hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 22:43:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
b931539f68 Merge pull request #36 from max-schaefer/remove-unused-predicate 
Remove an unused predicate.
 2020-02-25 09:40:42 -08:00
Taus Brock-Nannestad
1526c86e6d Python: Update test results for ReturnTypes.ql for Python 2. 2020-02-25 17:30:46 +01:00
yo-h
d06caefd8e Address code review comments for experimental.md 2020-02-25 11:17:42 -05:00
Taus Brock-Nannestad
35ada17e2a Python: Use object as default return type for built-ins. 2020-02-25 16:31:40 +01:00
Taus Brock-Nannestad
5813209337 Python: Add tests for missing points-to for built-in methods. 2020-02-25 16:25:41 +01:00
Erik Krogh Kristensen
dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
Taus Brock-Nannestad
887f85cee2 Python: Add test for missing points-to information 
To ease the rollout of this test, currently we only report missing points-to
information for nodes that either

- appear as an argument in a call to a function named `check`, or
- appear inside a scope where the first line is annotated with a comment ending
  in "check".

The idea behind the second version is that once we have points-to running at a
level where no node inside a scope that _ought_ to have points-to is missing
this information, we can simply remove all uses of `check(...)` from inside this
scope, and annotate the entire scope with `# check`. Once this has been done for
the entire file, we can then remove all the comments and just require
_everything_ to be checked.

Note that I don't expect all nodes to have the need for points-to information.
For instance, there are nodes representing scope entry and exit, and for these
it doesn't make sense to require that they "point-to" anything. Similarly,
`NameNode` appearing in a "store" (i.e. as the left hand side of an assignment)
do not strictly need to have points-to information, although it might be more
intuitive if they did.

Thus, the `relevant_node` predicate will almost certainly need to be extended to
exclude these kinds of nodes.
 2020-02-25 16:07:50 +01:00
Rasmus Wriedt Larsen
f10a86d3ac Python: Remove --optimize: true from options files 
Tests will be run with optimizations on by default now.
 2020-02-25 15:52:00 +01:00
Rasmus Wriedt Larsen
8f70101572 Python: docs: Use <code> tag consistently in UseofInput.qhelp 2020-02-25 15:40:08 +01:00
mchammer01
0c5216570c pre-migration work: fix typos 2020-02-25 04:50:14 -08:00
Jonas Jensen
db33c360bc Merge pull request #2910 from aschackmull/dataflow/cleanup 
Java/C++: Minor dataflow cleanup.
 2020-02-25 12:47:10 +01:00
semmle-qlci
03b882381a Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Taus
b453cf8f60 Merge pull request #2906 from RasmusWL/python-add-3-imports-tests 
Python: Add Python 3 Imports tests from internal repo
 2020-02-25 12:04:16 +01:00
Max Schaefer
34c66c4245 Remove an unused predicate. 2020-02-25 10:46:09 +00:00
Erik Krogh Kristensen
c83c27cbc4 add extra sanity-check that the output looks good 2020-02-25 11:11:58 +01:00
Erik Krogh Kristensen
8d26f32199 arg -> param 2020-02-25 10:53:07 +01:00
Erik Krogh Kristensen
87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Matthew Gretton-Dann
3465d5a0c7 docs: Correct AC5 version 2020-02-25 09:29:18 +00:00
Matthew Gretton-Dann
a48e36e2e1 docs: Update clang/gcc versions supported 2020-02-25 09:28:39 +00:00
Matthew Gretton-Dann
28e9cd7e38 docs: Detail support for C18. 2020-02-25 09:27:42 +00:00
Mathias Vorreiter Pedersen
b9bb2ec0ac Merge pull request #2864 from jbj/DefaultTaintTracking-cached 
C++: Cache DefaultTaintTracking
 2020-02-25 10:15:43 +01:00
Erik Krogh Kristensen
d540caecdd Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-25 10:04:51 +01:00
Anders Schack-Mulligen
fba8772411 Java/C++: Minor dataflow cleanup. 2020-02-25 09:40:25 +01:00
Asger F
160fc48803 Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Sauyon Lee
7a918efbf8 Merge pull request #34 from max-schaefer/receiver-flow 
Propagate data flow through receivers
 2020-02-24 23:58:28 -08:00
Sauyon Lee
836146a3bf Merge pull request #35 from max-schaefer/field-package 
Make `Field.getPackage()` behave sensibly.
 2020-02-24 23:52:02 -08:00
Esben Sparre Andreasen
5baba62154 JS: model path-is-inside+is-path-inside for js/path-injection 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen
86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
semmle-qlci
aadb148c1c Merge pull request #2855 from asger-semmle/js/returned-partial-call 
Approved by esbena
 2020-02-24 21:37:41 +00:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Robert Marsh
ea4ca31fb3 Merge pull request #2907 from geoffw0/argvlocal 
C++: Modify the argvlocal tests
 2020-02-24 10:55:21 -08:00
Erik Krogh Kristensen
afd6ea2628 small correction in doc + autoformat 2020-02-24 17:54:29 +01:00
Geoffrey White
4af0193c98 C++: Modify the argvlocal tests. 2020-02-24 16:51:47 +00:00
Geoffrey White
9f271949d5 C++: Adjust layout of the argvlocal test. 2020-02-24 15:52:31 +00:00
Anders Schack-Mulligen
67b32796dd Merge pull request #853 from joshhale/tweak-cwe-078-example 
doc: remove - from command arguments
 2020-02-24 16:15:58 +01:00
Asger F
e665e3c187 Update change-notes/1.24/analysis-javascript.md 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-24 15:07:28 +00:00
Geoffrey White
c641a31640 C++: Refine nodeIsBarrierIn using getNodeForSource. 2020-02-24 14:39:31 +00:00
Rasmus Wriedt Larsen
2b997ec94a Python: Add Python 3 Imports tests from internal repo 2020-02-24 15:36:45 +01:00
Asger Feldthaus
6360073da4 JS: Rephrase change note 2020-02-24 14:35:17 +00:00
Rasmus Wriedt Larsen
9d629aef95 Python: Highlight py/use-of-input is for Python 2 2020-02-24 15:13:19 +01:00
Geoffrey White
843b72b11a C++: hasGlobalOrStdName(). 2020-02-24 14:12:19 +00:00
Erik Krogh Kristensen
b20e8520f6 add default message if not pretty printed call can be created 2020-02-24 14:52:08 +01:00
semmle-qlci
317356e591 Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers 
Approved by erik-krogh
 2020-02-24 13:35:32 +00:00
Erik Krogh Kristensen
b72404dc99 add change note 2020-02-24 14:07:49 +01:00
Erik Krogh Kristensen
a779ae58a8 add qhelp 2020-02-24 14:03:41 +01:00
Jonas Jensen
2d9df70abc Merge pull request #2887 from MathiasVP/fix-ir-gen-switch 
C++: Fix IR generation for switch statements
 2020-02-24 13:29:27 +01:00
Erik Krogh Kristensen
fb94af9764 remove the last dependency on PrettyPrinting 2020-02-24 13:18:15 +01:00
Max Schaefer
0f99842f34 Make Field.getPackage() behave sensibly. 
Previously it was never defined, now it gives you the package of the type the field is declared in. This means we have to override `Field.hasQualifiedName/2` to avoid a field `f` in a package `pkg` being considered to have qualified name `pkg.f`.
 2020-02-24 12:14:51 +00:00
Erik Krogh Kristensen
051de247b0 change regexpMatch to regexpFind 2020-02-24 13:11:30 +01:00
Erik Krogh Kristensen
a768e937f0 complete qldoc 2020-02-24 13:08:50 +01:00