hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,726 Commits 1,742 Branches 165 Tags
fcd53ae6311bc45a2201da3ced8586bbc14b029a
Commit Graph

1726 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
b4846dc995 CPP: Modify NVIHub.ql. 2018-11-21 13:11:08 +00:00
calum
69ab1ed5bd C#: Add nodes predicate to all path queries. 2018-11-21 12:35:05 +00:00
Max Schaefer
19aa12106c JavaScript: Teach AutoBuild to exclude minified files from extraction by default . 
This adds default exclusion filters for `**/*.min.js` and `**/*-min.js` to the JavaScript auto-builder, meaning that files matching these patterns will no longer be extracted,
unless they are re-included in the `.lgtm.yml` file.

Alerts in minified code aren't shown by default anyway, so we can save ourselves some work by not analyzing them in the first place.

While including minified files in the snapshot can in theory improve analysis results in non-minified files, this is likely to be rare in practice.
 2018-11-21 12:27:39 +00:00
calumgrant
1b12e845c5 Merge pull request #491 from hvitved/csharp/cfg/split-negation 
C#: Fix two bugs in Boolean CFG splitting
 2018-11-21 11:48:08 +00:00
calum
8c753d7e94 C#: Fix ReDoS query. 2018-11-21 11:15:55 +00:00
Jonas Jensen
f177e348bd Merge pull request #471 from geoffw0/query-tags-2 
CPP: Query tags 2 (JSF queries)
 2018-11-21 11:43:29 +01:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
Dave Bartolomeo
3715215b3f C++: Add IR support for ConditionalDeclExpr 
Also fixes several places in the library that weren't handling `ConditionalDeclExpr`  correctly.
 2018-11-21 00:14:44 -08:00
Dave Bartolomeo
07f9fe6ee4 C++: Add Uninitialized instruction for list-initialized variables 
This commit inserts an `Uninitialized` instruction to "initialize" a local variable when that variable is initialized with an initializer list. This ensures that there is always a definition of the whole variable before any read or write to part of that variable.

This change appears in a different form in @rdmarsh2's Chi node PR, but I needed to refactor the initialization code anyway to handle ConditionDeclExpr.
 2018-11-20 16:12:44 -08:00
Tom Hvitved
8233e34ba2 C#: Fix Boolean splitting for variables defined in a loop 2018-11-20 21:22:00 +01:00
Tom Hvitved
89d5daa137 C#: Fix Boolean splitting negation bug 2018-11-20 21:22:00 +01:00
Tom Hvitved
841218540e C#: Add CFG test 
This test exhibits two issues with Boolean CFG splitting: incorrect handling of
negated variables and incorrect splitting for variables defined inside a loop.
 2018-11-20 21:22:00 +01:00
calumgrant
87072dfb0e Merge pull request #489 from hvitved/csharp/pre-ssa-extensions 
C#: Extensions to pre-SSA library
 2018-11-20 20:20:41 +00:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00
Geoffrey White
3c7ed9b7ab CPP: Fix typo. 2018-11-20 17:13:23 +00:00
Geoffrey White
8aeaf0bc8e CPP: Add an external/jsf tag as well. 2018-11-20 17:13:23 +00:00
Geoffrey White
bb7da78c95 CPP: Tag the JSF queries. 2018-11-20 17:13:22 +00:00
Geoffrey White
9922e36590 CPP: Add missing file. 2018-11-20 16:55:10 +00:00
Geoffrey White
ae91581204 CPP: Change note. 2018-11-20 16:52:36 +00:00
Geoffrey White
0493b68b50 Merge pull request #497 from jbj/disable-no-virtual-destructor 
C++: Remove @precision from AV Rule 78
 2018-11-20 16:44:36 +00:00
Geoffrey White
d8381ef448 CPP: Add change notes for some more changes. 2018-11-20 16:42:17 +00:00
Geoffrey White
7df7d8dd9e CPP: Add change notes for new query contributions. 2018-11-20 16:14:22 +00:00
Geoffrey White
e8f967a477 CPP: Add change notes for my recent changes. 2018-11-20 16:14:22 +00:00
Tom Hvitved
3e78c2671f C#: Generalize pre-SSA library to include local-scope-like fields/properties 2018-11-20 15:07:44 +01:00
Tom Hvitved
25150265dc C#: Compute phi inputs in pre-SSA library 
Logic is copied directly from the ordinary SSA library.
 2018-11-20 15:07:43 +01:00
Jonas Jensen
33111b6b27 Merge pull request #498 from geoffw0/test-cleanup 
CPP: Clean up some test code.
 2018-11-20 14:44:52 +01:00
Tom Hvitved
252b756184 Merge pull request #472 from felicity-semmle/csharp/SD-2778-qhelp-update 
C#: Minor updates for consistency (SD-2778)
 2018-11-20 14:28:29 +01:00
semmle-qlci
4b5f24d99e Merge pull request #449 from hvitved/csharp/ssa/live-at-rank 
Approved by calumgrant
 2018-11-20 13:01:02 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5 JavaScript: Make TargetBlank only highlight the first line of the link. 
Otherwise alerts for multi-line `<a>` elements end up looking very red.

