hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00
Erik Krogh Kristensen
9bcbedde46 update consistency comment in passwords.js 2020-07-08 09:55:00 +02:00
Erik Krogh Kristensen
664c5e64b4 add [INCONSISTENCY] comment in CodeInjection test 2020-07-08 09:48:12 +02:00
Erik Krogh Kristensen
00e900f1b1 only include named topmost package.json files for js/shell-command-constructed-from-input 2020-07-08 09:25:08 +02:00
Anders Schack-Mulligen
c166fee198 Merge pull request #3894 from aibaars/util-arrays 
Java: model taint for java.util.Arrays
 2020-07-08 09:06:40 +02:00
Marcono1234
00a61816c0 Improve VariableAssign.getSource documentation 2020-07-07 22:37:58 +02:00
Dave Bartolomeo
6f7a8d029c C++: Move .gitignore into autobuilder directory 
On second thought, I'm going to make this apply only to the AutoBuilder directory. C# has it in the root of `csharp`, but they need it for their extractor as well.
 2020-07-07 16:31:46 -04:00
Dave Bartolomeo
d3bcc1dae4 C++: Add .gitignore for autobuilder 
C# has its own additional `.gitignore` to ignore the output files of the AutoBuilder build. Now that we have our own AutoBuilder in C++, we need the same thing.
 2020-07-07 16:27:43 -04:00
Taus
548fceb306 Merge pull request #3917 from RasmusWL/python-fix-experimental-tests 
Python: Fix experimental tests
 2020-07-07 22:05:47 +02:00
Arthur Baars
441bf98ce7 Java: add Vector::copyInto, BlockingQueue::drainTo 2020-07-07 20:35:02 +02:00
Arthur Baars
c9ae2c8b2c Java: ContainerFlow: organize taintPreservingArgumentToQualifier 2020-07-07 20:32:10 +02:00
dilanbhalla
3b9daa2db2 added pr fixes 2020-07-07 11:05:39 -07:00
Arthur Baars
5d73b99fd1 Java: ContainerFlow: organize taintPreservingQualifierToMethod 2020-07-07 19:53:11 +02:00
dilanbhalla
26b030f8cc fixed pr suggestions 2020-07-07 10:52:26 -07:00
Rasmus Wriedt Larsen
7306f58e57 Python: Fix experimental tests 2020-07-07 19:44:43 +02:00
Rasmus Wriedt Larsen
1d5ef381ae Merge pull request #3915 from tausbn/python-qlformat-everything-again 
Python: Autoformat everything using `qlformat`.
 2020-07-07 18:48:05 +02:00
dilanbhalla
d201c4ba8a fixed pr suggestions for tags/formatting 2020-07-07 09:34:04 -07:00
Arthur Baars
940fec5669 Drop taint tracking for Arrays.{deepToString,toString} 2020-07-07 17:26:49 +02:00
Arthur Baars
583f7f914e Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix} 2020-07-07 17:22:30 +02:00
Max Schaefer
bc778b5899 Merge pull request #243 from max-schaefer/cve-2019-11250 
Improvements to clear-text logging query
 2020-07-07 16:03:40 +01:00
Taus Brock-Nannestad
45eccb2521 Python: Fix test failures. 2020-07-07 17:01:17 +02:00
Geoffrey White
bc7c83a5d6 C++: Add taint test cases confirming that constructor definitions do no need to be present. 2020-07-07 16:01:13 +01:00
Arthur Baars
9cf6601d02 Java: Data flow for java.util.Objects 2020-07-07 16:58:22 +02:00
Ian Lynagh
22666dd46e Merge pull request #3875 from igfoo/is_constexpr 
C++: Accept test changes for is_constexpr
 2020-07-07 15:47:28 +01:00
Taus
df4d145490 Merge branch 'master' into python-qlformat-everything-again 2020-07-07 16:33:21 +02:00
Jonas Jensen
32fcfcf97c Merge pull request #3912 from aschackmull/location-doc 
C++/C#/JavaScript/Python: Port Location qldoc update.
