hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
bb93cef20a JavaScript: Refactor parsing of parenthesised expressions. 2019-02-24 20:45:41 +00:00
Max Schaefer
92c8501e67 JavaScript: Refactor parsing of generator/array comprehensions. 2019-02-24 20:45:41 +00:00
Max Schaefer
f3ea810c21 JavaScript: Add parser support for E4X. 2019-02-24 20:45:41 +00:00
Max Schaefer
1ad4867f2a JavaScript: Make parsing of decorators more restrictive. 
As per [the proposal](https://tc39.github.io/proposal-decorators/#sec-new-syntax), decorators can only contain identifiers or parenthesised expressions, optionally followed by property accesses and arguments.
 2019-02-24 20:45:41 +00:00
Max Schaefer
0635e1ba02 JavaScript: Update change note. 
I've eliminated the clumsily worded "client-side code" and "server-side code" distinction, not least because Electron fits neither of those categories.
 2019-02-23 21:46:39 +00:00
Max Schaefer
c6fc4e4764 JavaScript: Address review comments. 2019-02-23 21:43:13 +00:00
Max Schaefer
e7c95bae49 JavaScript: Add flow steps modelling Electron IPC. 2019-02-23 21:43:13 +00:00
Max Schaefer
a4e4957f31 JavaScript: Model webContents property. 2019-02-23 21:43:13 +00:00
Max Schaefer
ff83e600dc JavaScript: Track Electron browser objects inter-procedurally. 2019-02-23 21:43:13 +00:00
Max Schaefer
d59c12e6eb JavaScript: Recognise Electron browser objects based on TypeScript types when available. 2019-02-23 21:43:13 +00:00
Max Schaefer
143bb711f9 JavaScript: Slightly restructure Electron BrowserWindow class hierarchy. 2019-02-23 21:43:13 +00:00
Max Schaefer
20d41b85de JavaScript: Delete an unused package.json in a test. 
While this file is part of the project used in the tutorial, it isn't necessary for the queries to work. It also specifies a dependency on a vulnerable version of Express, causing it to be (spuriously) flagged by security scanners.
 2019-02-23 13:59:18 +00:00
Max Schaefer
db9ac72e7a Merge pull request #957 from esben-semmle/js/another-autobinder-model 
JS: model one more 'autobind' for js/unbound-event-handler-receiver
 2019-02-22 20:58:17 +00:00
Max Schaefer
12ed2ca000 Merge pull request #958 from esben-semmle/js/improve-tainted-path 
JS: add taint steps for fs.realpath and fs.realpathSync
 2019-02-22 20:55:39 +00:00
Dave Bartolomeo
70bccf85fc Merge pull request #970 from jbj/ir-block-count 
C++: Use the cached getInstructionCount
 2019-02-22 10:19:39 -08:00
Raul Garcia
9bb7816a3c Making changes based on feedback. 2019-02-22 10:10:20 -08:00
Tom Hvitved
116997cf85 Merge pull request #961 from calumgrant/cs/cve-2019-0657 
C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657
 2019-02-22 18:01:58 +01:00
Geoffrey White
315133bbb3 CPP: Change note. 2019-02-22 16:07:48 +00:00
Geoffrey White
dc0044288b CPP: Add support for some Rtl* functions in BufferAccess.qll. 2019-02-22 15:54:16 +00:00
Felicity Chapman
e34cf86c47 Move support information to QL repository for easier maintenance 2019-02-22 15:21:16 +00:00
Taus
89216208be Merge pull request #969 from markshannon/python-points-to-speed-up 
Python: Refactor three predicates to improve join-order.
 2019-02-22 15:27:02 +01:00
Calum Grant
cd721f38b8 Merge pull request #967 from hvitved/csharp/ssa/block-precedes-var 
C#: Use explict recursion in `blockPrecedesVar()`
 2019-02-22 14:08:26 +00:00
Calum Grant
e93140d136 Merge pull request #959 from hvitved/csharp/dispose-not-called-on-exc-performance 
C#: Improve performance of `cs/dispose-not-called-on-throw`
 2019-02-22 14:04:48 +00:00
Jonas Jensen
6777c8c13c C++: Use the cached getInstructionCount 
The object-oriented `IRBlock` interface was recomputing instruction
counts instead of using the cached count that had already been computed.