I also took the opportunity to improve the tests slightly.
 2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Geoffrey White
342164ff71 CPP: Clean up / normalize some test code. 2018-11-20 09:50:59 +00:00
Jonas Jensen
6c0305cb80 Merge pull request #495 from geoffw0/returnvalue 
CPP: Fix 'Missing return statement'
 2018-11-20 10:16:30 +01:00
Jonas Jensen
d7c2f9d185 C++: Remove @precision from AV Rule 78 
This rule, named "No virtual destructor", was supposed to be superseded
by `cpp/virtual-destructor` in 0c796de83, but that commit didn't
actually disable this rule, so both rules are now active in the LGTM
suite.

This commit disables the rule by removing `@precision`. We're still
discussing the best way to disable rules that are precise and valid but
not universally applicable. For now, removing `@precision` is consistent
with how we're keeping most other JSF queries from appearing on LGTM.
 2018-11-20 09:43:54 +01:00
Jonas Jensen
cc28d04ba7 Merge pull request #405 from geoffw0/selfcompare 
CPP: Fix false positives in PointlessSelfComparison.ql
 2018-11-20 09:25:10 +01:00
Tom Hvitved
9f7eef02ec C#: Address review comments 2018-11-20 09:24:53 +01:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7 JS: address review comments 2018-11-20 08:37:23 +01:00
Felicity Chapman
fc6e9be75a Fix incorrect tag 2018-11-20 07:12:48 +00:00
semmle-qlci
26a248b14a Merge pull request #487 from xiemaisi/js/lint-join-order 
Approved by esben-semmle
 2018-11-20 06:51:33 +00:00
semmle-qlci
7df397f8ab Merge pull request #486 from xiemaisi/js/lower-severities 
Approved by asger-semmle
 2018-11-20 06:39:23 +00:00
semmle-qlci
f5e25e61e0 Merge pull request #490 from xiemaisi/js/remove-actual 
Approved by asger-semmle
 2018-11-19 16:20:19 +00:00
Geoffrey White
5cae65295d CPP: Fix FPs from AV Rule 114.ql. 2018-11-19 16:09:40 +00:00
Geoffrey White
d18a7012f5 CPP: Add a test case. 2018-11-19 16:08:32 +00:00
Geoffrey White
33130b9800 CPP: Apply recommended fix. 2018-11-19 14:39:28 +00:00
Geoffrey White
6a14748af8 CPP: Add recommended test. 2018-11-19 14:25:11 +00:00
Geoffrey White
646bb01a5f CPP: Change note. 2018-11-19 14:04:14 +00:00
Jonas Jensen
111df470c3 Merge pull request #485 from geoffw0/limitedscopefunction 
CPP: Fix Limitedscopefunction.ql
 2018-11-19 14:51:20 +01:00