hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 12:11:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,689 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paulino Calderon
6f346c6676 Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET 2019-11-27 16:37:37 +00:00
james
931cc73d1e docs: add brief instructions for using databases in VS Code 2019-11-27 15:05:50 +00:00
james
24857e5616 docs: update or remove other uses of QL4E 2019-11-27 15:05:08 +00:00
Erik Krogh Kristensen
d212394058 update expected output 2019-11-27 15:21:47 +01:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Rasmus Wriedt Larsen
44cc9dd0be Python: Add TurboGears templating example 2019-11-27 15:07:32 +01:00
Rasmus Wriedt Larsen
b526421072 Python: Autoformat TurboGears library 2019-11-27 14:19:51 +01:00
Rasmus Wriedt Larsen
9ef270fc92 Python: Modernise TurboGears library 2019-11-27 14:19:04 +01:00
Tom Hvitved
ce16bc553a C#: Autoformat 2019-11-27 13:47:24 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
Felicity Chapman
4070992273 Fix sort order 2019-11-27 12:38:39 +00:00
Felicity Chapman
587dd54a3c Minor text changes 2019-11-27 12:38:38 +00:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00
Erik Krogh Kristensen
bafd57d7d5 refactor classes in typeahead.js model 2019-11-27 13:33:38 +01:00
Rasmus Wriedt Larsen
3e5e14a14b Merge pull request #2431 from tausbn/python-cyclic-import-future-annotations 
Python: Account for non-evaluation of annotations in cyclic imports.
 2019-11-27 13:31:53 +01:00
james
3782d1b6e4 docs: update links on opening slide 2019-11-27 12:28:57 +00:00
Erik Krogh Kristensen
4f75986274 update test to not use private classes 2019-11-27 12:59:10 +01:00
Felicity Chapman
eaf68e86e0 Merge pull request #2443 from tausbn/python-finalise-change-notes 
Python: Update change note for 1.23.
 2019-11-27 11:51:04 +00:00
Shati Patel
e4346a17de Merge pull request #195 from max/impossible-interface-nil-check 
Add new query ImpossibleInterfaceNilCheck
 2019-11-27 11:15:05 +00:00
Taus Brock-Nannestad
b503cdb9d4 Python: Final change note fixes. 
- `false positives` becomes `false positive results`
- Items are listed alphabetically.
- Query IDs are listed.

