hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,571 Commits 1,723 Branches 164 Tags
f13eb1849353e3e7a24cd25b96583ea55caa883f
Commit Graph

3571 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
f13eb18493 Merge pull request #1018 from xiemaisi/js/consolidate-tests 
Approved by esben-semmle
 2019-03-04 10:59:51 +00:00
Jonas Jensen
c49c23068a Merge pull request #923 from geoffw0/potentialbufferoverflow 
CPP: Deprecate PotentialBufferOverflow.ql
 2019-03-04 08:11:27 +00:00
Robert Marsh
b8f8ed55e6 Merge pull request #1000 from jbj/dataflow-defbyref 
C++: Support definition by reference in data flow library
 2019-03-01 13:54:37 -08:00
Pavel Avgustinov
c26b655956 Merge pull request #1022 from yh-semmle/java/dead-code-override 
Java: respect override annotations in `java/unused-parameter`
 2019-03-01 19:11:46 +00:00
Max Schaefer
8e340922cb JavaScript: Simplify some imports. 2019-03-01 14:44:58 +00:00
Max Schaefer
75c76619d8 JavaScript: Autoformat rearranged tests. 2019-03-01 14:42:01 +00:00
Max Schaefer
d4d9d61216 JavaScript: Consolidate Express tests. 
Instead of having many small independent tests, we now just have a single test that pulls in all the individual tests and runs them together.

Concretely, each `.ql` file has been turned into a `.qll` file with a query predicate corresponding to the original `select` clause and named after the original `.ql` file, plus a prefix `test_`.

The newly added `tests.ql` imports all these `.qll`s.

The individual `.expected` files have been concatenated together into `tests.expected`, each prefixed with the name of the corresponding query predicate. (This is the format that qltest produces for tests with multiple query predicates.)
 2019-03-01 09:39:31 +00:00
Max Schaefer
b265ff7cdf JavaScript: Delete stray .expected file. 2019-03-01 09:39:31 +00:00
semmle-qlci
edba24129d Merge pull request #1003 from xiemaisi/js/fix-test 
Approved by esben-semmle
 2019-02-28 12:05:44 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Taus
a83f33be33 Merge pull request #1001 from markshannon/python-delete-internal-tests 
Python delete extractor tests. Duplicates of internal tests.
 2019-02-28 11:04:52 +01:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Jonas Jensen
7afb4898e6 C++: Change note for def-by-ref data flow 2019-02-28 09:39:51 +01:00
Jonas Jensen
8e6daafd7c C++: Add DefinitionByReferenceNode.getParameter 
This commits also adds a test that uses `getParameter`. The new tests
demonstrate that support for array-to-pointer decay works, but we get
data flow to the array rather than its contents.
 2019-02-28 09:39:51 +01:00
Jonas Jensen
2bc0a8d6fb C++: Remove getVariableAccess from def-by-ref node 
This accessor may not be forward-compatible with an IR-based version,
and it's unclear whether it has any use. The `VariableAccess` remains in
the `TDefinitionByReferenceNode` constructor since it's used to
implement `getType`.
 2019-02-28 09:38:40 +01:00
Max Schaefer
02dff4e9d9 JavaScript: Update expected test output. 2019-02-28 08:21:06 +00:00
Jonas Jensen
7ff732d962 C++: Use OO dispatch for getType and getFunction 2019-02-28 08:23:24 +01:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
semmle-qlci
8e485b7972 Merge pull request #996 from xiemaisi/js/first-array-elt-in 
Approved by esben-semmle
 2019-02-27 16:19:21 +00:00
Mark Shannon
d605dfd542 Python delete extractor tests. Duplicates of internal tests. 2019-02-27 15:35:52 +00:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Jonas Jensen
972d00822c C++: Generalize std::move data flow 2019-02-27 15:53:00 +01:00
Jonas Jensen
80183464d9 C++: Define DefinitionByReferenceNode 
This enables data flow through `memcpy` and similar functions modeled in
`semmle.code.cpp.model`.
 2019-02-27 15:53:00 +01:00
Jonas Jensen
5647a1a658 C++: BlockVar value stops at def by ref (partial) 2019-02-27 15:05:53 +01:00
Geoffrey White
25a5ff5e55 CPP: Similarly update other @deprecated messages. 2019-02-27 13:20:24 +00:00
Geoffrey White
f0356bb83b CPP: Reformat @deprecated message. 2019-02-27 13:18:29 +00:00
Geoffrey White
74f7379ab9 CPP: Change note. 2019-02-27 13:09:10 +00:00
Geoffrey White
3f2e902912 CPP: Remove it from the security dashboard (OverrunWrite.ql is already on there). 2019-02-27 13:09:09 +00:00
Geoffrey White
45315cda90 CPP: Deprecate PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Geoffrey White
8a5bc24b36 CPP: Replace PotentialBufferOverflow with OverrunWrite in the test. 2019-02-27 13:09:09 +00:00
Geoffrey White
7194121eae CPP: Expand the test cases covering PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Tom Hvitved
996b0efa47 C#: Address review comments 2019-02-27 13:49:15 +01:00
Jonas Jensen
20f3df0d09 C++: Add tests to demo lack dataflow by reference 2019-02-27 13:19:16 +01:00
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Max Schaefer
6ecdb0edd5 JavaScript: Allow first expression in array literal to be an in expression. 2019-02-27 08:58:28 +00:00
Max Schaefer
0648d7aa09 JavaScript: Sharpen result type of getAReceivedItem. 2019-02-27 08:51:43 +00:00
semmle-qlci
d857f52c7d Merge pull request #991 from jbj/error-function-returns 
Approved by geoffw0
 2019-02-27 08:01:39 +00:00
Taus
dcaf0f8ba8 Merge pull request #978 from markshannon/python-turbogears 
Python: Add support for turbogears; requests and responses.
 2019-02-26 21:46:01 +01:00
Dave Bartolomeo
84c7f195d6 Merge pull request #994 from geoffw0/msalloc 
CPP: Add lots more allocation functions to Alloc.qll
 2019-02-26 11:59:45 -08:00
Mark Shannon
a480da6ed5 Python: Generalize turbogear response sinks to allow for internally sourced strings. 2019-02-26 18:31:06 +00:00
Calum Grant
5c2804d3ac Merge pull request #968 from hvitved/csharp/dataflow-performance 
C#: Improve join orders in `DataFlow` module
 2019-02-26 17:34:16 +00:00
Geoffrey White
c637bc5fcc CPP: Change note. 2019-02-26 17:17:16 +00:00
Geoffrey White
e32042d69c CPP: Add support for Microsoft functions in Alloc.qll. 2019-02-26 17:11:37 +00:00
Max Schaefer
cd9ccd4c8d Merge pull request #983 from asger-semmle/closure-global-ref 
JS: add closure library in globalObjectRef
 2019-02-26 16:55:58 +00:00
Max Schaefer
db5fbe29a3 Merge pull request #941 from esben-semmle/js/vue-support-2 
JS: Vue security improvements
 2019-02-26 16:49:38 +00:00
Mark Shannon
2995b023fa Python: Fix handling of turbogears' 'expose' decorator. 2019-02-26 16:40:21 +00:00
Asger F
eaf3f52372 JS: document new behavior of overriding InvokeNode.getACallee() 2019-02-26 16:09:19 +00:00