hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 05:13:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
46b2c19c66 C++: Initial attempt at IR-based value numbering 2018-09-17 17:19:05 -07:00
Jonas Jensen
a7d897108a C++: Exclude non-toplevel items from resolveClass 
Also exclude templates as their names are not canonical.

The test changes in `isfromtemplateinstantiation/` are the inverses of
what we got in 34c9892f7, which should be a good thing.
 2018-09-17 15:55:34 +02:00
Jonas Jensen
d7f442b042 C++: Force unique resolveClass results 2018-09-17 15:52:38 +02:00
Jonas Jensen
b633ee1bc4 C++: Add more tests of resolveClass 
These tests exercise the problematic cases where a variable can appear
to have multiple types because of how we fail to account for qualified
names when comparing type names.
 2018-09-17 15:48:02 +02:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Asger F
e2cdf5d7ed JavaScript: add string concatenation library 2018-09-17 12:47:37 +01:00
Asger F
b20fd3c084 JS: recognize res.sendfile as alias for res.sendFile in Express 2018-09-17 11:31:10 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00
semmle-qlci
782e91bb97 Merge pull request #167 from bnxi/NodeIntegration 
Approved by esben-semmle
 2018-09-15 21:35:56 +01:00
Geoffrey White
e4b9d31f8e Merge pull request #194 from raulgarciamsft/overflow_buffer_negindex 
Detect access to an array using a negative index
 2018-09-14 21:56:16 +01:00
Behrang Fouladi Azarnaminy
7071c75567 revert "Chaning EOL in two files" 
This reverts commit ecd08d4560.
 2018-09-14 09:03:48 -07:00
Esben Sparre Andreasen
444a09a17c JS: add models of five file system libraries 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
5781b518bc JS: change notes for js/stored-xss 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
Pavel Avgustinov
2b4da8d6a7 Parameter.qll: Tweak how effective declaration entries are computed 
With the new formulation, we can join on function and index at the
same time, leading to significant performance gains on large code
bases that use templates extensively.
 2018-09-14 12:22:01 +01:00
Asger F
a3562aa4a7 Merge pull request #193 from esben-semmle/js/reduce-precision-of-remote-property-injection 
JS: lower @precision of js/remote-property-injection
 2018-09-14 11:14:13 +01:00
Nick Rolfe
440d64d0b8 Merge pull request #191 from jbj/merge-master-next-20180913 
Merge master to next
 2018-09-14 10:24:32 +01:00
Esben Sparre Andreasen
e2fac8a03c JS: introduce concept: FileNameSource 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
6d3c1a1d22 JS: introduce fsModuleMember 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
8de269e1fb JS: add support for fs-extra in NodeJSFileSystemAccess 2018-09-14 11:09:29 +02:00
semmle-qlci
abbadf24f0 Merge pull request #192 from esben-semmle/js/additional-array-taint-steps 
Approved by asger-semmle
 2018-09-14 10:02:36 +01:00
Dave Bartolomeo
c9cb2a0d14 Merge pull request #177 from jbj/ir-array-init-perf 
C++: IR: Fix performance of value-init ranges
 2018-09-14 00:14:45 -07:00
Esben Sparre Andreasen
81aeda69e1 JS: lower @precision of js/remote-property-injection 2018-09-14 07:37:47 +02:00
semmle-qlci
961ecfb43f Merge pull request #187 from esben-semmle/js/additional-whitelisting-form-unbound-event-handlers 
Approved by asger-semmle
 2018-09-14 06:35:39 +01:00
Raul Garcia
28050e1415 Change to cpp/overflow-buffer to detect access to an array using a negative index (static, out of range access, lower bound). 2018-09-13 15:44:32 -07:00
Esben Sparre Andreasen
cb2bd9e0ae JS: change notes for additional array taint steps 2018-09-13 21:36:53 +02:00
Esben Sparre Andreasen
4c13e6b46b JS: add additional array-specific taint steps 2018-09-13 21:36:53 +02:00
Jonas Jensen
9886e4a056 Merge remote-tracking branch 'upstream/master' into merge-master-next-20180913 2018-09-13 20:28:17 +02:00
Robert Marsh
1a14b13703 C++: migrate change note 2018-09-13 09:53:41 -07:00
semmle-qlci
6266d8bf01 Merge pull request #184 from aschackmull/java/intmulttolong-message 
Approved by yh-semmle
 2018-09-13 15:00:14 +01:00
ian-semmle
bc0d4f1855 Merge pull request #188 from nickrolfe/convvec 
C++: support clang's __builtin_convertvector
 2018-09-13 14:55:19 +01:00
Esben Sparre Andreasen
763da72ce5 JS: modernize old array taint steps 2018-09-13 15:52:25 +02:00
Esben Sparre Andreasen
ea37665ec6 JS: move array-specific taint steps to separate class 2018-09-13 15:52:25 +02:00
semmle-qlci
3d022298dc Merge pull request #186 from Semmle/rc/1.18 
Approved by esben-semmle
 2018-09-13 12:34:54 +01:00
Nick Rolfe
3d2637a249 C++: stats for builtinconvertvector 2018-09-13 10:28:42 +01:00
Nick Rolfe
0957ee7c1b C++: support clang's __builtin_convertvector 2018-09-13 10:28:41 +01:00
Anders Schack-Mulligen
b9acdf573a Java: Update qltest. 2018-09-13 10:18:09 +02:00
Esben Sparre Andreasen
52013f3071 JS: change notes for improved js/unbound-event-handler-receiver 2018-09-13 08:43:01 +02:00
Esben Sparre Andreasen
fcc33ce93d JS: whitelist auto-bind methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen
eb10f603ab JS: whitelist decorator-bound methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen
1220b50737 JS: whitelist _.bindAll-methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Behrang Fouladi Azarnaminy
ecd08d4560 Chaning EOL in two files 2018-09-12 12:05:57 -07:00
Tom Hvitved
7db2589aae Merge pull request #185 from adityasharad/merge/1.18-next-120918 
Merge rc/1.18 into next.
 2018-09-12 16:51:34 +02:00
Geoffrey White
1459b981f3 Merge pull request #183 from jbj/unsafe-strcat-perf 
C++: Restructure UnsafeUseOfStrcat for performance
 2018-09-12 15:16:58 +01:00
Aditya Sharad
767045b55d Merge rc/1.18 into next. 2018-09-12 14:59:54 +01:00
Asger F
cc6edd4e23 Merge pull request #182 from felicity-semmle/1.18/js-change-notes 
LGTM 1.18: finalize the JavaScript change notes
 2018-09-12 14:00:42 +01:00
Anders Schack-Mulligen
1bbc67b57c Java: Autoformat query. 2018-09-12 10:14:41 +02:00
Anders Schack-Mulligen
ccbd8aaebc Java: Improve alert message of IntMultToLong. 2018-09-12 10:13:57 +02:00
Jonas Jensen
9fb5fbd995 C++: Restructure UnsafeUseOfStrcat for performance 
This query gets optimized badly, and it has started timing out when we
run it on our own code base. Most of the evaluation time is spent in an
RA predicate named `#select#cpe#1#f#antijoin_rhs#1`, which takes 1m36s a
Wireshark snapshot.

This restructuring of the code makes the problematic RA predicate go
away.
 2018-09-12 09:37:17 +02:00
Felicity Chapman
4d512a5b01 Remove non-LGTM query (see following PR) 2018-09-11 22:54:37 +01:00