hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 17:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,689 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
77ae2bc8b7 Merge pull request #1684 from asger-semmle/protopollution-qhelp 
Approved by xiemaisi
 2019-08-05 11:06:34 +01:00
Anders Schack-Mulligen
f8804943ee Java: Change in/out barriers to be explicit in the configuration. 2019-08-05 12:05:12 +02:00
Asger F
8bec2fe7bf JS: Address comments 2019-08-05 10:44:39 +01:00
Calum Grant
3e143093f0 Merge pull request #1475 from hvitved/csharp/remove-file 
C#: Remove unused `PasswordInConfigurationFile.config`
 2019-08-05 10:29:50 +01:00
Anders Schack-Mulligen
15c61b57f7 Java Cookbook: Slight improvement to the IntegerLiteral pattern. 2019-08-05 11:03:30 +02:00
Jonas Jensen
73d8bf38a9 Merge pull request #1680 from aschackmull/cookbook/autoformat 
Cookbook examples: Autoformat
 2019-08-05 10:24:56 +02:00
Esben Sparre Andreasen
c4eb258f5b JS: lower precision of js/conflicting-html-attribute 2019-08-05 09:22:10 +02:00
Luke Cartey
54d01bdeff Merge pull request #1648 from hvitved/csharp/unchecked-return-lambda 
C#: Fix false positives in `cs/unchecked-return-value`
 2019-08-02 21:48:38 -07:00
Ziemowit Laski
0ca6d0c1b9 [CPP-387] Start on Declarations section. 2019-08-02 16:07:55 -07:00
Tom Hvitved
4d58154ff5 C#: Fix data flow for out/ref parameters 2019-08-02 14:25:38 -07:00
Tom Hvitved
04db1bf3f4 C#: Add data flow test for methods with multiple out/ref parameters 2019-08-02 13:46:18 -07:00
Asger F
5397da7579 JS: Handle implicit return in getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
8e1893d0ed JS: Update range analysis to use getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
9e949d0f44 JS: Add taint step through destructuring for-of loop 2019-08-02 20:35:21 +01:00
Asger F
de3c8bf711 JS: Introduce DataFlow::lvalueNode 2019-08-02 20:35:21 +01:00
Tom Hvitved
b03cf6f34e Merge pull request #1678 from calumgrant/cs/remove-analyzer-NRE 
C#: Remove compilation warning
 2019-08-02 10:38:27 -07:00
semmle-qlci
d4e39a250d Merge pull request #1667 from xiemaisi/js/more-ranges 
Approved by esben-semmle
 2019-08-02 16:46:30 +01:00
Asger F
fcc51a8407 JS: Fix lodash version in proto pollution qhelp 2019-08-02 16:42:36 +01:00
yh-semmle
251d441f6a Merge pull request #1682 from aschackmull/java/hardcoded-credentials-precision 
Java: Improve the precision of java/hardcoded-credential-api-call.
 2019-08-02 11:37:06 -04:00
Asger F
eb543c1ceb JS: Remove experimental warning from type tracking 2019-08-02 16:30:44 +01:00
Anders Schack-Mulligen
b1b1ede6b0 Java: Improve the precision of java/hardcoded-credential-api-call. 2019-08-02 16:50:58 +02:00
Anders Schack-Mulligen
59fb59d109 JavaScript: Autoformat cookbook examples. 2019-08-02 15:33:40 +02:00
Anders Schack-Mulligen
40f2cec0de C#: Autoformat cookbook examples. 2019-08-02 15:30:32 +02:00
Anders Schack-Mulligen
d6e1ba6bed CPP: Autoformat cookbook examples. 2019-08-02 15:29:20 +02:00
Anders Schack-Mulligen
9b74e9c4a4 Java: Autoformat cookbook examples. 2019-08-02 15:27:28 +02:00
Max Schaefer
3daa974255 JavaScript: Rename a test. 
The old test name would cause a compiler warning, which we don't want to include in the expected output.
 2019-08-02 14:05:57 +01:00
semmle-qlci
34cdf7c96b Merge pull request #1677 from xiemaisi/js/flow-summary-fixes 
Approved by esben-semmle
 2019-08-02 14:02:47 +01:00
semmle-qlci
635a8edacc Merge pull request #1676 from xiemaisi/js/more-tests-classification 
Approved by esben-semmle
 2019-08-02 14:02:24 +01:00
Anders Schack-Mulligen
4ffc41277a Java: Adjust taint steps for Reader::read. 2019-08-02 14:21:06 +02:00
Calum Grant
169dbf1be3 C#: Remove rule CA1022, which caused the analyzer to crash, generating a compilation warning (and possibly, instability). 2019-08-02 12:14:03 +01:00
Max Schaefer
e06ed503ec JavaScript: Make flow summaries work for non-taint configurations. 
