hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 04:13:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,694 Branches 161 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
93500bd95a JS: Improve mssql model 2021-03-30 11:34:01 +01:00
Asger Feldthaus
95937c9ac7 JS: Improve sqlite3 model 2021-03-30 11:34:01 +01:00
Asger Feldthaus
0b21b273ed JS: Improve pg model 2021-03-30 11:33:59 +01:00
Asger Feldthaus
937a620f4d JS: Improve mysql2 model 2021-03-30 11:33:42 +01:00
CodeQL CI
e8d7925084 Merge pull request #5555 from asgerf/js/misc-steps 
Approved by esbena
 2021-03-30 11:30:12 +01:00
CodeQL CI
25e26b9ac0 Merge pull request #5554 from asgerf/js/non-recursive-propref 
Approved by esbena
 2021-03-30 11:29:32 +01:00
CodeQL CI
6cceb73807 Merge pull request #5553 from asgerf/js/pg-promise 
Approved by esbena
 2021-03-30 11:28:24 +01:00
Owen Mansel-Chan
2ef85291fd Merge pull request #492 from owen-mc/promoted-field-data-flow-non-pointer-type 
Add control flow nodes for implicit fields reads when reading a promoted field
 2021-03-30 11:15:55 +01:00
Owen Mansel-Chan
2fce333a0b Fix bad join order in getBaseInstruction 
It was joining on the index first, rather than the selector expression
 2021-03-30 10:13:31 +01:00
Owen Mansel-Chan
3e57ea0e75 Fix Revel template test 
We want the controller, which is the type which embeds *Revel.Controller.
We have to skip the implicit field reads to get to the base of the selector
expression.
 2021-03-30 10:13:30 +01:00
Owen Mansel-Chan
b507c0d584 Add implicit field reads for promoted method calls 2021-03-30 10:13:30 +01:00
Owen Mansel-Chan
a89a42df6f Expand PromotedField to PromotedValueEntity 
This includes promoted methods as well
 2021-03-30 10:13:29 +01:00
Owen Mansel-Chan
770c770a8f Add tests for promoted methods 
We need implicit field reads for calls to promoted methods.
False negative flags have been added to make this pass on main.
 2021-03-30 10:13:29 +01:00
Owen Mansel-Chan
42300819a5 Remove incorrect assumption 
Now that we have implicit field reads, it is no longer the case
that the base of a field read instruction will be an eval
instruction.
 2021-03-30 10:13:28 +01:00
Owen Mansel-Chan
44b4e211c1 Make ImplicitFieldReadInstruction extend ImplicitFieldReadInstruction 
This avoids some code duplication.
 2021-03-30 10:13:28 +01:00
Owen Mansel-Chan
00aac808d2 Address review comments 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
a5293fa835 Use index to determine selector base 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
015c0537c2 Add index to FieldReadInstruction 2021-03-30 10:13:27 +01:00
Owen Mansel-Chan
0d071b2119 Use depth for implicit field selection 2021-03-30 10:13:26 +01:00
Chris Smowton
204e313c3b Improve documentation 2021-03-30 10:13:26 +01:00
Chris Smowton
6645613eb8 Deduplicate and document helper types 2021-03-30 10:13:25 +01:00
Chris Smowton
9a427931b7 Explicitly walk pointer types 
In a previous draft these could use getBaseType*
 2021-03-30 10:13:25 +01:00
Chris Smowton
660ba4e31c Optimise selectorBase, similar to existing work on implicitFieldRead 2021-03-30 10:13:25 +01:00
Chris Smowton
8cde56dfc2 Neaten and fix documentation of selectorBase 2021-03-30 10:13:24 +01:00
Chris Smowton
9444774895 Add further hints that the range of possible addressed fields, and therefore the interesting selector expressions, are small 2021-03-30 10:13:24 +01:00
Chris Smowton
22a3fccf79 Use type to hint that constraining to embedded fields is a good first step 
This improves the join order for `implicitFieldSelection`
 2021-03-30 10:13:23 +01:00
Sauyon Lee
e1b4867a19 Refactor embedded field calculation to expose access chain 
This allows us to reuse the embedded field calculation in the
logic for generating implicit field selection nodes.
