hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,837 Commits 1,746 Branches 166 Tags
fa94fedfc30ce461c15273772fb6ff19f81648ad
Commit Graph

21837 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marcono1234
9349e6922d Java: Add ToStringMethod 2021-04-10 04:00:44 +02:00
porcupineyhairs
8687c5c145 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-10 04:18:35 +05:30
Dave Bartolomeo
0a86642056 C++: Refactor some side effect generation code 
This change was necessary for my upcoming changes to introduce side effect instructions for indirections of smart pointers. The code to decide which parameters have which side effects appeared in both the IPA constructor for `TTranslatedSideEffect` and in `TranslatedCall`. These two versions didn't quite agree, especially once the `SideEffectFunction` model provides its own side effects instead of the defaults.
The relevant code has now been factored out into `SideEffects.qll`. This queries the model if one exists, and provides default side effects if no model exists. This fixes at least one existing issue, where we were emitting a buffer read side effect for `*this` instead of an indirect read side effect. This accounts for all of the IR diffs in the tests.
 2021-04-09 16:14:03 -04:00
luchua-bc
4e3791dc0d Remove LoadCredentialsConfiguration and update qldoc 2021-04-09 19:36:35 +00:00
Taus
720fbaf301 Python: Fix test error. 
Somehow, having to type "Node" all day long made me turn "json" into
"node"...

Also removes some bits that weren't needed after all.
 2021-04-09 19:04:49 +00:00
Mathias Vorreiter Pedersen
1510fe370d C++: Add cases for const pointer wrapper references to AddressFlow and FlowVar. 2021-04-09 20:58:05 +02:00
Mathias Vorreiter Pedersen
2329b31601 C++: Replace the new SmartPointerPartialDefinition with additional steps in AddressFlow.qll 2021-04-09 20:49:45 +02:00
Mathias Vorreiter Pedersen
a460e3ad3d Merge branch 'main' into ast-flow-smart-pointers 2021-04-09 19:41:10 +02:00
Taus
cc4827600b Python: Use API graphs in Stdlib.qll 
Eliminates _almost_ all of the bespoke type trackers found here. The
ones that remain do not fit easily inside the framework of API graphs
(at least, not yet), and I did not see any easy ways to clean them up.
They have, however, been rewritten to use `LocalSourceNode` internally,
which was the primary goal of this exercise.

I'm sure we could also clean up many of the inner modules given the more
lean presentation we have now, but this can wait for a different PR.
 2021-04-09 17:11:47 +00:00
luchua-bc
04b0682bbf Use isAdditionalTaintStep and make the query more readable 2021-04-09 16:14:51 +00:00
Tom Hvitved
fd8f745468 Java: Adopt shared flow summary library and refactor data-flow nodes. 2021-04-09 16:57:03 +02:00
Shati Patel
2d618d6b92 Merge pull request #5625 from shati-patel/docs/cli-manual 
Docs: Link to CodeQL CLI manual from the sidebar
codeql-cli/v2.5.2 codeql-cli/v2.5.1 		2021-04-09 15:30:24 +01:00
Tom Hvitved
f130616369 Data flow: Make getLocalCc private again 2021-04-09 16:22:58 +02:00
Taus
d2b874f217 Python: Use API graphs in PEP249 support 
Because the replacement extension point now extends `API::Node`, I
modified the `toString` method of the latter to have an empty body.
The alternative would be to require everyone to provide a `toString`
predicate for their extensions, but seeing as these will usually be
pointing to already existing API graph nodes, this seems silly.

(This may be the reason why the equivalent method in the JS libs has
such an implementation.)
 2021-04-09 14:19:00 +00:00
Jonas Jensen
e1d0bbb021 Merge pull request #5607 from MathiasVP/smart-pointer-ast-read-store-steps 
C++: read and store steps for smart pointers in AST dataflow
 2021-04-09 16:11:48 +02:00
CodeQL CI
6fd4a8afff Merge pull request #5567 from asgerf/js/sql-models 
Approved by esbena
 2021-04-09 07:11:10 -07:00
CodeQL CI
be2fe6e171 Merge pull request #5630 from erik-krogh/urlStep 
Approved by esbena
 2021-04-09 07:05:43 -07:00
CodeQL CI
8d2768b2ce Merge pull request #5634 from erik-krogh/fileSource 
Approved by asgerf
 2021-04-09 07:04:42 -07:00
Anders Schack-Mulligen
701e815368 Merge pull request #5628 from hvitved/java/remove-unique 
Java: Remove `unique` wrapper from `DataFlow::Node::getEnclosingCallable()`
 2021-04-09 15:21:26 +02:00
Mathias Vorreiter Pedersen
cd310eb9d5 C++: Remove unused import. 2021-04-09 15:08:48 +02:00
Tamás Vajk
992a4df12f Merge pull request #5619 from tamasvajk/feature/fix-default-argument-value-extraction 
C# Improve default argument value extraction
 2021-04-09 14:58:35 +02:00
Mathias Vorreiter Pedersen
996cda9b97 C++: Fix incorrect test annotation. 2021-04-09 14:46:46 +02:00
Tom Hvitved
6874b8d4b3 Data flow: Prevent bad join-order in pathStep 2021-04-09 14:24:47 +02:00
Mathias Vorreiter Pedersen
80d5b17900 C++: Remove the dataflow rule for smart_ptr -> *smart_ptr. 2021-04-09 14:20:51 +02:00
Mathias Vorreiter Pedersen
cae0060a89 C++: Replace the new rules in DataFlowUtil with a dataflow model for pointer wrapper classes. 2021-04-09 14:06:58 +02:00
Taus
affdedd840 Python: Add missing builtins to API::builtin 
We were missing out on `None`, `True`, and `False` as these do not
appear as actual attributes of the `builtins` module in Python 3
(because they are elevated to the status of keywords there)

