hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 12:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,697 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
bbeea452e1 C++: Add test with widening of binary Expr 2020-10-12 11:08:41 +02:00
Geoffrey White
fc19bba0bd C++: Model std::set::merge and correct test annotations. 2020-10-12 10:01:57 +01:00
Tom Hvitved
9d1f64d35d C#: Avoid overlapping SSA definitions for ref/out captured variables 2020-10-12 10:52:40 +02:00
Anders Schack-Mulligen
725194a3b8 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency 
Dataflow: Introduce consistency check for flow targeting PostUpdateNodes
 2020-10-12 08:56:19 +02:00
Daniel Beck
0c70be145f Track taint through java.io.File constructor and #toURI; URI#toURL 2020-10-10 20:54:55 +02:00
Geoffrey White
c63f7cb409 C++: Taint through emplace from qualifier to return value. 2020-10-09 17:41:24 +01:00
Geoffrey White
270517d379 C++: Revise model of emplace and emplace_hint. Note that 2 of the 3 taint regressions we shouldn't be getting because we don't yet do taint through keys. 2020-10-09 17:27:18 +01:00
Geoffrey White
49c121d370 C++: More test cases covering other std::pair constructors. 2020-10-09 17:22:29 +01:00
Anders Schack-Mulligen
091e3a2931 Dataflow: Adjust test output. 2020-10-09 16:25:14 +02:00
Rasmus Lerchedahl Petersen
4bd56fdbe4 Python: Implement framework sinks 2020-10-09 16:13:47 +02:00
Rasmus Lerchedahl Petersen
0d8bd01e10 Python: Port query and add test 2020-10-09 16:11:37 +02:00
Tom Hvitved
723699a584 C#: Add SSA test for overlapping captured variable definitions 2020-10-09 16:01:19 +02:00
James Fletcher
c8cacb9fee Merge pull request #4451 from github/jf205-patch-2 
Fix typo in CodeQL docs template
 2020-10-09 14:47:39 +01:00
Geoffrey White
61a78e28ac C++: Fix map::merge. 2020-10-09 14:46:23 +01:00
James Fletcher
42ee136306 Update layout.html 2020-10-09 14:33:45 +01:00
Erik Krogh Kristensen
a0cbeb6093 add change note 2020-10-09 14:54:34 +02:00
Erik Krogh Kristensen
2fb19f0b11 refactor into a single regular expression with two capture groups 2020-10-09 14:50:16 +02:00
Erik Krogh Kristensen
f6f8bbd1d8 Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-09 14:46:31 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Tom Hvitved
29fb23e6a4 C#: Add flow summaries for System.[Value]Tuple 2020-10-09 13:38:30 +02:00
Jonas Jensen
4c9ffcec27 Merge pull request #4396 from geoffw0/stringsets 
C++: Use [, ...] syntax more widely.
 2020-10-09 13:30:05 +02:00
James Fletcher
2436c56258 Merge pull request #4444 from github/codeql-style-updates 
[CodeQL docs] First pass at style updates for docs microsite
 2020-10-09 11:40:47 +01:00
Chris Smowton
b370a865f1 Merge pull request #370 from max-schaefer/fix-formatting-targets 
Fix escaping in Makefile targets.
 2020-10-09 10:56:07 +01:00
Alexander Eyers-Taylor
b0d01cfe8d Merge pull request #4370 from jbj/range-analysis-mega-change-note 
C++: Change note for several range-analysis PRs
 2020-10-09 10:45:11 +01:00
james
6d78c7b46e fix path to primer.css in template 2020-10-09 10:04:39 +01:00
Geoffrey White
1f1be3bf9a C++: Block try_emplace arg 0. 2020-10-09 10:04:22 +01:00
james
de42906785 hide header text on small screens and fix body width 2020-10-09 10:03:13 +01:00
james
2fe986eb79 add local primer.css 2020-10-09 10:03:13 +01:00
Geoffrey White
8786fe1ab8 C++: Add test missing test case involving tainted key. 2020-10-09 10:00:22 +01:00
Tom Hvitved
412524103c Merge pull request #4437 from hvitved/csharp/cfg/compiler-generated-array-lengths 
C#: Include compiler-generated array lengths in the CFG
 2020-10-09 10:54:56 +02:00
Max Schaefer
9db478aa03 Fix escaping in Makefile targets. 
Previously, invoking `make autoformat` would run a command of this form:

```sh
... | grep \\.go$ | ...
```

Note that the `$` is not escaped. This probably wasn't intended, even though it happens to work anyway, since the shell doesn't try to expand lone `$`s.

