hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-02 08:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
0b733b4f23 JS: treat the last argument to https.createServer as a route handler 2019-04-02 14:38:31 +02:00
Geoffrey White
5cb30b04cc CPP: Add a test case. 2019-04-02 13:15:40 +01:00
Geoffrey White
1542fdc44b CPP: Change AV Rule 107.ql to a recommendation. 2019-04-02 12:19:33 +01:00
Geoffrey White
96136a1c55 CPP: Change SloppyGlobal.ql to a recommendation. 2019-04-02 12:18:22 +01:00
Geoffrey White
c3ec7b55b7 CPP: Workaround improvement for File.compiledAsMicrosoft. 2019-04-02 11:40:49 +01:00
semmle-qlci
4ec2df6bad Merge pull request #1179 from asger-semmle/js-windoc 
Approved by xiemaisi
 2019-04-02 11:21:07 +01:00
Jonas Jensen
b7e6f9a43e Merge pull request #1183 from aibaars/fix-query-metadata 
Fix queries with inconsistent `@kind` and `select` statements
 2019-04-02 12:00:25 +02:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Anders Schack-Mulligen
b1e364b56a Java: Support precondition calls as guards. 2019-04-02 10:58:46 +02:00
Geoffrey White
bce6ee5c27 CPP: Consider more files to be generated. 2019-04-02 09:19:55 +01:00
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
Ziemowit Laski
96b8bdfeb5 [CPP-340] Add new queries to analysis-cpp.md; correct id of 
TooFewArguments.ql
 2019-04-01 19:15:27 -07:00
Ziemowit Laski
03aa86ed4d Merge branch 'master' into cpp340a 
So as to get to change-notes/1.21/analysis-cpp.md
 2019-04-01 18:51:03 -07:00
Ziemowit Laski
bd139829ea [CPP-340] Delete old 'UnspecifiedFunctions' folders 2019-04-01 18:44:49 -07:00
Ziemowit Laski
3ec988c39b [CPP-340] Rename 'UnspecifiedFunctions' to 'Unspecified Functions' 
Make MistypedFunctionArguments.ql more restrictive (allowing
          type matching only in the presence of no-op conversions).
 2019-04-01 18:39:46 -07:00
semmle-qlci
54b4e59d12 Merge pull request #1182 from esben-semmle/js/sourcenode-regexp-literals 
Approved by xiemaisi
 2019-04-01 21:58:58 +01:00
Esben Sparre Andreasen
2622fc64db JS: autoformat 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
86a046a28e JS: change notes for Koa improvements 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
7fec005806 JS: use DataFlow::SourceNode in three locations in Koa 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
919eed6630 JS: add koa tests 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
00c8387bb3 JS: model Koa redirects 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
298dbe13c4 JS: improve Koa model to account for aliases on the context object 2019-04-01 22:49:00 +02:00
Esben Sparre Andreasen
0e01988622 JS: add koa tests 2019-04-01 22:49:00 +02:00
Rebecca Valentine
2b6869fff3 updates expecteds to reflect changes in the test file 2019-04-01 11:21:21 -07:00
Rebecca Valentine
0d0adada42 fixes tests and adds test results to expecteds 2019-04-01 11:13:04 -07:00
Rebecca Valentine
a16b5d36a8 adds tests 2019-04-01 10:40:51 -07:00
Rebecca Valentine
5bf7efeed3 fixes name and autoformats 2019-04-01 10:39:06 -07:00
Rebecca Valentine
7d183eab0b moves functionality over to Expr method per PR change requests 2019-04-01 10:22:49 -07:00
semmle-qlci
a4de82de06 Merge pull request #1185 from xiemaisi/js/improve-amd-imports 
Approved by asger-semmle
 2019-04-01 16:30:47 +01:00
Arthur Baars
5eb58f3ba2 C++: fix HubClasses.ql by changing its kind to 'table' 2019-04-01 16:17:23 +02:00
Tom Hvitved
007cee8426 Merge pull request #1184 from calumgrant/cs/static-cryptotransform 
C#: Remove static SHA1CryptoServiceProvider
 2019-04-01 16:03:53 +02:00
semmle-qlci
a7d9a50dcf Merge pull request #1176 from xiemaisi/js/fix-socket-io-type-tracking 
Approved by asger-semmle
 2019-04-01 13:57:13 +01:00
Jonas Jensen
71659594c8 C++: Let data flow past definition by reference 
This commit changes how data flow works in the following code.

    MyType x = source();
    defineByReference(&x);
    sink(x);

The question here is whether there should be flow from `source` to
`sink`. Such flow is desirable if `defineByReference` doesn't write to
all of `x`, but it's undesirable if `defineByReference` is a typical
init function in `C` that writes to every field or if
`defineByReference` is `memcpy` or `memset` on the full range.

Before 1.20.0, there would be flow from `source` to `sink` in case `x`
happened to be modeled with `BlockVar` but not in case `x` happened to
be modelled with SSA. The choice of modelling depends on an analysis of
how `x` is used elsewhere in the function, and it's supposed to be an
internal implementation detail that there are two ways to model
variables. In 1.20.0, I changed the `BlockVar` behavior so it worked the
same as SSA, never allowing that flow. It turns out that this change
broke a customer's query.

This commit reverts `BlockVar` to its old behavior of letting flow
propagate past the `defineByReference` call and then regains consistency
by changing all variables that are ever defined by reference to be
modelled with `BlockVar` instead of SSA. This means we now get too much
flow in certain cases, but that appears to be better overall than
getting too little flow. See also the discussion in CPP-336.
 2019-04-01 14:13:47 +02:00
calum
932961bf19 C#: Remove static SHA1CryptoServiceProvider 2019-04-01 10:46:39 +01:00
Arthur Baars
4b95fbbb39 C++ Fix select statements of AV 3 and 81 2019-04-01 11:20:12 +02:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Esben Sparre Andreasen
6908c54df6 JS: change notes 2019-04-01 09:25:07 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
42d3012f81 JS: let RegExpLiteral be a DataFlow::SourceNode 2019-04-01 09:19:25 +02:00
Jonas Jensen
04a48e9034 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-use-after-cast 2019-04-01 09:10:57 +02:00
Jonas Jensen
76caad0fb4 Merge pull request #1119 from geoffw0/wprintf2 
CPP: Better handling of %s/%c/%S/%C in Printf/FormattingFunction.qll
 2019-04-01 08:47:20 +02:00
Ziemowit Laski
8a653b9adc [CPP-340] Fix TooFewArguments.c to actually provide a ()-prototype. 2019-03-29 20:34:49 -07:00
Ziemowit Laski
59a54df149 [CPP-340] cpp/too-many-arguments should remain as cpp/futile-params. 2019-03-29 20:30:40 -07:00
Ziemowit Laski
2ea9f81c7f [CPP-340] Refer to C coding standard, not C++. 2019-03-29 20:27:25 -07:00
Ziemowit Laski
cb5bbd2197 [CPP-340] When warning about mismatched parameters, follow what C 
compilers do.  Various integral and floating-point types
          are treated as mutually implicitly convertible.  Remaining
          warnings deal with misuse of pointer and array types.
 2019-03-29 20:19:45 -07:00
semmle-qlci
ed0ef36427 Merge pull request #1035 from asger-semmle/firebase 
Approved by xiemaisi
 2019-03-29 13:44:02 +00:00
Asger F
4c99c01c1a JS: review comments 2019-03-29 13:42:22 +00:00
Max Schaefer
e4c4f7a5ae Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:42:00 +00:00
Max Schaefer
10479eaf4d Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:40:59 +00:00