Also, some of the queries had the wrong name (query message rather than the
actual query name). These have been fixed.
 2019-11-27 12:10:28 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
semmle-qlci
9ca4f6aecb Merge pull request #2392 from asger-semmle/window-name-flow 
Approved by max-schaefer
 2019-11-27 10:55:26 +00:00
semmle-qlci
793988afe4 Merge pull request #2344 from asger-semmle/element-pattern-prop-read 
Approved by max-schaefer
 2019-11-27 10:54:46 +00:00
Taus
8372039205 Apply suggestions from documentation review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-27 11:50:37 +01:00
Anders Schack-Mulligen
2c3a6d7359 Java: Allow explicit zero multiplication in java/evaluation-to-constant. 2019-11-27 11:49:43 +01:00
Max Schaefer
ba54cde86e Add two references. 2019-11-27 10:47:42 +00:00
Erik Krogh Kristensen
967ecbad24 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-27 11:28:37 +01:00
Felicity Chapman
38f6f05f12 Merge pull request #2452 from yo-h/docs-query-metadata-precision-fix 
Documentation: fix invalid `@precision` value
 2019-11-27 10:26:49 +00:00
Erik Krogh Kristensen
e27a69960d update description 2019-11-27 11:17:19 +01:00
Erik Krogh Kristensen
42fbcbf007 update expected test output 2019-11-27 11:14:04 +01:00
Erik Krogh Kristensen
60f7a7a274 changes based on review feedback 2019-11-27 11:11:49 +01:00
Erik Krogh Kristensen
6d63d75d87 remove superfluous line break 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-27 10:52:01 +01:00
Tom Hvitved
39aaa38486 C#: Update EntityFramework test 2019-11-27 10:28:12 +01:00
Anders Schack-Mulligen
3d0e3aa1fd Java: Fix a number of performance issues when toString is cached. 2019-11-27 09:06:15 +01:00
Anders Schack-Mulligen
42b51d4ebb Merge pull request #2449 from felicitymay/1.23/SD-4095-finalize-change-notes-java2 
Update data-flow note to match that for C/C++
 2019-11-27 08:50:31 +01:00
Asger F
6eb2c26ea4 TS: Pass --no-default-rc and --non-interactive to yarn 2019-11-27 06:42:03 +00:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00
semmle-qlci
380a5fc166 Merge pull request #2444 from esbena/js/flow-spread-prop-types 
Approved by max-schaefer
 2019-11-26 22:42:23 +00:00
yo-h
8a8b795696 Merge pull request #2447 from aschackmull/java/cache-perf 
Java: Improve performance by normalizing import order to reduce cache invalidation.
 2019-11-26 16:26:53 -05:00
Dave Bartolomeo
aa6bd07971 Merge remote-tracking branch 'upstream/master' into dbartol/May-Must 2019-11-26 14:07:13 -07:00
Robert Marsh
e368d5dda0 C++: simplify getDisplayOrderInBlock 2019-11-26 16:02:30 -05:00
Jonas Jensen
c05cc77a91 Merge pull request #2421 from dbartol/dbartol/IndirectAlias 
C++/C#: Cleanup in preparation for indirect alias analysis
 2019-11-26 21:59:17 +01:00
Max Schaefer
e5a12e9738 Add new query ImpossibleInterfaceNilCheck. 2019-11-26 20:28:53 +00:00
Erik Krogh Kristensen
9b608e9ec4 simplify multiple parameter selection 2019-11-26 21:07:37 +01:00
Dave Bartolomeo
f3b4140948 C++/C#: Consistent handling of "may" vs. "must" memory accesses 
In the IR, some memory accesses are "must" accesses (the entire memory location is always read or written), and some are "may" accesses (some, all, or none of the bits in the location are written). We previously had to special case specific "may" accesses in a few places. This change regularizes our handling of "may" accesses.

The `MemoryAccessKind` enumeration now describes only the extent of the access (the set of locations potentially accessed), but does not distinguish "must" from "may". The new predicates `Operand.hasMayMemoryAccess()` and `Instruction.hasResultMayMemoryAccess()` hold when the access is a "may" access.

Unaliased SSA now correctly ignores variables that are ever accessed via a "may" access.

Aliased SSA now distinguishes `MemoryLocation`s for "may" and "must" accesses. I've refactored `getOverlap()` into the core `getExtentOverlap()`, which considers only the extent, but not the "may" vs. "must", and `getOverlap()`, which tweaks the result of `getExtentOverlap()` based on "may" vs. "must" and read-only locations.

When determining the overlap between a `Phi` operand and its definition, we now use the result of the defining `Chi` instruction, if one exists. This gives exact definitions for `Phi` operands for virtual variables.
 2019-11-26 12:13:07 -07:00
yo-h
2eea94c3dc Documentation: fix invalid @precision value 2019-11-26 14:11:54 -05:00
Felicity Chapman
403565bb06 Update data-flow note to match that for C/C++ 2019-11-26 18:07:51 +00:00
Felicity Chapman
3b7ab8f734 Update shared data-flow note to match that for C/C++ 2019-11-26 18:02:09 +00:00
Jonas Jensen
95bceae915 Merge pull request #2434 from felicitymay/1.23/SD-4095-finalize-change-notes-cpp 
1.23: SD-4095 finalize change notes for C/C++
 2019-11-26 18:56:22 +01:00
Dave Bartolomeo
4e1ee7a998 C++/C#: Fix formatting 2019-11-26 10:48:24 -07:00