hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 11:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,692 Branches 161 Tags
codeql-cli/latest
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
AndreiDiaconu1
0528d8ef39 C# IR: Object creation refactoring 
The way object creation was translated has been changed: now creations are treated as expressions.
The main motivation for this was the inability to have creation expressions as arguments to
function calls (a test case has been added to showcase this).
All code that dealt with creation expressions has been moved from `TranslatedInitialization.qll` to `TranslatedExpr.qll`.
Some light refactoring has also been done, mainly removing code that was useless after the changes mentioned above.
 2019-09-10 09:20:21 +01:00
AndreiDiaconu1
d9f3c14c9c C# IR: Add support for multiple decls and updates 
Added support for multiple declarations and updates in a for stmt.
Added test cases and updated the expected output.
 2019-09-10 09:17:41 +01:00
Jonas Jensen
d6fba0ef46 C++: Don't create partial defs for calls to const 
These partial defs don't do any harm, but they could hurt performance.
In typical C++ snapshots, between 5% and 20% of all calls are to `const`
functions.
 2019-09-10 09:49:16 +02:00
Jonas Jensen
fd3615d120 C++: Show that there are too many partial defs 2019-09-10 09:44:07 +02:00
jf205
ad4715fd52 Merge pull request #1908 from shati-semmle/ql-hb/fixes 
QL handbook: Add examples and fix typos
 2019-09-10 08:42:14 +01:00
Jonas Jensen
7b09e4177e C++: Add localExprTaint for IR 
This is for ODASA-8053.
 2019-09-10 09:40:31 +02:00
Jonas Jensen
80a0027808 C++: Shared TaintTrackingImpl for IR TaintTracking 2019-09-10 09:40:27 +02:00
Jonas Jensen
770212567f C++: Fix up IR data flow QLDoc 2019-09-10 09:34:54 +02:00
Tom Hvitved
41cd13a637 C#: Update expected test output 2019-09-10 09:17:50 +02:00
Robert Marsh
2806a52ec5 Merge pull request #1888 from jbj/ir-dataflow-node-ipa 
C++: Hide that IR DataFlow::Node is Instruction
 2019-09-09 11:00:37 -07:00
Geoffrey White
4283a1508d Merge pull request #1870 from jbj/autoformat-all 
C++: Autoformat everything
 2019-09-09 16:05:32 +01:00
Shati Patel
cfa51a0e8b QL HB: Add predicate call example [SD-3864] 2019-09-09 16:01:42 +01:00
Shati Patel
f5de1dc999 QL HB: Explain use of cast [SD-3865] 2019-09-09 16:01:41 +01:00
Shati Patel
4f2c9fa3cb QL HB: Expand bindingset example [SD-3863] 2019-09-09 16:01:14 +01:00
Shati Patel
acca48bd8f QL HB: Fix typo [SD-3862] 2019-09-09 16:01:07 +01:00
Max Schaefer
bdba647bf5 Merge pull request #1893 from erik-semmle/addXLinkHref 
JS: add xlink:href as xss target when using setAttribute
 2019-09-09 15:56:47 +01:00
Jonas Jensen
79f456e8bd Merge pull request #1905 from ian-semmle/mangling_more 
C++: Resolve all classes
 2019-09-09 16:48:30 +02:00
Asger F
194a1c3530 JS: Change note 2019-09-09 15:42:43 +01:00
Calum Grant
79a750dfaf Merge pull request #1845 from AndreiDiaconu1/ircsharp-compiler-generated 
C# IR: Framework for translating compiler generated elements
 2019-09-09 15:42:07 +01:00
Asger F
ad5abc61cc JS: Move typed test into separate test 2019-09-09 15:35:26 +01:00
Asger F
ea446f2aa1 JS: Use type info in mongodb/mongoose model 2019-09-09 15:35:26 +01:00
Asger F
