hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
6707e3424d JS: Prevent bad join ordering 2020-06-26 20:21:56 +01:00
Taus Brock-Nannestad
24daf2c4d1 Python: Document internal AST classes. 
We already document these in the classes that override them, so I
simply added a pointer to this information.
 2020-06-26 21:15:30 +02:00
Max Schaefer
91ca2bb434 Merge pull request #231 from max-schaefer/taint-through-range 
Propagate taint through `range` statements
 2020-06-26 19:58:53 +01:00
Asger Feldthaus
06dd3ab2ca JS: Propagate into RegExp.$x 2020-06-26 18:58:43 +01:00
Asger Feldthaus
17af8f7650 JS: Add test for taint propagating into RegExp.$1 2020-06-26 18:58:43 +01:00
Dave Bartolomeo
e00a8f7670 Merge pull request #3815 from jbj/getAPrimaryQlClass 
C++: getCanonicalQLClass -> getAPrimaryQlClass
 2020-06-26 13:52:16 -04:00
Dave Bartolomeo
5f290520ab C++: Accept test diffs due to opcode rename 2020-06-26 13:45:41 -04:00
semmle-qlci
3aefb7fad9 Merge pull request #3613 from erik-krogh/Reassigned 
Approved by asgerf
 2020-06-26 17:05:45 +01:00
Dave Bartolomeo
281985b845 C++: Sync Opcode.qll QLDoc with Instruction.qll QLDoc 
For every concrete `Opcode`, there is a corresponding `Instruction` class. Rather than duplicate all of the QLDoc by hand, I wrote a quick Python script to copy the QLDoc from `Instruction.qll` to `Opcode.qll`. I don't expect that we will need to do this often, so I'm not hooking it up to a PR check or anything like that, but I did commit the script itself in case we need it again.
 2020-06-26 11:42:32 -04:00
Dave Bartolomeo
023e1dc0a2 Instruction and opcode cleanup 
- Renamed `DynamicCastToVoid` to the more descriptive `CompleteObjectAddress`
- Split verbose description from summary in a few Instruction QLDoc comments.
- Added `Instruction` classes for the few remaining `Opcode`s that didn't have one.
- Removed a use of "e.g."
 2020-06-26 11:39:10 -04:00
Jonas Jensen
a22fb7662e C++: Autoformat fixup 2020-06-26 16:57:06 +02:00
Marcono1234
7443c9c5ad Fix outdated query console link 
#3546 changed the query but did not adjust the query link.
Additionally the old query could not be re-run because some of the projects it
targeted (gradle/gradle and eclipse-cdt/cdt) cannot be queried currently.
It now queries all available demo projects of the query console instead.
 2020-06-26 16:40:19 +02:00
Nick Rolfe
0ae5fb0357 C++: auto-format test query 2020-06-26 15:35:55 +01:00
Sauyon Lee
468d9812c4 Merge pull request #227 from max-schaefer/cve-2018-15798 
Teach `OpenUrlRedirect` to propagate out of `URL.Path` and a few other fields.
 2020-06-26 06:21:59 -07:00
Nick Rolfe
309a8e60c8 C++: add more test cases for the type of this 2020-06-26 14:20:46 +01:00
Nick Rolfe
e79625ed14 Accept suggested qldoc change 
Co-authored-by: Dave Bartolomeo <dbartol@github.com>
 2020-06-26 14:20:46 +01:00
Nick Rolfe
9e9d69238a C++: add test for MemberFunction::getTypeOfThis() 2020-06-26 14:20:46 +01:00
Nick Rolfe
8bd3be6e7b C++: add MemberFunction::getTypeOfThis() 2020-06-26 14:20:46 +01:00
Nick Rolfe
ca25971955 C++: upgrade script for member_function_this_type 2020-06-26 14:20:45 +01:00
Nick Rolfe
3b15d39ec6 C++: update stats for new member_function_this_type table 2020-06-26 14:20:45 +01:00
Nick Rolfe
133838dbf3 C++: update tests to expect type of this 2020-06-26 14:20:45 +01:00
Nick Rolfe
d1d7fac4ca C++: add member_function_this_type to dbscheme 2020-06-26 14:20:45 +01:00
semmle-qlci
