hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
cc1204acef JS: remove isAmbient() check 2019-01-18 15:42:05 +00:00
Asger F
1eb0ca4b4a JS: make ClassNode::Range abstract 2019-01-18 15:42:05 +00:00
Geoffrey White
458fddd28e CPP: Use strictconcat. 2019-01-18 15:01:47 +00:00
Taus
bcc65dbad3 Merge pull request #554 from markshannon/python-named-module-utility 
Python: named module utility
 2019-01-18 16:01:36 +01:00
Asger F
3cb2341e63 JS: split ClassNode into two classes 2019-01-18 14:46:38 +00:00
Asger F
5b7675d972 JS: introduce DataFlow::ClassNode 2019-01-18 14:46:38 +00:00
Taus
8d99186d74 Merge pull request #795 from markshannon/remove-builtin-class-test 
Python: Remove fragile and unnecessary test.
 2019-01-18 15:17:39 +01:00
Taus
92d2e18bf2 Merge pull request #712 from markshannon/python-fix-odasa-7307 
Python: Detect a wider range of generated files.
 2019-01-18 14:38:08 +01:00
Tom Hvitved
ceb9ccf811 C#: Add change note 2019-01-18 13:56:27 +01:00
Tom Hvitved
dd99525566 C#: Redefine AccessorCall 
The syntactic node assiociated with accessor calls was previously always the
underlying member access. For example, in

```
x.Prop = y.Prop;
```

the implicit call to `x.set_Prop()` was at the syntactic node `x.Prop`, while the
implicit call to `y.get_Prop()` was at the syntactic node `y.Prop`.

However, this breaks the invariant that arguments to calls dominate the call itself,
as the argument `y.Prop` for the implicit `value` parameter in `x.set_Prop()` will
be evaluated after the call (the left-hand side in an assignment is evaluated before
the right-hand side).

The solution is to redefine the access call to `x.set_Prop()` to point to the whole
assignment `x.Prop = y.Prop`, instead of the access `x.Prop`. For reads, we still want
to associate the accessor call with the member access.

A corner case arises when multiple setters are called in a tuple assignment:

```
(x.Prop1, x.Prop2) = (0, 1)
```