With flow labels it often makes more sense to use a `DataFlow::Configuration` rather than a `TaintTracking::Configuration`, so flow summaries should support both.
 2019-08-02 11:45:41 +01:00
Max Schaefer
97c0c97b28 JavaScript: Classify __mocks__ and __tests_ as tests. 
These are conventions used by jest: https://jestjs.io/docs/en/manual-mocks#mocking-user-modules.
 2019-08-02 11:15:02 +01:00
Mark Shannon
63f24dfe18 Python: Add some more utility predicates and classes to the new 'Value' API. 2019-08-02 10:50:51 +01:00
Mark Shannon
4a6f385feb Python objects: Add clarify comments on callResult predicates. 2019-08-02 10:10:47 +01:00
semmle-qlci
07b97dcc07 Merge pull request #1672 from asger-semmle/flowlabel-issers 
Approved by xiemaisi
 2019-08-02 10:05:41 +01:00
semmle-qlci
bb4f00d770 Merge pull request #1015 from esben-semmle/js/cli-cli 
Approved by xiemaisi
 2019-08-02 09:57:19 +01:00
semmle-qlci
1b30a25977 Merge pull request #1668 from esben-semmle/js/ignore-mocked-callee-argument-count 
Approved by xiemaisi
 2019-08-02 09:56:52 +01:00
semmle-qlci
108e5bc431 Merge pull request #1675 from hvitved/csharp/xss-path-problem 
Approved by lukecartey
 2019-08-02 04:17:03 +01:00
Ziemowit Laski
94ccc5fa73 [CPP-387] Fill in a few more types. Remove the Superclass column as it is redundant and may lead to documentation inconsistencies. 2019-08-01 16:27:06 -07:00
Tom Hvitved
b7d6165d42 C#: Convert cs/web/xss to a path-problem 2019-08-01 15:58:57 -07:00
Dave Bartolomeo
6370391dbd C++: Add sanity test for definitions that don't dominate their uses. 2019-08-01 15:01:42 -07:00
Ziemowit Laski
4aa9049c47 [CPP-387] Finished declarations, started on types. 2019-08-01 14:51:17 -07:00
Dave Bartolomeo
912679ef8c C++: Two IR fixes 
My original fix in https://github.com/Semmle/ql/pull/1661 fixed my minimal test case, but did not fix the original failure in a Linux snapshot. The real fix is to simply not create a `TranslatedDeclarationEntry` for an extern declaration, and have `TranslatedDeclStmt` skip any such declarations. I've added a regression test for that case (multiple extern declarations with same location in a macro expansion, with control flow between them). I did verify that it generates correct IR, and that it fixes all of the "use not dominated by definition" failures in Linux.

The underlying extractor bug, that caused the above issue also caused PrintAST to print garbage. I've worked around the bug in PrintAST.qll.

I've also fixed a bug in the control flow for `try`/`catch`, where there was missing flow from the `CatchByType` of the last handler of a `try` to the enclosing handler (or `Unwind`). Hat tip to @AndreiDiaconu1 for spotting this bug.
 2019-08-01 14:38:19 -07:00
Rebecca Valentine
40d7f5a332 Merge pull request #1671 from markshannon/python-flask-escape 
Python: Add missing function to flask test stub.
 2019-08-01 11:47:09 -07:00
Asger F
e09c22e67d JS: Add FlowLabel.isData() and .isTaint() 2019-08-01 15:22:51 +01:00
Max Schaefer
3a240b39d9 JavaScript: Address further review comments. 2019-08-01 15:03:53 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Bas van Schaik
c7f45010c5 Remove reference to internal tooling from public repository 2019-08-01 11:02:03 +01:00
Esben Sparre Andreasen
90862fea99 JS: whitelist trivial throwers in js/superfluous-trailing-arguments 2019-08-01 11:49:43 +02:00
Mark Shannon
ebd5829bfb Python: Treat the result of calling a missing module member as 'unknown'. 2019-08-01 10:37:41 +01:00