b015c735d0 Merge pull request #3809 from max-schaefer/util-deprecate 
Approved by asgerf
 2020-06-26 14:20:14 +01:00
semmle-qlci
1b4df57426 Merge pull request #3731 from asger-semmle/js/monorepo-bugfixes 
Approved by erik-krogh
 2020-06-26 14:18:35 +01:00
Erik Krogh Kristensen
0b050204ad add missing dot in qldoc 2020-06-26 15:07:12 +02:00
Dave Bartolomeo
f48948c604 C++: Opcode cleanup 
- Remove unused `MemoryAccessOpcode`
- Make `OpcodeWithCondition` private
- Add QLDoc for `Opcode` module
 2020-06-26 09:04:37 -04:00
Mathias Vorreiter Pedersen
beb66299e9 Merge pull request #3796 from dbartol/codeql-c-analysis-team/40/2 
C++: QLDoc for all of `Instruction.qll`
 2020-06-26 14:04:48 +02:00
Erik Krogh Kristensen
e4fe236d37 autoformat 2020-06-26 13:59:06 +02:00
Tom Hvitved
795c5784b0 C#: Precise data flow for collections 2020-06-26 13:40:05 +02:00
Dave Bartolomeo
11c702331a Merge pull request #3795 from rdmarsh2/rdmarsh/cpp/add-qldoc-3 
C++: QLDoc for PrintAST and AST-based range analysis
 2020-06-26 07:38:10 -04:00
Rasmus Wriedt Larsen
3f0975f5a1 Merge pull request #3770 from tausbn/python-add-a-bunch-of-documentation 
Python: Add a bunch of documentation.
 2020-06-26 13:30:45 +02:00
Jonas Jensen
c1b26d71c3 C++: getCanonicalQLClass -> getAPrimaryQlClass 
Also updated the QLDoc for `getAPrimaryQlClass` to match the Go version.
 2020-06-26 13:20:36 +02:00
Rasmus Lerchedahl Petersen
64af5f585c Python: Update status description 2020-06-26 13:18:07 +02:00
Rasmus Lerchedahl Petersen
f84adb3c26 Python: stub for clearsContent 
also remove all `CastNode`s (seems to help)
 2020-06-26 13:09:35 +02:00
Taus
e5d23b2082 Merge pull request #3801 from RasmusWL/python-3521-revived 
Python: Add support for detecting XSLT Injection (#3521 revived)
 2020-06-26 13:05:28 +02:00
Max Schaefer
640c194c92 JavaScript: Model util.deprecate as a pre call-graph step. 2020-06-26 11:47:19 +01:00
Max Schaefer
712a216461 Add self-verifying type-tracking tests. 2020-06-26 11:47:19 +01:00
Max Schaefer
57f8b08568 Update expected test output. 
The tests for `UnsafeTLS` now work as expected.
 2020-06-26 11:30:26 +01:00
Rasmus Lerchedahl Petersen
248717473e Python: quick status added to readme.md 2020-06-26 12:25:17 +02:00
Max Schaefer
66ec160f64 Add change note. 2020-06-26 11:20:45 +01:00
Max Schaefer
258a276242 Propagate taint through range loops. 2020-06-26 11:20:45 +01:00
Max Schaefer
ce3007395f Rename arrayStep to elementStep, which is more accurate. 2020-06-26 11:20:45 +01:00
Rasmus Wriedt Larsen
b164f2695d Python: One more minor doc fix from review 2020-06-26 12:08:12 +02:00
Rasmus Wriedt Larsen
08384e30af Python: Minor doc fixes from review 2020-06-26 12:06:31 +02:00
Rasmus Lerchedahl Petersen
6e5f71bf43 Python: sync dataflow files 2020-06-26 12:02:14 +02:00
Rasmus Lerchedahl Petersen
e147e59652 Merge branch 'master' of github.com:github/codeql into SharedDataflow 
To sync files
 2020-06-26 12:01:01 +02:00
Rasmus Lerchedahl Petersen
43f85ef265 Python: typo 2020-06-26 12:00:24 +02:00
Tom Hvitved
6efbd5f9d1 C#: Add data-flow test for List.Clear() 2020-06-26 11:44:08 +02:00
Jonas Jensen
9d8052a434 Merge pull request #3813 from MathiasVP/is-argument-for-parameter-join-order 
C++: Improve join order for AliasAnalysis::isArgumentForParameter
 2020-06-26 11:34:33 +02:00
Calum Grant
8725e09053 Merge pull request #3798 from hvitved/csharp/dataflow/async-tests 
C#: Move async data-flow tests from local to global
 2020-06-26 10:14:28 +01:00