In this case, we cannot associate the assignment with both `x.set_Prop1()` and
`x.set_Prop2()`, so we instead revert to using the underlying member accesses as
before.
 2019-01-18 13:56:23 +01:00
Mark Shannon
ad2481f498 Python: Hide 'CheckClass' class which is old and should only be used by those queries it is specifically designed for. 2019-01-18 12:31:19 +00:00
Mark Shannon
e82e7791fa Fix typos in change note. 2019-01-18 11:51:11 +00:00
Mark Shannon
c1a549ddff Python. Improve grammar in qldoc comment. 2019-01-18 11:49:59 +00:00
Mark Shannon
9f93bf8d17 Python: Fix 'unused import' to no longer give alerts for imported modules used in doctests. 2019-01-18 11:08:53 +00:00
Anders Schack-Mulligen
2c0e1f943d Java: Extend change note. 2019-01-18 12:08:00 +01:00
Tom Hvitved
2caf724826 C#: Add more tests 2019-01-18 12:07:22 +01:00
Anders Schack-Mulligen
15e18013c8 Java: Fix qhelp. 2019-01-18 11:47:43 +01:00
Anders Schack-Mulligen
d8fe21be7e Java: Update qhelp as per review. 2019-01-18 11:42:34 +01:00
Asger F
cf3dfcae21 JS: recognize A.substr(0, B.length) == B 2019-01-18 10:40:48 +00:00
Asger F
f9951f67fe JS: add simple variants of StringOps::EndsWith 2019-01-18 10:40:48 +00:00
Asger F
b6626995cf JS: bugfix in indexOf-based include test 2019-01-18 10:40:48 +00:00
Asger F
d603824feb JS: add StringOps::StartsWith and StringOps::Includes 2019-01-18 10:40:18 +00:00
Asger F
107ec3b687 JS: add test with self=this variable 2019-01-18 10:39:02 +00:00
Asger F
78bd76048a JS: add test with closures 2019-01-18 10:39:02 +00:00
Asger F
0bb6692c19 JS: add 'this' as possible access path root 2019-01-18 10:39:02 +00:00
Anders Schack-Mulligen
17b4276699 Java: Fix bug in qltest and query for immutable types. 2019-01-18 11:37:38 +01:00
Jonas Jensen
189d82b79a C++: Change exclusion to not be only operator= 2019-01-18 11:19:38 +01:00
Mark Shannon
4398670ecc Merge pull request #775 from taus-semmle/python-dill-pickle-support 
Python: dill pickle support.
 2019-01-18 10:01:22 +00:00
Max Schaefer
740acc12e8 JavaScript: Add change note. 2019-01-18 09:36:07 +00:00
semmle-qlci
5e712b3ff6 Merge pull request #784 from asger-semmle/dedup-promiseTaintStep 
Approved by esben-semmle
 2019-01-18 08:52:09 +00:00
Henning Makholm
fda08181c1 fix ODASA-6859 2019-01-18 00:08:36 +01:00
Henning Makholm
26b6581bdb test example for ODASA-6859 2019-01-17 23:30:39 +01:00
Robert Marsh
64ed9305d3 C++: new query for futile arguments to C functions 2019-01-17 10:45:10 -08:00
Dave Bartolomeo
6af8948a3f Merge pull request #783 from jbj/ir-reachable-perf 
C++: Speed up getAFeasiblePredecessorBlock
 2019-01-17 10:19:07 -08:00
Kevin Backhouse
56efe3adb7 Fix false positive result. 2019-01-17 16:22:48 +00:00
Kevin Backhouse
5fc056beb3 Add regression test for false positive result. 2019-01-17 16:22:19 +00:00
Jonas Jensen
f147b63bb8 Merge pull request #654 from geoffw0/lossyresultcast 
CPP: Work on Lossy function result cast query
 2019-01-17 17:07:29 +01:00
semmle-qlci
beed51924e Merge pull request #780 from Semmle/xiemaisi-patch-4 
Approved by esben-semmle
 2019-01-17 16:04:00 +00:00
Anders Schack-Mulligen
944c082a8d Java: Fix FP in DoubleCheckedLocking.ql 2019-01-17 16:38:25 +01:00
Asger F
a8d750f086 JS: update header doc in Promises.qll 2019-01-17 15:26:45 +00:00
Taus Brock-Nannestad
1d15d46b38 Add change note. 2019-01-17 14:47:21 +01:00
Taus Brock-Nannestad
ad429f5ae1 Add tests. 2019-01-17 14:45:25 +01:00
Taus Brock-Nannestad
7c3dc929ac Add query and qhelp. 2019-01-17 14:45:25 +01:00
Asger F
e9c4f13a31 JS: Remove trailing whitespace again 2019-01-17 13:10:15 +00:00
Asger F
7a344c8546 JS: Add resolved promise taint test case 2019-01-17 13:08:55 +00:00
Asger F
b6fdbdcf84 JS: deduplicate promiseTaintStep 2019-01-17 13:04:16 +00:00
Asger F
882b337c15 JS: Move ResolvedPromiseDefinition into StandardLibrary.qll 2019-01-17 13:02:03 +00:00
Asger F
fc27b26bd5 JS: Remove duplicate PromiseFlowStep 2019-01-17 12:56:40 +00:00
Asger F
66901dc7b8 JS: remove duplicate ES2015PromiseDefinition 2019-01-17 12:55:38 +00:00
Jonas Jensen
6b9aaf63d7 C++: Speed up getAFeasiblePredecessorBlock 
This predicate was unbearably slow on a ChakraCore snapshot (and
probably everywhere else):

    ReachableBlock::getAFeasiblePredecessorBlock#2#ff#antijoin_rhs .. 1m6s
    ReachableBlock::getAFeasiblePredecessorBlock#ff#antijoin_rhs .... 31.8s

With this change, the predicate is so fast that it doesn't even show up
in the clause timing report.

It's possible that we only tested this for performance in 1.18, and then
it has regressed in 1.19. Otherwise I can't explain how we've missed
this. I'm using QL for Eclipse 1.20.0.201901070127.
 2019-01-17 13:36:20 +01:00