 2020-07-07 15:54:34 +02:00
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Raz0r
3487ec17d0 add tests 2020-07-07 16:26:14 +03:00
Erik Krogh Kristensen
d85d9b9b5b autoformat 2020-07-07 16:21:03 +03:00
Arseny Reutov
b46b49586a Apply suggestions from code review 
`interpretsValueAsJavaScript` -> `interpretsValueAsJavaScriptUrl`

Co-authored-by: Asger F <asgerf@github.com>
 2020-07-07 16:21:03 +03:00
Raz0r
54db6c4a39 [js/client-side-unvalidated-url-redirection] add interpretsValueAsJavaScript predicate 2020-07-07 16:21:03 +03:00
Max Schaefer
3a897a9dd0 Merge pull request #247 from shati-patel/docs 
Docs: Editorial changes to library modeling topic
 2020-07-07 13:37:51 +01:00
Max Schaefer
b4c56928c4 Merge pull request #248 from max-schaefer/location-doc 
Port Location qldoc update.
 2020-07-07 13:37:36 +01:00
Max Schaefer
47a858610d Merge pull request #239 from smowton/smowton/feature/find-noreturn-user-functions 
Switch from using mustPanic to mayReturnNormally to construct a call-expression's CFG
 2020-07-07 13:37:18 +01:00
Luke Cartey
3fef5cabf1 Merge pull request #1 from aschackmull/java/spring-3653 
Java: Review changes for https://github.com/github/codeql/pull/3653
 2020-07-07 12:07:33 +01:00
Chris Smowton
6e5ee47ade Switch from using mustPanic to mayReturnNormally to construct a call-expression's CFG 
We also use this to note that user-defined functions can only return normally if their CFG normal exit node is reachable, and annotate some well-known functions as noreturn.

For example, this will by fiat declare os.Exit noreturn (never returns normally), and will also notice that a user function `func myExit() { os.Exit(1) }` is also noreturn, because it doesn't have any control-flow edges that reach the normal return node.
 2020-07-07 11:40:06 +01:00
Max Schaefer
842860d7ca Port Location qldoc update. 
cf https://github.com/github/codeql/pull/3907
 2020-07-07 10:58:00 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
Rasmus Wriedt Larsen
42227c625d Python: Fix grammar 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-07 11:33:54 +02:00
Rasmus Wriedt Larsen
27d1512a75 Python: MWE for call-graph tracing and ql comparison 2020-07-07 11:05:03 +02:00
Shati Patel
5ddcf92859 Editorial changes to library modeling topic 2020-07-07 10:02:33 +01:00
Shati Patel
eaec2d722c Merge pull request #3888 from shati-patel/go-docs 
Learning CodeQL: Add new library modeling guide (Go)
 2020-07-07 09:54:39 +01:00
Anders Schack-Mulligen
993506d781 Merge pull request #3820 from Marcono1234/patch-2 
Add missing java.nio.file.Files methods to FileReadWrite.qll
 2020-07-07 10:29:17 +02:00
Max Schaefer
d8ff2d1641 Merge pull request #246 from smowton/smowton/feature/nuisance-dead-code-warnings 
UnreachableStatement: tolerate more harmless unreachable return statements
 2020-07-07 09:26:48 +01:00
Anders Schack-Mulligen
173e108606 Merge pull request #3907 from Marcono1234/patch-1 
Java: Clarify documentation for Location predicate results
 2020-07-07 07:58:39 +02:00
semmle-qlci
f2ce125e61 Merge pull request #3902 from Marcono1234/fix-outdated-query-links 
Approved by shati-patel
 2020-07-06 21:13:05 +01:00
Philippe Antoine
8f7ff1a537 Adds another redundant null check rule 2020-07-06 21:45:54 +02:00
Marcono1234
5649254dbd Fix broken link formatting in introduce-libraries-java.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-07-06 20:35:11 +02:00
Ian Lynagh
0d9b18dbd7 C++: Accept test changes for is_constexpr 
Generated copy and move constructors may now be marked as constexpr.
 2020-07-06 19:24:39 +01:00
Geoffrey White
0caa17ab10 C++: Test the new methods. 2020-07-06 18:47:56 +01:00