 2021-03-30 10:13:23 +01:00
Owen Mansel-Chan
c192a255c5 Add change note 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
f1b6139ace Update expected results for ZipSlip to include implicit field reads 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
13cd19ee40 Make ImplicitFieldReadInstruction include implicit deref when needed 
When an ImplicitFieldReadInstruction reads an embedded field which has
a pointer type, it now includes the implicit dereference.

It might be better to extend MkImplicitDeref to cover this case, so we have
an explicit instruction for this. Then it would be easier to see when
dereferences are happening, and hence when they might cause a nil pointer
dereference.
 2021-03-30 10:13:22 +01:00
Owen Mansel-Chan
2d3caf48c1 Add implicit field reads for promoted fields 
This may not work when the embedded fields are pointer types, as
we don't have anything corresponding to MkImplicitDeref
 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
7ded91e81d Make depth of promoted fields accessible 2021-03-30 10:13:21 +01:00
Owen Mansel-Chan
b6dddd36e1 Update FieldTarget.getBaseType() 
It wasn't defined when `getBase()` was an EvalImplicitDerefInstruction.
Rewriting it like this means it should work no matter what type of
instruction `getBase()` is.
 2021-03-30 10:13:20 +01:00
Owen Mansel-Chan
b32b3157d4 (Minor) Add missing this. to method call 2021-03-30 10:13:19 +01:00
Geoffrey White
d2b991bcb5 Merge pull request #5541 from MathiasVP/definitions-for-unique_ptr 
C++: Add shared_ptr and unique_ptr implementations
 2021-03-30 09:47:56 +01:00
Mathias Vorreiter Pedersen
09ba25fe9b C++: Accept test changes. I'm actually not sure why we lose these results (and lose the field conflation, yay) It might be due to #3364. 2021-03-30 10:24:01 +02:00
Mathias Vorreiter Pedersen
8c95a9ae39 Merge branch 'main' into definitions-for-unique_ptr 2021-03-30 10:20:36 +02:00
jorgectf
3cda2e5207 Polish up ldap3 tests 2021-03-29 23:39:49 +02:00
jorgectf
8223539f0c Add a test without attributes 2021-03-29 23:28:28 +02:00
Sauyon Lee
3045eec63d Merge pull request #518 from smowton/smowton/fix/restore-extraction-under-codeql 
Tolerate empty-string CODEQL_PLATFORM, and add smoke tests
 2021-03-29 13:55:27 -07:00
Laura Coursen
2dadc752d6 Merge pull request #5563 from lecoursen/stronger-rec-to-use-lgtm.com-branch 
Make stronger recommendations around the use of the lgtm.com branch
 2021-03-29 14:29:24 -05:00
Laura Coursen
d57ec5d1ac Merge branch 'stronger-rec-to-use-lgtm.com-branch' of https://github.com/lecoursen/codeql into stronger-rec-to-use-lgtm.com-branch 2021-03-29 14:05:46 -05:00
Laura Coursen
e3b052199a Suggest lgtm.com branch first 2021-03-29 14:04:59 -05:00
Laura Coursen
eb01ffbdae Use correct terminology 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-03-29 14:03:30 -05:00
mr-sherman
bf2d7b3a16 Added IRestClientAsync methods to external location sink. Removed import from 
Remote.qll, as it is un-necessary now.
 2021-03-29 14:37:51 -04:00
Ethan Palm
2f98212eca Merge pull request #5561 from ethanpalm/fix-broken-links 
Fix broken links
 2021-03-29 14:28:49 -04:00
Laura Coursen
8f1c7c57a8 Add 💅 2021-03-29 12:53:16 -05:00
Ethan P
909dc84bb6 Update broken link 2021-03-29 13:46:45 -04:00
Laura Coursen
a18cd74756 Fix typo 2021-03-29 12:42:09 -05:00
Laura Coursen
21576387f3 Add 💅 2021-03-29 12:41:48 -05:00