hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 23:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
03ef167c56 JS: Treat res.end() as alias for res.send() in Express 2019-02-28 12:37:11 +00:00
semmle-qlci
edba24129d Merge pull request #1003 from xiemaisi/js/fix-test 
Approved by esben-semmle
 2019-02-28 12:05:44 +00:00
Jonas Jensen
264301be66 C++: Cache TNode and localFlowStep 
These two elements weren't cached, which meant that local data flow was
recalculated in every query that used data flow. They are also cached in
the Java version of `DataFlowUtil.qll`.
 2019-02-28 11:41:51 +01:00
Asger F
8e8085ea1f JS: add test 2019-02-28 10:09:36 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Taus
a83f33be33 Merge pull request #1001 from markshannon/python-delete-internal-tests 
Python delete extractor tests. Duplicates of internal tests.
 2019-02-28 11:04:52 +01:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Jonas Jensen
7afb4898e6 C++: Change note for def-by-ref data flow 2019-02-28 09:39:51 +01:00
Jonas Jensen
8e6daafd7c C++: Add DefinitionByReferenceNode.getParameter 
This commits also adds a test that uses `getParameter`. The new tests
demonstrate that support for array-to-pointer decay works, but we get
data flow to the array rather than its contents.
 2019-02-28 09:39:51 +01:00
Jonas Jensen
2bc0a8d6fb C++: Remove getVariableAccess from def-by-ref node 
This accessor may not be forward-compatible with an IR-based version,
and it's unclear whether it has any use. The `VariableAccess` remains in
the `TDefinitionByReferenceNode` constructor since it's used to
implement `getType`.
 2019-02-28 09:38:40 +01:00
Max Schaefer
02dff4e9d9 JavaScript: Update expected test output. 2019-02-28 08:21:06 +00:00
Jonas Jensen
7ff732d962 C++: Use OO dispatch for getType and getFunction 2019-02-28 08:23:24 +01:00
Raul Garcia
9eca21cb5a Update .gitignore 2019-02-27 18:43:51 -08:00
Raul Garcia
e24ca8ec40 Update .gitignore 2019-02-27 18:43:33 -08:00
Raul Garcia
1ae18974d8 Fixing bugs found during Code Review. 2019-02-27 18:41:23 -08:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Tom Hvitved
4cbbe37b1e C#: Updated expected test output 2019-02-27 19:25:14 +01:00
Mark Shannon
9170d85155 Python: Fix falcon sources to only be source if a route is attached. 2019-02-27 16:42:31 +00:00
semmle-qlci
8e485b7972 Merge pull request #996 from xiemaisi/js/first-array-elt-in 
Approved by esben-semmle
 2019-02-27 16:19:21 +00:00
Mark Shannon
d605dfd542 Python delete extractor tests. Duplicates of internal tests. 2019-02-27 15:35:52 +00:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Jonas Jensen
972d00822c C++: Generalize std::move data flow 2019-02-27 15:53:00 +01:00
Jonas Jensen
80183464d9 C++: Define DefinitionByReferenceNode 
This enables data flow through `memcpy` and similar functions modeled in
`semmle.code.cpp.model`.
 2019-02-27 15:53:00 +01:00
Asger F
9497199cbd JS: add localFieldStep 2019-02-27 14:20:47 +00:00
Asger F
b6648def19 JS: Add ClassNode.getAReceiverNode 2019-02-27 14:20:47 +00:00
Jonas Jensen
5647a1a658 C++: BlockVar value stops at def by ref (partial) 2019-02-27 15:05:53 +01:00
Geoffrey White
25a5ff5e55 CPP: Similarly update other @deprecated messages. 2019-02-27 13:20:24 +00:00
Geoffrey White
f0356bb83b CPP: Reformat @deprecated message. 2019-02-27 13:18:29 +00:00
Geoffrey White
74f7379ab9 CPP: Change note. 2019-02-27 13:09:10 +00:00
Geoffrey White
3f2e902912 CPP: Remove it from the security dashboard (OverrunWrite.ql is already on there). 2019-02-27 13:09:09 +00:00
Geoffrey White
45315cda90 CPP: Deprecate PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Geoffrey White
8a5bc24b36 CPP: Replace PotentialBufferOverflow with OverrunWrite in the test. 2019-02-27 13:09:09 +00:00
Geoffrey White
7194121eae CPP: Expand the test cases covering PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Tom Hvitved
996b0efa47 C#: Address review comments 2019-02-27 13:49:15 +01:00
Tom Hvitved
7027cd36c6 C#: Speedup isGuardedByNode() 2019-02-27 13:29:14 +01:00
Tom Hvitved
72384e57e1 C#: Speedup Assertion::strictlyDominates() 2019-02-27 13:29:14 +01:00
Tom Hvitved
baa596ce6c C#: Speedup ControlFlowElement::controlsBlock() 2019-02-27 13:29:14 +01:00
Jonas Jensen
20f3df0d09 C++: Add tests to demo lack dataflow by reference 2019-02-27 13:19:16 +01:00
Max Schaefer
9d77619afc JavaScript: Make file types customisable in AutoBuild. 
Every once in a while we encounter projects using some custom file extension for files that we could in principle extract, but since the extractor doesn't know about the extension the files are skipped.

To handle this, the legacy extractor has a `--file-type` option that one can use to specify a file type to use for all files in that particular extraction. So far, `AutoBuild` has nothing of the sort.

This PR proposes to introduce an environment variable `LGTM_INDEX_FILETYPES` to allow a similar customisation. In the fullness of time, this variable would be set through `lgtm.yml` in the usual way, but for now it is undocumented and for internal use only.

Specifically, `LGTM_INDEX_FILETYPES` is a newline-separated list of ".extension:filetype" pairs, specifying that files with the given `.extension` should be extracted as type `filetype`, where
`filetype` is one of `js`, `html`, `json`, `typescript` or `yaml`.

For example, `.jsm:js` causes all `.jsm` files to be extracted as JavaScript.

This can also be used to override default file types: for example, by specifying `.js:typescript` all JavaScript files will be extracted as TypeScript.
 2019-02-27 12:02:01 +00:00
Asger F
3d400cc57f JS: basic model of closure Promises 2019-02-27 11:58:51 +00:00
Max Schaefer
2ed37903d8 JavaScript: Include list of relevant environment variables in Javadoc for AutoBuild. 2019-02-27 11:54:59 +00:00
Mark Shannon
9e268d77d0 Python: Add responses to Falcon framework support. 2019-02-27 09:56:18 +00:00
Mark Shannon
6a48420191 Python: Basic support for falcon framework; routing and requests. 2019-02-27 09:55:52 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Mark Shannon
742c1d0fa7 Python: Add test skeleton for falcon web framework. 2019-02-27 09:53:20 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Max Schaefer
6ecdb0edd5 JavaScript: Allow first expression in array literal to be an in expression. 2019-02-27 08:58:28 +00:00
Max Schaefer
0648d7aa09 JavaScript: Sharpen result type of getAReceivedItem. 2019-02-27 08:51:43 +00:00
semmle-qlci
d857f52c7d Merge pull request #991 from jbj/error-function-returns 
Approved by geoffw0
 2019-02-27 08:01:39 +00:00