hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
dcdbc00430 Merge pull request #753 from markshannon/python-fix-regex-test-depth 
Python tests: Increase import depth to ensure sre_constants module is imported.
 2019-01-11 16:46:56 +01:00
Nick Rolfe
e8f4127fe5 C++: fix wording in GVN qldoc comment 2019-01-11 13:56:52 +00:00
Tom Hvitved
36e4b879e9 C#: Remove comment 2019-01-11 14:32:34 +01:00
Anders Schack-Mulligen
db9407bae5 Javascript: Update .expected files. 2019-01-11 14:27:16 +01:00
Jonas Jensen
ca3554dcc6 C++: Incorporate docs review comments 2019-01-11 14:18:15 +01:00
Jonas Jensen
b65e2f8b79 C++: Put QLDoc on two helper predicates 2019-01-11 14:07:22 +01:00
Tom Hvitved
390ebc96ae C#: Autoformat QL files 2019-01-11 13:55:28 +01:00
Taus Brock-Nannestad
b5dc0134a7 Python: Move query suites to public repo. 2019-01-11 13:46:47 +01:00
calum
de4f592bba C#: Add alert suppression comments for cs/similar-file 2019-01-11 12:36:20 +00:00
calum
a44a86bf6f C#: Add alert suppression comments. Rename e to ex in catch clauses for consistency. 2019-01-11 12:32:24 +00:00
Jonas Jensen
6385dd38cf C++: Exclude operator= in ExprHasNoEffect 2019-01-11 13:30:08 +01:00
Jonas Jensen
95e457cb49 C++: Add test with FP in ExprHasNoEffect 2019-01-11 13:18:44 +01:00
Mark Shannon
33a2315ba0 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-11 12:15:56 +00:00
calum
fb0cae87a8 C#: Fix some alerts, and fix a potential NullReferenceException. 2019-01-11 12:12:11 +00:00
Jonas Jensen
1cc36dd969 C++: Exclude copy assignment in LargeParameter.ql 
The purpose of the copy assignment operator is to copy the object, so we
should not complain that a copy happens when passing the parameter. See
https://en.wikibooks.org/wiki/More_C++_Idioms/Copy-and-swap for details.
 2019-01-11 12:00:02 +01:00
Jonas Jensen
4ea3849595 C++: Add failing test case for LargeParameter.ql 2019-01-11 11:53:04 +01:00
semmle-qlci
b0dd3dfeb1 Merge pull request #502 from xiemaisi/js/summaries 
Approved by asger-semmle
 2019-01-11 10:27:03 +00:00
Jonas Jensen
b38ca944f4 C++: Work around CPP-331 
This change suppresses results from "Declaration hides parameter" where
the ParameterDeclarationEntry does not link up to the right
FunctionDeclarationEntry.
 2019-01-11 11:26:43 +01:00
Max Schaefer
f9d704bdcf JavaScript: Add example of indirect command injection. 2019-01-11 10:24:41 +00:00
Jonas Jensen
2268f1fee6 C++: Speed up "Declaration hides parameter" 
Bad magic ended up in `LocalVariable.getFunction` and effectively
created a Cartesian product. Before this change, the timing looked like
this:

    Variable::LocalVariable::getFunction_dispred#bb ... 50.1s
    #select#cpe#123#fff ............................... 20.6s

After this change, those predicates become much faster:

    Variable::LocalVariable::getFunction_dispred#ff ... 121ms
    DeclarationHidesParameter::localVariableNames#fff . 77ms
    #select#cpe#123#fff ............................... 28ms

