hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 23:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
ca26feefbf Merge pull request #2978 from BekaValentine/python-objectapi-to-valueapi-illegalexceptionhandlertype 
Python: ObjectAPI to ValueAPI: IllegalExceptionHandlerType
 2020-03-17 17:56:34 +01:00
Rebecca Valentine
a7a64952e2 Python: ObjectAPI.qll: Fixes docstring 2020-03-17 09:48:54 -07:00
Robert Marsh
84a74f406a Merge pull request #3002 from theopolis/cpp-linux-drop-privileges-outoforder 
CPP: Add query for CWE-273 that detects out-of-order setuid
 2020-03-17 09:10:51 -07:00
Robert Marsh
3a66b04e7a C#: add debug switch to IRConfiguration 2020-03-17 08:51:00 -07:00
Dave Bartolomeo
9cc3cda58e C++: Model varargs in IR, Part I 
This change introduces a new synthesized `IRVariable` in every varargs function. This variable represents the entire set of arguments passed to the ellipsis by the caller. We give it an opaque type big enough hold all of the arguments passed by the largest vararg call in the database. It is treated just like any other parameter. It is initialized the same, it has indirect buffers, etc.

I had to introduce a couple new APIs to `Call` and `Function`. The QLDoc comments should explain these. I added tests for these new APIs as well.

The next step will be to change the IR generation for the `va_*` macros to manipulate the ellipsis parameter.
 2020-03-17 11:11:48 -04:00
Tom Hvitved
2e8bd5ccba Data flow: Sync files 2020-03-17 15:16:12 +01:00
Tom Hvitved
0645940a5c Address review comments 2020-03-17 15:16:01 +01:00
semmle-qlci
8792d0d248 Merge pull request #3070 from erik-krogh/DataPerf 
Approved by asgerf
 2020-03-17 13:47:09 +00:00
semmle-qlci
fa08258c14 Merge pull request #3036 from erik-krogh/CustomTrack 
Approved by asgerf
 2020-03-17 13:44:51 +00:00
semmle-qlci
ea46873bfe Merge pull request #3065 from erik-krogh/PathSinks 
Approved by esbena
 2020-03-17 13:00:00 +00:00
Pavel Avgustinov
1472bf0c11 Merge pull request #3078 from jbj/contributing-supported-2 
Docs: refactor guidelines for new queries
 2020-03-17 12:46:28 +00:00
Max Schaefer
ad1324d2dd Add test. 2020-03-17 12:08:42 +00:00
Max Schaefer
49c5779112 Add model of go-pg/pg. 2020-03-17 12:08:42 +00:00
Sauyon Lee
e9b47298ed Merge pull request #61 from max-schaefer/better-method-sets 
Reformulate `Method.hasQualifiedName` in terms of method sets
 2020-03-17 07:46:19 -04:00
Max Schaefer
8cadc94f49 Clarify behaviour of getMethod on struct types. 2020-03-17 10:58:58 +00:00
Erik Krogh Kristensen
9403026fff add change note 2020-03-17 11:48:02 +01:00
Erik Krogh Kristensen
1dfe9e9c2a changes based on review 2020-03-17 11:28:29 +01:00
Erik Krogh Kristensen
9a3176d3cc Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-03-17 11:26:35 +01:00
Esben Sparre Andreasen
380f66cb19 JS: rename Mongoose::CommonInterfase -> Mongoose::InvokeNode 2020-03-17 11:25:05 +01:00
Erik Krogh Kristensen
095d4d711a change import to an absolute import to fix warning 2020-03-17 11:21:46 +01:00
James Fletcher
55f9034712 Merge pull request #3080 from jf205/migration-tidy-links 
CodeQL docs: tidy up a few links
 2020-03-17 09:42:21 +00:00
James Fletcher
07e52d3b96 Merge pull request #3055 from jf205/codeql-migration-2162 
CodeQL docs: update titles and small content changes (CodeQL queries)
 2020-03-17 09:21:49 +00:00
Anders Schack-Mulligen
9c9e302a73 Java: Add URLDecoder.decode as taint step. 2020-03-17 10:19:02 +01:00
james
d615c58060 docs: tidy up a few links 2020-03-17 09:06:32 +00:00
Erik Krogh Kristensen
d7b69fcfea autoformat 2020-03-17 09:52:08 +01:00
Jonas Jensen
9899d46999 Docs: refactor guidelines for new queries 2020-03-17 08:24:03 +01:00
Robert Marsh
de2d23b432 C++/C#: autoformat 2020-03-16 17:25:53 -07:00
Rebecca Valentine
ff6e0ce35c Python: UnguardedNextInGenerator.ql: Excludes next with default value 2020-03-16 17:08:06 -07:00
Rebecca Valentine
68c455cd97 Python: IncorrectExceptOrder.ql: Autoformats w/ new QL indentation 2020-03-16 16:52:48 -07:00
Rebecca Valentine
c7a2925620 Python: Exceptions.qll: Clean up handleObject again 2020-03-16 14:52:51 -07:00
Rebecca Valentine
34ab4efeda Python: ObjectAPI.qll: getOrigin now returns a CFG 2020-03-16 14:52:23 -07:00
Rebecca Valentine
45e47b92a0 Python: IllegalExceptionHandlerType.ql: Autoformats 2020-03-16 14:48:05 -07:00
james
d35d440624 docs: address review comments 2020-03-16 21:39:17 +00:00
Esben Sparre Andreasen
7dc80664e6 Merge pull request #3045 from Semmle/esbena-patch-2 
JS: loosen qldoc for `barrierGuardIsRelevant`
 2020-03-16 22:28:22 +01:00
Esben Sparre Andreasen
b75486bb58 JS: refactor NoSQL::Mongoose. Introduce Mongoose::CommonInterface 2020-03-16 22:12:30 +01:00
Esben Sparre Andreasen
833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
Rebecca Valentine
5d55db116b Python: Exceptions.qll: Updates handledObject to use getOrigin 2020-03-16 11:24:55 -07:00
Rebecca Valentine
787b80f9ae Python: ObjectAPI.qll: Adds getOrigin predicate 2020-03-16 11:24:22 -07:00
Erik Krogh Kristensen
7145a57db3 refactor StepSummary into an internal .qll 2020-03-16 17:52:04 +01:00
Jonas Jensen
b7dc26e27d Merge pull request #3072 from geoffw0/gezero2 
C++: Improvement to cpp/unsigned-comparison-zero
 2020-03-16 17:00:38 +01:00
Geoffrey White
44c66a3b09 C++: Fixup test .expected files after merge. 2020-03-16 15:45:29 +00:00
Erik Krogh Kristensen
cd6fe8115d Update javascript/ql/src/semmle/javascript/Promises.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-16 16:27:50 +01:00
Geoffrey White
034f7cc948 Merge branch 'master' into model-gets 2020-03-16 15:12:36 +00:00
Calum Grant
945418869d Merge pull request #3022 from hvitved/csharp/autobuild/dotnet-clean-try 
C#: Ignore `dotnet clean` exit code in autobuilder
 2020-03-16 15:10:32 +00:00
Taus Brock-Nannestad
c724b17368 Python: Fix up regression comment. 2020-03-16 16:01:05 +01:00
Tom Hvitved
fb2b239db7 C#: Add test for cs/dereferenced-value-may-be-null 2020-03-16 15:38:29 +01:00