55 +00:00
Felicity Chapman
37c78bf1ea Fix poor conflict resolution in training slides 2019-11-11 13:11:28 +00:00
Jonas Jensen
97cc0ebc8c C++: Suppress PointlessSelfComparison on templates 
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
 2019-11-11 14:00:00 +01:00
Jonas Jensen
281d512178 C++: Add tests for self-comparison template FP 2019-11-11 13:52:22 +01:00
Felicity Chapman
b3c3677cbf Merge branch 'rc/1.22' into 1.22-mergeback-master 
Conflicts resolved in favour of master:
	docs/language/learn-ql/cpp/conversions-classes.rst
	docs/language/learn-ql/cpp/function-classes.rst
	docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
	docs/language/learn-ql/csharp/ql-for-csharp.rst
	docs/language/learn-ql/javascript/introduce-libraries-ts.rst
	docs/language/learn-ql/python/introduce-libraries-python.rst
	docs/language/ql-training/cpp/bad-overflow-guard.rst
	docs/language/ql-training/cpp/control-flow-cpp.rst
	docs/language/ql-training/cpp/global-data-flow-cpp.rst
	docs/language/ql-training/cpp/intro-ql-cpp.rst
	docs/language/ql-training/cpp/program-representation-cpp.rst
	docs/language/ql-training/cpp/snprintf.rst
	docs/language/ql-training/index.rst
	docs/language/ql-training/java/global-data-flow-java.rst
	docs/language/ql-training/java/intro-ql-java.rst
	docs/language/ql-training/java/program-representation-java.rst
	docs/language/ql-training/java/query-injection-java.rst
 2019-11-11 10:18:43 +00:00
Rasmus Wriedt Larsen
9151a7e433 Python: Always enable legacy taint tracking configuration 
If the legacy configuration is only enabled if there are no other
configurations, defining a configuration in an imported library can lead to
unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)`
would *stop* working, if it did not define its own configuration. (this actually
happened to us)

We performed a dist-compare to ensure there is not a performance deg ration by
doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e

Tests that were affected by this:

- RockPaperScissors + Simple: new edges because no configuration was defined for
  SqlInjectionTaint or CommandInjectionTaint
- CleartextLogging + CleartextStorage: new edges because no configuration was
  defined before, AND duplicate deges.
- TestNode: new edges because no configuration was defined before

- PathInjection: Duplicate edges
- TarSlip: Duplicate edges
- CommandInjection: Duplicate edges
- ReflectedXss: Duplicate edges
- SqlInjection: Duplicate edges
- CodeInjection: Duplicate edges
- StackTraceExposure: Duplicate edges
- UnsafeDeserialization: Duplicate edges
- UrlRedirect: Duplicate edges
 2019-11-11 11:17:21 +01:00
Anders Schack-Mulligen
b0fecbce28 Merge pull request #2230 from yh-semmle/java-move-cwe502-lib 
Java: move `UnsafeDeserialization.qll` to standard library location
 2019-11-11 10:44:52 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
James Fletcher
aa05908d19 Merge pull request #2287 from felicitymay/1.22/support-codeql 
1.22: Update for support info for CodeQL term change
 2019-11-09 22:07:34 +00:00
Felicity Chapman
25eb1d0cc9 Update for CodeQL term change and port nav changes 2019-11-09 14:36:35 +00:00
Jonas Jensen
f3e691b5ec Merge pull request #2075 from zlaski-semmle/zlaski/cpp434 
[CPP-434] Detect signed overflow checks
 2019-11-09 09:57:23 +01:00
Robert Marsh
b812a0338d Merge pull request #2268 from dave-bartolomeo/dbartol/StringLiteralAlias 
C++/C#: Treat string literals like read-only global variables for alias purposes
 2019-11-08 12:43:57 -08:00
Dave Bartolomeo
c365b2f2f0 Merge from master 
Resolve conflicts in test output
 2019-11-08 10:42:29 -07:00
Dave Bartolomeo
2b89139d5f Merge pull request #2269 from rdmarsh2/rdmarsh/cpp/uninit-string-initializers 
C++: uninit instr for string literal initializers
 2019-11-08 10:33:57 -07:00
Geoffrey White
58b6fc6bbf CPP: Autoformat. 2019-11-08 16:06:23 +00:00
Taus
7527f13443 Merge pull request #2283 from RasmusWL/python-fix-python2-specific-tests 
Python: fix python2 specific tests
 2019-11-08 17:03:54 +01:00
semmle-qlci
9986de87c4 Merge pull request #2284 from shati-patel/ql-codeql-1 
Approved by jf205
 2019-11-08 14:37:26 +00:00
semmle-qlci
d9c7549dbe Merge pull request #2279 from max-schaefer/js/touchstone-files 
Approved by asger-semmle
 2019-11-08 14:33:23 +00:00
shati-patel
fe654a9c99 update to match support page 2019-11-08 14:32:59 +00:00
shati-patel
3f51260fb4 Docs: Update sidebar 2019-11-08 14:04:44 +00:00
Esben Sparre Andreasen
9b346b1d52 Merge pull request #2260 from max-schaefer/js/_min 
JavaScript: Classify files with names ending in `_min` as minified.
 2019-11-08 13:52:33 +01:00
Rasmus Wriedt Larsen
358964b1e2 Python: Accept changes in Python 2 specific six tests 
We don't use a locked-down version of six, so some internal things probably
changed from the version used last time, and the versoin I have installed.