More problematically, invoking `make check-formatting` would run a command of this form:

```sh
... | grep \\.go| ...
```

Note that the `$` is gone, so it matches `.go` anywhere in the file name. In particular, it matches `ql/test/library-tests/semmle/go/frameworks/Protobuf/vendor/google.golang.org/protobuf/LICENSE`, which I think is responsible for the somewhat mysterious "expected 'package', found Copyright" errors we've been seeing from CI.

This PR fixes both targets to run

```sh
... | grep '\.go$' | ...
```

Because of the single quotes we only need a single backslash, and the `$` gets left alone.
 2020-10-09 09:07:24 +01:00
CodeQL CI
3894ecf779 Merge pull request #4441 from max-schaefer/js/add-negative-api-graphs-test 
Approved by erik-krogh
 2020-10-09 00:37:38 -07:00
Sauyon Lee
85c92251d6 Add a new binary for tracing 2020-10-08 23:31:06 -07:00
Sauyon Lee
de0582a67f autobuilder: extract out attempted build commands 2020-10-08 23:31:05 -07:00
Sauyon Lee
cd63ea84aa extractor: revamp argument parsing 2020-10-08 23:31:05 -07:00
Sauyon Lee
2da89c6527 extractor: factor out run from autobuilder 2020-10-08 23:31:05 -07:00
Sauyon Lee
eaf5342b7d Enable Go modules while determining module directory 2020-10-08 23:31:05 -07:00
Sauyon Lee
16796529fc Add package directory as a wanted root 2020-10-08 23:31:05 -07:00
Erik Krogh Kristensen
3b328baaef changes based on review 2020-10-08 21:54:23 +02:00
Erik Krogh Kristensen
65b90c411c Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-08 21:28:50 +02:00
Erik Krogh Kristensen
d3e3c11fa6 add printAst query for printing JS/TS/JSON/YAML/HTML 2020-10-08 21:20:28 +02:00
Max Schaefer
4bf6f6ac7c JavaScript: Add a negative test for API graphs. 
The test ensures that flow summarization won't label property `f` of the first parameter of `assertNotNull` as a sink, which would be very imprecise.
 2020-10-08 19:53:23 +01:00
Geoffrey White
493b80c44d C++: Fix incorrect translations to hasQualifiedName. 2020-10-08 17:56:57 +01:00
Dave Bartolomeo
e4bfb75f90 C++: Fix pointer flow through temporary objects 2020-10-08 12:24:59 -04:00
Tamás Vajk
f42cbcbeae Merge pull request #4428 from tamasvajk/feature/force-nuget-single-restore 
C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder
 2020-10-08 18:23:12 +02:00
Taus
60eec7b136 Python: Update python/ql/src/experimental/dataflow/internal/Attributes.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-08 18:14:20 +02:00
Taus Brock-Nannestad
d46453caaa Python: Support named imports as attribute reads 
Required a small change in `DataFlow::importModule` to get the desired
behaviour (cf. the type trackers defined in `moduleattr.ql`, but this
should be harmless. The node that is added doesn't have any flow
anywhere.
 2020-10-08 18:08:55 +02:00
Geoffrey White
c555cfa22a C++: Replace isParameterDeref(_). 2020-10-08 16:55:45 +01:00
Tamas Vajk
f3f908383b C#: Adjust autobuilder tests for added nuget.exe flag 2020-10-08 17:07:40 +02:00
Tamas Vajk
522f41377f C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder 2020-10-08 17:02:14 +02:00