hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felicity Chapman
f75b61e2f0 Minor text changes 2019-11-25 15:36:37 +00:00
semmle-qlci
d58a6b02bf Merge pull request #2396 from hvitved/dataflow/erased-type-class 
Approved by aschackmull, jbj
 2019-11-25 15:22:13 +00:00
Felicity Chapman
f5bf877671 Fix table sort order 2019-11-25 15:18:30 +00:00
Felicity Chapman
dc258f13e3 Minor text changes 2019-11-25 15:17:02 +00:00
Geoffrey White
1d26d4c5e4 Merge pull request #2404 from jbj/signed-overflow-macro 
C++: Fix SignedOverflowCheck.ql performance
 2019-11-25 15:15:57 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS. 
All results I have seen from this are uninteresting.
 2019-11-25 15:06:53 +00:00
Asger F
e5ba80b18c JS: Add test 2019-11-25 15:05:33 +00:00
Asger F
82b35a116c JS: Handle .js import of .ts file 2019-11-25 14:58:12 +00:00
Asger F
b306eeeb6e TS: Option to install dependencies 2019-11-25 14:42:17 +00:00
Dave Bartolomeo
4a21123107 Merge pull request #2427 from jbj/comparison-with-wider-type-notc 
C++: Stricter loop-variant check
 2019-11-25 07:38:02 -07:00
Taus Brock-Nannestad
036e0f75c8 Python: Account for non-evaluation of annotations in cyclic imports. 
Should fix #2426.

Essentially, we disregard expressions used inside annotations, if these
annotations occur in a file that has `from __future__ import annotations`, as
this prevents the annotations from being evaluated.
 2019-11-25 15:32:52 +01:00
Felicity Chapman
419c1c6311 Fix table sort order 2019-11-25 14:29:13 +00:00
Cornelius Riemenschneider
3368169df8 Address review. 2019-11-25 14:54:50 +01:00
Erik Krogh Kristensen
9bd6363521 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-25 14:34:58 +01:00
Tom Hvitved
795959ef8d C#: Update expected test output 2019-11-25 13:41:12 +01:00
Tom Hvitved
71fd5379c9 C#: Remove tabs from qhelp file 2019-11-25 13:40:44 +01:00
Felicity Chapman
b5a88586ab Minor text changes to C# notes 2019-11-25 12:39:54 +00:00
shati-patel
9b5437c91e Merge pull request #2318 from rdmarsh2/rdmarsh/docs/cpp/taint-tracking-sanitizer-example 
C++/Docs: add example based on NtohlArrayNoBound
 2019-11-25 12:24:01 +00:00
Rasmus Wriedt Larsen
0f91139055 Merge pull request #2419 from tausbn/python-fix-use-of-input-fp 
Python: Fix false positive for `py/use-of-input`.
 2019-11-25 12:08:39 +01:00
Shati Patel
b21e4404b5 Merge pull request #192 from max/constant-length-comparison 
Add new query ConstantLengthComparison.
 2019-11-25 11:07:58 +00:00
Erik Krogh Kristensen
4efc71b7a2 remove FP in use-of-returnless-function FP related to calls to super() 2019-11-25 11:48:16 +01:00
Max Schaefer
db4e6789bb Address doc review comment. 
Co-Authored-By: Shati Patel <shati@semmle.com>
 2019-11-25 10:44:41 +00:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Erik Krogh Kristensen
c7235bb372 add sources and sinks for typeahead.js 2019-11-25 10:46:54 +01:00
Max Schaefer
e16a81cba9 Apply review suggestions. 2019-11-25 09:15:57 +00:00
Max Schaefer
cdb843516a Introduce DataFlow::Node.getBasicBlock() and use it. 2019-11-25 09:14:15 +00:00
Jonas Jensen
8f3998915b Merge pull request #2376 from geoffw0/qhelpms2 
CPP: Recommendations and examples for TlsSettingsMisconfiguration.qhelp and UseOfDeprecatedHardCodedProtocol.qhelp
 2019-11-25 08:17:32 +01:00
Rebecca Valentine
a8204385c3 Adds fix for __init_subclass__ bug. (#2390) 
* Adds fix for __init_subclass__ bug.

* Adds test case.

* Move test on name.

I think it makes more sense here, alongside the other "special" method names.
 2019-11-24 12:18:17 +01:00
Dave Bartolomeo
eda47bfc51 C++: Add SSA sanity tests to IR tests 2019-11-22 16:10:51 -07:00
Dave Bartolomeo
bd78f68975 C++/C#: Fix formatting 2019-11-22 16:08:49 -07:00
Raul Garcia (MSFT)
908d789f1b Merge branch 'master' of https://github.com/semmle/ql 2019-11-22 13:25:22 -08:00
Max Schaefer
1ff032d11e Add new query ConstantLengthComparison. 2019-11-22 20:55:14 +00:00
Dave Bartolomeo
df21835759 C++/C#: Refactor some integer constant code 
Make `bitsToBytesAndBits` omit the leftover bits if zero.
 2019-11-22 13:23:00 -07:00
Dave Bartolomeo
51ff262cbc C++/C#: Add IR SSA sanity tests 2019-11-22 13:16:05 -07:00
Dave Bartolomeo
bc48c25690 C++/C#: Make IRVariable and its derived classes non-abstract 2019-11-22 12:13:39 -07:00
Dave Bartolomeo
12daa76b70 C++: Make duplicateOperand query report function name 2019-11-22 11:00:01 -07:00
Max Schaefer
26a656b838 Merge pull request #189 from sauyon/use-taint-split 
Use split taint predicates to emulate taint
 2019-11-22 17:51:09 +00:00
Sauyon Lee
50b48e1c9e Merge pull request #191 from max/isEmptyInterfaceNoInline 
Mark `isEmptyInterface` as `noinline`.
 2019-11-22 09:45:06 -08:00
Geoffrey White
cdbe920067 CPP: Remove second overview paragraph. 2019-11-22 16:22:08 +00:00
Geoffrey White
5a346c357b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-22 16:21:24 +00:00
Geoffrey White
0c07fa44a1 Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:21:05 +00:00
Geoffrey White
ac1010872b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:20:54 +00:00
Geoffrey White
e274e01432 CPP: More consistency. 2019-11-22 16:08:00 +00:00
Geoffrey White
d4f75c1c2a CPP: Consistency. 2019-11-22 16:07:59 +00:00
Geoffrey White
384cf4b233 CPP: Recommendation and example for UseOfDeprecatedHardcodedProtocol.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
8fc59ebac4 CPP: I believe these BUG labels were incorrect. 2019-11-22 16:07:59 +00:00
Geoffrey White
21d8264d80 CPP: Fix typo. 2019-11-22 16:07:59 +00:00
Geoffrey White
a1b603e73c CPP: Add the examples to the test. 2019-11-22 16:07:59 +00:00
Geoffrey White
3cd545d186 CPP: Recommendation and example for TlsSettingsMisconfiguration.qhelp. 2019-11-22 16:07:59 +00:00