Introducing the predicate `localVariableNames` ensures that we can do
the main join on two columns simultaneously, so that's a change we
should keep even if we remove the `pragma[nomagic]` later.
 2019-01-11 11:06:18 +01:00
Jonas Jensen
8a435ae321 C++: Autoformat "Declaration hides parameter" 2019-01-11 11:02:52 +01:00
Anders Schack-Mulligen
e58094c732 Javascript: Autoformat. 2019-01-11 11:02:42 +01:00
Max Schaefer
7d2d33840a JavaScript: Track flow through forwarding higher-order calls. 2019-01-11 09:15:58 +00:00
Tom Hvitved
c06fc2af09 C#: Remove DefUse.qll 2019-01-11 09:35:38 +01:00
Max Schaefer
59bac829b1 JavaScript: Refactor flowsIntoHigherOrderCall predicate. 2019-01-11 08:34:09 +00:00
Max Schaefer
edc5117dfd JavaScript: Track flow into (simple) higher-order function calls. 
The only case we support for now are functions that invoke one of their arguments, passing another argument as input.
 2019-01-11 08:11:15 +00:00
Max Schaefer
414ab8ea8c JavaScript: Refactor argumentPassing. 2019-01-11 07:57:58 +00:00
Esben Sparre Andreasen
9af6a81a58 JS: change note for ODASA-7636 fix 2019-01-11 08:37:01 +01:00
Esben Sparre Andreasen
d0372dd290 JS: reuse a variable 2019-01-11 08:34:17 +01:00
Esben Sparre Andreasen
d3543b74c0 JS: fixup: use the basic block of the actual write (ODASA-7636) 2019-01-11 08:34:17 +01:00
Jonas Jensen
88a251c05a C++: Delete library-tests/qlcfg/cfg.ql 
This test was intended to catch regressions in the CFG, but it looks
like it's just catching insignificant extractor changes. The test has
started failing after some recent extractor changes, but I have no way
to pinpoint the failure and understand whether it's a problem or not, so
I think it's better to delete this test.

The remaining tests check whether the QL-based CFG generates the same
graph as the extractor-based CFG. Furthermore, the `successor-tests`
check that the extractor-based CFG works as intended.
 2019-01-11 08:24:07 +01:00
Tom Hvitved
0f7dc51e89 C#: Fix performance issue in isValidExplicitParamsType() 2019-01-10 21:19:23 +01:00
Tom Hvitved
2197736128 C#: Speedup cs/missed-readonly-modifier 2019-01-10 20:57:36 +01:00
Robert Marsh
c455db9e59 C++: update test expectations 2019-01-10 11:24:13 -08:00
Geoffrey White
87569d14b9 CPP: QLDoc comments. 2019-01-10 17:38:42 +00:00
Geoffrey White
ba3bc1596b CPP: Manual fixup. 2019-01-10 15:28:13 +00:00
Geoffrey White
c4b01d0816 CPP: Autoformat some other untidy source files. 2019-01-10 15:28:13 +00:00
Geoffrey White
28261d6787 Merge pull request #737 from jbj/cfg-perf 
C++: QL CFG performance and tweaks
 2019-01-10 14:45:53 +00:00
Geoffrey White
f2e68da322 CPP: Use dataflow to find wrapped rounding functions. 2019-01-10 14:44:11 +00:00
Geoffrey White
207c4d365a CPP: Test wrapped rounding functions more thoroughly. 2019-01-10 14:39:23 +00:00
Geoffrey White
4f002291c5 CPP: Add exception for builtins. 2019-01-10 14:16:57 +00:00
Asger F
2b803693f1 JS: add comment about how to generate isLodashMember 2019-01-10 14:00:20 +00:00
Ian Lynagh
8ce2890824 C++: Add a changenote for Namespace.isInline() 2019-01-10 12:56:16 +00:00
Ian Lynagh
e5b6e61d45 C++: Update stats to include namespace_inline 2019-01-10 11:35:49 +00:00
Geoffrey White
346bc1ac62 CPP: Autoformat some code from Critical. 2019-01-10 10:40:39 +00:00
Geoffrey White
b7febb06af CPP: Autoformat some Power of 10 queries. 2019-01-10 10:40:39 +00:00
semmle-qlci
f474fdd0f9 Merge pull request #731 from xiemaisi/js/performance-fiddling 
Approved by asger-semmle, esben-semmle
 2019-01-10 10:01:02 +00:00
Jonas Jensen
7ff94e894a C++: Change note for UsingStrcpyAsBoolean.ql 2019-01-10 08:35:54 +01:00
Jonas Jensen
92fbea4e41 C++: UsingStrcpyAsBoolean.ql: use getName 
We agreed in the review of the original PR that `getName` is more
appropriate here than `getQualifiedName`. Using `getName` ensures that
we also match the `std::`-prefixed versions of these functions as well
as user-defined versions.
 2019-01-10 08:35:54 +01:00
Jonas Jensen
aa0f2f2da3 C++: Support ?: in UsingStrcpyAsBoolean.ql 
I removed some unnecessary parentheses for symmetry, causing whitespace
changes.
 2019-01-10 08:35:54 +01:00