Long term fix would be to use a specific version of six for tests!
 2019-11-08 13:49:52 +01:00
Rasmus Wriedt Larsen
6c259e5608 Python: Temporarily accept changes in Python 2 specific MRO tests 
Due to internal PR#35123 we now actually run the tests under
`python/ql/test/2/...`

These seems like a regression, since the tests state that N is ok, but A and J
should not be allowed.

For now we can accept them, so we don't block all other Python PRs
 2019-11-08 13:48:21 +01:00
Rasmus Wriedt Larsen
89a13213e2 Python: Accept changes in Python 2 specific tests 
Due to internal PR#35123 we now actually run the tests under
`python/ql/test/2/...`

Since we haven't done this in a while, test output has changed a bit. These
changes look perfectly fine.
 2019-11-08 13:48:14 +01:00
semmle-qlci
867ed16777 Merge pull request #2276 from asger-semmle/inclusion-test 
Approved by max-schaefer
 2019-11-08 10:57:11 +00:00
Max Schaefer
d7831d2680 JavaScript: Short-circuit bad-header check on empty files. 2019-11-08 10:30:53 +00:00
Felicity Chapman
8ed0d726ee Merge pull request #2280 from jf205/codeql-homepage-links 
docs: update banner links
 2019-11-08 10:06:27 +00:00
james
0554de06a1 docs: update banner links 2019-11-08 09:32:20 +00:00
Max Schaefer
e8510fe71a TypeScript: Skip Touchstone files. 2019-11-08 09:17:05 +00:00
Dave Bartolomeo
17f76c2516 C++: Fix merge conflicts 2019-11-07 22:02:15 -07:00
Ziemowit Laski
4ea8569081 [CPP-434] Squelch query alerts if ALL files were compiled 
with `-fwrapv` or `-fno-strict-overflow`
 2019-11-07 16:40:03 -08:00
Robert Marsh
f483ec152b Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/uninit-string-initializers 2019-11-07 14:36:58 -08:00
Robert Marsh
ee185ea92e Merge pull request #2273 from geoffw0/ntohl 
CPP: Add tests of NtohlArrayNoBoundOpenSource.ql.
 2019-11-07 14:06:32 -08:00
Robert Marsh
ae1377447e C++: only generate uninits when needed 2019-11-07 13:55:49 -08:00
Dave Bartolomeo
6c1d219c86 Merge from master 2019-11-07 14:50:04 -07:00
Robert Marsh
c5396d9980 Merge pull request #2262 from jbj/ir-virtual-dispatch-local 
C++: Rudimentary support for IR data flow virtual dispatch
 2019-11-07 13:09:24 -08:00
Dave Bartolomeo
df1d64fbeb Merge pull request #2244 from jbj/IRType-cached 
C++: Minimal caching of the IR type system
 2019-11-07 12:44:16 -07:00
Dave Bartolomeo
f808dcefab Merge pull request #2277 from ian-semmle/cfg_diffs 
C++: Remove tests for CFG differences
 2019-11-07 12:41:40 -07:00
Dave Bartolomeo
64480c2ace Merge pull request #1999 from jbj/ir-copy-unloaded-result 
C++: Make sure there's a Instruction for each Expr
 2019-11-07 12:31:54 -07:00
Dave Bartolomeo
2c88848d2f Merge pull request #2272 from jbj/getIRTypeForPRValue-join-order 
C++/C#: Fix getIRTypeForPRValue join order
 2019-11-07 12:22:39 -07:00
Ian Lynagh
b5af4e5acd C++: Remove tests for CFG differences 
Now that we have switched over, they are no longer interesting.
 2019-11-07 16:32:18 +00:00
igfoo
c8c37c4976 Merge pull request #2271 from matt-gretton-dann/cpp-172-template-members 
Template members
 2019-11-07 16:30:08 +00:00
shati-patel
ec2008d57a Merge pull request #2275 from jf205/sd-4017 
Learn CodeQL docs: add short note about new terminology
 2019-11-07 16:12:12 +00:00
semmle-qlci
e65271dfad Merge pull request #2251 from asger-semmle/barrier-guard-improvements 
Approved by esbena
 2019-11-07 15:50:23 +00:00
semmle-qlci
f79c2a7630 Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root 
Approved by max-schaefer
 2019-11-07 15:46:14 +00:00
James Fletcher
8178e3e671 Update docs/language/learn-ql/terminology-note.rst 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-11-07 14:40:04 +00:00
James Fletcher
d31ec56ea6 Update docs/language/learn-ql/index.rst 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-11-07 14:39:52 +00:00