The simple solution, then, is to just always include them directly.
 2021-04-09 12:02:07 +00:00
Tamas Vajk
46197e6e69 Address review comments 2021-04-09 13:39:37 +02:00
Erik Krogh Kristensen
595bdedb22 rename predicate to getStem, and update regexp 2021-04-09 13:07:54 +02:00
Mathias Vorreiter Pedersen
0a6aef71a2 C++: Respond to review comments. 2021-04-09 12:29:13 +02:00
CodeQL CI
652e8b4872 Merge pull request #5586 from asgerf/js/tsconfig-file-inclusion-handling 
Approved by esbena
 2021-04-09 02:50:51 -07:00
Tom Hvitved
c9c4c067b6 Merge pull request #5633 from hvitved/csharp/get-a-source-type-perf 
C#: Improve performance of `Dispatch::SimpleTypeDataFlow::getASourceType()`
 2021-04-09 11:42:34 +02:00
Tamás Vajk
a335bb0115 Merge pull request #5609 from tamasvajk/feature/dapper 
C#: Dapper support
 2021-04-09 10:52:17 +02:00
CodeQL CI
ad267404c9 Merge pull request #5137 from asgerf/js/redux-less 
Approved by erik-krogh
 2021-04-09 01:24:19 -07:00
Tamas Vajk
d7f0b9a7fa Add change note 2021-04-09 09:58:37 +02:00
Tamas Vajk
749db379ca Address code review findings 2021-04-09 09:55:37 +02:00
Tamas Vajk
dbb3d3dc17 Add change note 2021-04-09 09:50:55 +02:00
luchua-bc
11304b2ae1 Update qldoc and change the wrapper method implementation 2021-04-09 02:21:59 +00:00
Erik Krogh Kristensen
7f01586bf1 fix bad join order in getDocumentedParameter 2021-04-09 01:15:46 +02:00
Erik Krogh Kristensen
e5bce548de add nomagic on mayHaveStringValue 2021-04-09 00:08:51 +02:00
Erik Krogh Kristensen
956311457d fixed bad SourceNode X SourceNode join in HTTP model 2021-04-08 21:15:50 +02:00
ihsinme
9b3ccade43 Update test.c 2021-04-08 22:06:35 +03:00
ihsinme
02eb447a35 Update InsufficientControlFlowManagementWhenUsingBitOperations.expected 2021-04-08 22:04:08 +03:00
ihsinme
a6b486a448 Update InsufficientControlFlowManagementWhenUsingBitOperations.ql 2021-04-08 22:01:43 +03:00
Dilan
d73ba13b28 autoformat fix 2021-04-08 11:41:58 -07:00
Artem Smotrakov
b39a3ab12c Added setVariable() sink 2021-04-08 20:41:43 +03:00
Tamás Vajk
8adaee05b6 Merge pull request #5453 from tamasvajk/feature/use_codeql_stubs 
C#: Adjust make_stubs.py to use codeql instead of odasa
 2021-04-08 16:16:05 +02:00
Anders Schack-Mulligen
6109ef5e88 Merge pull request #5475 from Marcono1234/marcono1234/minus-literal 
Java: Improve documentation regarding minus in front of numeric literals
 2021-04-08 16:11:14 +02:00
Asger Feldthaus
7d300b53d7 JS: Autoformat 2021-04-08 15:06:48 +01:00
Anders Schack-Mulligen
d42a01cb3a qldoc fixup 2021-04-08 15:45:21 +02:00
Tamas Vajk
e5160929eb Remove ODASA reference from make_stubs.py 2021-04-08 15:04:02 +02:00