 2019-02-22 14:55:09 +01:00
Calum Grant
1386af46c1 Merge pull request #960 from hvitved/csharp/cache-get-arg 
C#: Cache `Call::getArgumentForParameter()`
 2019-02-22 12:39:55 +00:00
Mark Shannon
d46467f526 Python: Update tests to account for packages having locations. 2019-02-22 12:16:34 +00:00
Mark Shannon
a1820fe4c3 Python: Refactor three predicates to improve join-order. 2019-02-22 11:48:39 +00:00
Geoffrey White
8302ac4644 Merge pull request #965 from evverx/alloca-in-a-loop 
CPP: add a query for catching alloca in a loop
 2019-02-22 11:44:59 +00:00
Taus
69270d0a4e Merge pull request #963 from markshannon/python-sanity-context-sensitive 
Python: Make points-to sanity check context sensitive.
 2019-02-22 11:50:48 +01:00
Tom Hvitved
74377a28c9 C#: Improve join orders in DataFlow module 2019-02-22 09:31:19 +01:00
Jonas Jensen
21573d31f0 Merge pull request #966 from rdmarsh2/rdmarsh/cpp/ir-taint-tracking 
C++: IR-based taint tracking
 2019-02-22 09:16:31 +01:00
Robert Marsh
07cbbdaf9a C++: accept test output 2019-02-21 17:18:06 -08:00
Robert Marsh
aa97302671 make loads from tainted addresses tainted 2019-02-21 17:17:49 -08:00
Robert Marsh
9a9ec7bb17 C++: add IR-based taint tracking library 2019-02-21 17:09:09 -08:00
Robert Marsh
173ade1336 C++: add arithmetic/bitwise instruction classes 2019-02-21 17:09:08 -08:00
Jonas Jensen
7649e8758b Merge pull request #846 from geoffw0/returnstack 
CPP: Improve  ReturnStackAllocatedMemory.ql
 2019-02-21 22:04:53 +01:00
Esben Sparre Andreasen
6c1b29e4b6 JS: add missing flowstep for unused parameter field initializers 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
6766716867 JS: add PropWrite tests for parameter field initializers 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
bdd8691e65 JS: add type inference for the return value of captured method calls 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
c84d898727 JS: change notes for js/unused-property and js/unused-variable 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
8af501d4d5 JS: avoid double reporting dead code with js/unused-variable 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
91dccc3356 JS: add query js/unused-property 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
0cf2eaec5e JS: introduce CapturedSource 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
bfbf686d7b JS: fixup changenote for js/unbound-event-handler-receiver 2019-02-21 21:44:28 +01:00
Robert Marsh
a0c12c46e5 Merge pull request #962 from jbj/IRGuards-cached 
C++: Reduce the IRGuards to two cached stages
 2019-02-21 10:50:19 -08:00
Evgeny Vereshchagin
e9401fca0d CPP: add a query for catching alloca in a loop 
Thanks to Sam Lanning (@samlanning) and Robert Marsh for taking the time to help
to make it possible. In fact, it was Robert Marsh who effectively
wrote the query and figured out that __builtin_alloca should be
used to also take functions like strdupa into account. I just
filled out the metadata :-)
 2019-02-21 18:09:56 +01:00
Geoffrey White
0ca67880b2 Merge pull request #902 from jbj/test-queries.xml 
C++: Add a queries.xml to the test dir
 2019-02-21 16:43:01 +00:00
Geoffrey White
c10c65cefe Merge pull request #1 from jbj/returnstack-EscapesTree 
C++: Reimplement cpp/return-stack-allocated-memory with EscapesTree and data flow
 2019-02-21 16:20:09 +00:00
Tom Hvitved
f02ef51459 C#: Use explict recursion in blockPrecedesVar() 2019-02-21 17:14:23 +01:00
Mark Shannon
1519e1b1f9 Python: Make sanity check context sensitive. 2019-02-21 14:23:24 +00:00