8e397ad203 JS: Use type tracking in mongodb/mongoose model 2019-09-09 15:35:23 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
semmle-qlci
89cba089b4 Merge pull request #1892 from asger-semmle/event-handler-sink 
Approved by esben-semmle
 2019-09-09 15:33:21 +01:00
Erik Krogh Kristensen
03b210a8e1 made the two Passport classes in the Express model private 2019-09-09 13:04:47 +01:00
Erik Krogh Kristensen
3ebe6608c2 updated expected values for the Express test 2019-09-09 13:02:35 +01:00
erik-semmle
d01f84f015 fix comment in passport test 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-09-09 12:59:38 +01:00
Asger F
b6690bb644 JS: Add change note 2019-09-09 12:45:03 +01:00
Tom Hvitved
170621d1cc C#: Address review comments 2019-09-09 13:38:23 +02:00
AndreiDiaconu1
53ebe23db6 Better retrieval for the GetEnumerator call 2019-09-09 12:33:19 +01:00
Felicity Chapman
28fece0f75 Merge pull request #1906 from jf205/readme-updates 
docs: update readme following recent project changes
 2019-09-09 12:27:24 +01:00
semmle-qlci
2283195ebd Merge pull request #1871 from asger-semmle/type-tracking-through-imports 
Approved by xiemaisi
 2019-09-09 12:25:06 +01:00
Erik Krogh Kristensen
26f6b1d186 add model for passport.use in the Express model 2019-09-09 12:01:11 +01:00
james
54342a6daa docs: update readme 2019-09-09 11:57:08 +01:00
Geoffrey White
22e1715368 Merge pull request #1900 from jbj/dataflow-this-by-ref 
C++: Fix flow out of `this` by reference
 2019-09-09 11:15:32 +01:00
james
e8f867204d docs: fix broken links in js topics 2019-09-09 11:15:18 +01:00
Geoffrey White
26490bd97f Merge pull request #1885 from jbj/dataflow-D.cpp 
C++: Add D.cpp, ported from D.java
 2019-09-09 10:55:33 +01:00
Asger F
65862c922c JS: Update tests 2019-09-09 10:53:13 +01:00
Asger F
631ff27d31 JS: Use ValueNode for all ImportSpecifiers 2019-09-09 10:53:13 +01:00
Asger F
61e1d793df JS: Fixes in DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
5573279580 JS: regression test for DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
3b962dce22 JS: Add explicit type tracking test 2019-09-09 10:51:21 +01:00
Asger F
afcdc12e7b JS: Use ValueNode, not SSA node, to model NamedImportSpecifier 2019-09-09 10:51:17 +01:00
semmle-qlci
57afde0240 Merge pull request #1872 from esben-semmle/js/extraction_metrics 
Approved by xiemaisi
 2019-09-09 10:45:33 +01:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Tom Hvitved
77d7db323d Merge pull request #1895 from calumgrant/cs/date-queries 
C#: Tidy up cs/unsafe-year-construction and cs/mishandling-japanese-era
 2019-09-09 11:24:49 +02:00
Jonas Jensen
1784122929 C++: Fixes from Geoffrey's review round 4 2019-09-09 11:21:55 +02:00
Jonas Jensen
969d76671e C++: Tidy up long comments that attach to items 2019-09-09 11:04:05 +02:00
Jonas Jensen
4769d00c50 C++: Fix autoformat of //-comments after + 
The autoformatter would associate these comments to the following term
instead of the preceding term.
 2019-09-09 11:04:05 +02:00
Jonas Jensen
3324bfb198 C++: Fix long comments without * on each line 
Comments like these will make the autoformatter produce bad indentation.

For the record (not for explainability), these issues were found with

    git grep -P -A1 '^( */\*| +\*( |$))(.(?!\*/))*$' cpp/ql/src/'**/*.ql*' |grep -B10 'qll\?- [^*]*$'
 2019-09-09 11:04:04 +02:00