hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
617 Commits 1,703 Branches 162 Tags
f323fa1df86ac49cedffcbf179140e99de8ce124
Commit Graph

617 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
f323fa1df8 C++: test changes from previous commit 
The IR for the conversion to bool results in a comparison where the left
hand side is not the result of any expression in the AST, so they can't
be usefully converted back to the AST
 2018-09-27 13:06:57 -07:00
Robert Marsh
e2d24a2743 C++: fix comment 2018-09-20 13:07:36 -07:00
Robert Marsh
9011e1381b C++: handle conversions in IR to AST translation 2018-09-20 12:56:43 -07:00
Robert Marsh
cc97cf9297 C++: add isReachableFromFunctionEntry 2018-09-20 10:06:19 -07:00
Robert Marsh
4c94144089 C++: remove abstract classes in IR 2018-09-20 10:06:18 -07:00
Robert Marsh
755e21d355 C++: improve conversion handling in IRGuards.qll 2018-09-20 10:06:18 -07:00
Robert Marsh
e40ce91e7e C++: document new IR class and predicates 2018-09-20 10:06:18 -07:00
Robert Marsh
d6cea1b203 C++: Add class and predicates to other IR stages 2018-09-20 10:06:17 -07:00
Robert Marsh
b5cd48d819 C++: comments on new classes and predicates 2018-09-20 10:06:17 -07:00
Robert Marsh
0273b20743 C++: make internal classes private 2018-09-20 10:06:17 -07:00
Robert Marsh
ad8f30d2f7 C++: accept test output and add IR guards tests 2018-09-20 10:06:17 -07:00
Robert Marsh
d7e630b3c6 C++: Add IR-based port of Guards library 
For ease of reviewing, I've checked in the .expected files from the
AST-based guards library. The next commit accepts output for these tests
and adds tests that use getAST rather than the translation layer.
 2018-09-20 10:06:16 -07:00
Robert Marsh
4e1a37cd6e C++: add isStrict to RelationalInstruction 2018-09-20 10:06:16 -07:00
Robert Marsh
27a83e65b2 C++: add RelationalOpcode and RelationalInstruction 2018-09-20 10:06:16 -07:00
Robert Marsh
69962bd06c Merge pull request #203 from dave-bartolomeo/dave/GVN 
C++: Initial attempt at IR-based value numbering
 2018-09-20 10:00:45 -07:00
Dave Bartolomeo
5a25602c28 C++: Move GVN out of "internal" directory 2018-09-20 08:21:15 -07:00
Dave Bartolomeo
27cee9bd80 C++: Handle inheritance conversions in IR GVN 2018-09-20 08:00:38 -07:00
semmle-qlci
f146e34e26 Merge pull request #207 from dave-bartolomeo/dave/JSNewlines 
Approved by esben-semmle
 2018-09-20 14:49:54 +01:00
Anders Schack-Mulligen
4d46385c51 Merge pull request #206 from yh-semmle/java/codeowners 
Java: add Semmle/java team to `CODEOWNERS`
 2018-09-20 09:24:14 +02:00
Dave Bartolomeo
e06969ddb4 JavaScript: Normalize .mjs files to LF 2018-09-19 21:33:39 -07:00
Dave Bartolomeo
524c67c3fb JavaScript: Normalize .ts line endings to LF 2018-09-19 21:33:35 -07:00
Dave Bartolomeo
2b9f42b308 JavaScript: Force LF for .json and .yml 2018-09-19 21:33:32 -07:00
Dave Bartolomeo
b12c739915 JavaScript: Normalize line endings of .js and .html files 
Added .gitattributes files for the two directories where we intentionally have line endings other than LF
 2018-09-19 21:33:27 -07:00
Dave Bartolomeo
bd156757d3 C++: Remove accidental add of IR.md 2018-09-19 14:26:17 -07:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
semmle-qlci
2f4aa647be Merge pull request #200 from esben-semmle/js/post-polish-167 
Approved by asger-semmle
 2018-09-19 21:43:17 +01:00
Asger F
1d793c0a7b JavaScript: fix expected output 2018-09-19 14:33:23 +01:00
Esben Sparre Andreasen
2cedc81774 JS: polish js/enabling-electron-renderer-node-integration meta info 2018-09-19 13:45:42 +02:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
Dave Bartolomeo
43f0289f0f C++: Remove Phi instructions from previous IR generations 
It turns out that when building aliased SSA IR, we were still keeping around the Phi instructions from unaliased SSA IR. These leftover instructions didn't show up in dumps because they were not assigned to a block. However, when dumping additional instruction properties, they would show up as a top-level node in the dump, without a label.
 2018-09-18 11:28:09 -07:00
Jonas Jensen
86fe0ce42e Merge pull request #107 from rdmarsh2/rdmarsh/cpp/HashCons 
C++: HashCons library
 2018-09-18 11:45:26 +02:00
Dave Bartolomeo
46b2c19c66 C++: Initial attempt at IR-based value numbering 2018-09-17 17:19:05 -07:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Asger F
e2cdf5d7ed JavaScript: add string concatenation library 2018-09-17 12:47:37 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00
semmle-qlci
782e91bb97 Merge pull request #167 from bnxi/NodeIntegration 
Approved by esben-semmle
 2018-09-15 21:35:56 +01:00
Geoffrey White
e4b9d31f8e Merge pull request #194 from raulgarciamsft/overflow_buffer_negindex 
Detect access to an array using a negative index
 2018-09-14 21:56:16 +01:00
Behrang Fouladi Azarnaminy
7071c75567 revert "Chaning EOL in two files" 
This reverts commit ecd08d4560.
 2018-09-14 09:03:48 -07:00
Esben Sparre Andreasen
444a09a17c JS: add models of five file system libraries 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
5781b518bc JS: change notes for js/stored-xss 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
Asger F
a3562aa4a7 Merge pull request #193 from esben-semmle/js/reduce-precision-of-remote-property-injection 
JS: lower @precision of js/remote-property-injection
 2018-09-14 11:14:13 +01:00
Esben Sparre Andreasen
e2fac8a03c JS: introduce concept: FileNameSource 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
6d3c1a1d22 JS: introduce fsModuleMember 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
8de269e1fb JS: add support for fs-extra in NodeJSFileSystemAccess 2018-09-14 11:09:29 +02:00
semmle-qlci
abbadf24f0 Merge pull request #192 from esben-semmle/js/additional-array-taint-steps 
Approved by asger-semmle
 2018-09-14 10:02:36 +01:00
Esben Sparre Andreasen
81aeda69e1 JS: lower @precision of js/remote-property-injection 2018-09-14 07:37:47 +02:00
semmle-qlci
961ecfb43f Merge pull request #187 from esben-semmle/js/additional-whitelisting-form-unbound-event-handlers 
Approved by asger-semmle
 2018-09-14 06:35:39 +01:00
Raul Garcia
28050e1415 Change to cpp/overflow-buffer to detect access to an array using a negative index (static, out of range access, lower bound). 2018-09-13 15:44:32 -07:00
Esben Sparre Andreasen
cb2bd9e0ae JS: change notes for additional array taint steps 2018-09-13 21:36:53 +02:00