hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F
69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Ziemowit Laski
81bfbc250f [CPP-370] Forgot to update an .expected file. 2019-05-21 07:08:13 -07:00
Ziemowit Laski
ae55b7b643 [CPP-370] Add new test file for testing procedurally nested format 
argument violations.
 2019-05-21 07:08:13 -07:00
Ziemowit Laski
f19f48dc1a [CPP-370] Revert accidental changes to Printf.qll (which belong on zlaski/cpp391 branch). 2019-05-21 06:55:32 -07:00
Ziemowit Laski
a49d82d2d6 [CPP-370] Exclude UserDefinedFormattingFunction nodes. 2019-05-21 06:55:32 -07:00
Ziemowit Laski
92054e2481 [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:54:41 -07:00
Ziemowit Laski
098b6543f5 [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:51:47 -07:00
Ziemowit Laski
91902e52f6 [CPP-370] Intermediate commit, file not in usable state. 2019-05-21 06:46:52 -07:00
Ziemowit Laski
d8b8dda439 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:45:52 -07:00
Ziemowit Laski
dbec17f85b [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:23:51 -07:00
Ziemowit Laski
6025c03857 [CPP-370] Add nested.cpp test case, for nested calls to ...printf functions. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
f6903c769a [CPP-370] Remove prohibition against UserDefinedFormattingFunction 2019-05-21 06:21:12 -07:00
Ziemowit Laski
8faf95ec84 [CPP-370] Tentatively modify CWE consts.cpp file to play nice with the dataflow library. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
1fce5a5b40 [CPP-370] Revert accidental changes to Printf.qll (which belong on zlaski/cpp391 branch). 2019-05-21 06:21:11 -07:00
Ziemowit Laski
99047e51f2 [CPP-370] Exclude UserDefinedFormattingFunction nodes. 2019-05-21 06:19:52 -07:00
Ziemowit Laski
b205951e6d [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:18:31 -07:00
Ziemowit Laski
ed67c9fd5a [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:18:31 -07:00
Ziemowit Laski
a962cff5df [CPP-370] Intermediate commit, file not in usable state. 2019-05-21 06:18:31 -07:00
Ziemowit Laski
fae55d5493 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:18:30 -07:00
Ziemowit Laski
012140fcd3 [CPP-370] Reformat query. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
775861c386 [CPP-370] Minor textual tweaks. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
de10598dd6 [CPP-370] NonConstantFormat.expected changed for some reason. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
ffddc5bff6 [CPP-370] Update the NonConstantFormat.expected result template. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
0c86d4c112 [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:18:30 -07:00
Ziemowit Laski
21eb00a5df [CPP-370] Minor fix to QHELP file. 2019-05-21 06:18:30 -07:00
Asger F
faa47029d5 JS: Mark exceptional nodes as incomplete 2019-05-21 13:51:59 +01:00
Asger F
68ae409947 JS: Test for mismatch between taint and type inference 2019-05-21 13:26:02 +01:00
Edoardo Pirovano
9d2580f778 JS: Fix performance regression of query. 2019-05-21 12:26:11 +01:00
semmle-qlci
8cd3cb501a Merge pull request #1346 from xiemaisi/js/revert-1078 
Approved by esben-semmle
 2019-05-21 12:19:57 +01:00
Max Schaefer
cf22761ccc JavaScript: Add CWE-1022 to TargetBlank. 2019-05-21 12:16:32 +01:00
semmle-qlci
fe920ecfaa Merge pull request #1331 from asger-semmle/destructuring-assignment-fix 
Approved by xiemaisi
 2019-05-21 11:32:36 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Robert Marsh
2dd1c06409 C++: fix use of getUnspecifiedType on Node 2019-05-21 11:06:15 +01:00
Max Schaefer
924664afcf JavaScript: Manually revert #1078. 
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet

```
try {
  return 42;
} finally {
  cleanup();
}
```

the call to `cleanup` is erroneously considered an undefined return.

We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
 2019-05-21 08:26:58 +01:00
Denis Levin
eacded27a9 Japanese Era and Leap Year checks (Likely Bugs) 2019-05-20 15:54:57 -07:00
yh-semmle
29ae7b5c3c Merge pull request #1322 from aschackmull/java/deprecate-remoteuserinput 
Java: Deprecate RemoteUserInput
 2019-05-20 12:56:51 -04:00
semmle-qlci
56ab013114 Merge pull request #1340 from xiemaisi/js/es2019 
Approved by asger-semmle
 2019-05-20 16:47:09 +01:00
Asger F
ba69e19e95 JS: Address doc review 2019-05-20 16:46:27 +01:00
Max Schaefer
7b7f92c19e JavaScript: Introduce SSA::definition and SSA::variable. 2019-05-20 16:22:01 +01:00
Max Schaefer
fb744a6c53 JavaScript: Introduce Parameter.getVariable(). 2019-05-20 16:01:12 +01:00
Geoffrey White
67527820a1 Merge pull request #1335 from EdoDodo/optimise-preprocessor 
C++: Optimise quadratic code in PreprocessorBranchDirective
 2019-05-20 15:58:33 +01:00
Max Schaefer
2cb33f6088 JavaScript: Introduce DataFlow::ExprNode and exprNode for consistency with other languages. 2019-05-20 15:55:03 +01:00
Anders Schack-Mulligen
48b19f1fea Java: Replace ValidatedVariable with guarded accesses. 2019-05-20 16:46:11 +02:00
Anders Schack-Mulligen
d0de0254e1 Java: Check compilation unit of the same element in both disjuncts. 2019-05-20 16:41:08 +02:00
yh-semmle
5466ae619d Merge pull request #1317 from aschackmull/java/domedge 
Java: Refactor Guard.controls in terms of dominating edges.
 2019-05-20 10:40:10 -04:00
Robert Marsh
dbdaa1d3f3 C++: Replace getUnderlyingType().getUnspecifiedType() 2019-05-20 15:23:08 +01:00
Robert Marsh
e899120270 C++: replace getType().getUnspecifiedType() 2019-05-20 15:08:28 +01:00
Robert Marsh
a72fff7ed0 C++: add getUnspecifiedType() for exprs and decls 2019-05-20 14:49:19 +01:00