hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 14:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,711 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
52a659183d Merge pull request #314 from smowton/smowton/admin/bump-golang-tools 
Bump to latest version of golang.org/x/tools
 2020-09-07 16:02:55 +01:00
Mathias Vorreiter Pedersen
9c1837e3b3 C++: Rename getField to getAField following review comments. 2020-09-07 16:52:04 +02:00
Max Schaefer
655e229d1e Revert "Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable"" 
This reverts commit ccfccb4828.
 2020-09-07 15:14:52 +01:00
Jonas Jensen
3493c93d7b Merge pull request #4218 from MathiasVP/mathiasvp/fix-fp-av82 
C++: Add cases for conditional and comma operator in AV Rule 82
 2020-09-07 15:27:07 +02:00
Tom Hvitved
6c716331d9 C#: Skip foreach loop bodies in the CFG when the iteration expression is empty 2020-09-07 15:26:28 +02:00
Tom Hvitved
9e240b7397 C#: Add more CFG loop unrolling tests 2020-09-07 15:26:25 +02:00
Rasmus Wriedt Larsen
61998afc56 Python: Remove unnecessary comment 
Was introduced in 5d031d7abe when I actually fixed
the loop variable capture problem.
 2020-09-07 15:06:07 +02:00
Tom Hvitved
37f1ce3122 C#: Implement support for path transformers 2020-09-07 15:02:50 +02:00
Max Schaefer
423d87b812 JavaScript: Rename TNode to TApiNode. 
This prevents spurious recomputation of a cached stage.
 2020-09-07 14:02:37 +01:00
Rasmus Wriedt Larsen
fb37330f5e Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-07 14:59:07 +02:00
Erik Krogh Kristensen
55b79f445c recognize commands with slash and underscore 2020-09-07 14:28:28 +02:00
Jonas Jensen
3a7bf2a15a Merge pull request #3933 from MathiasVP/alternative-instruction-operand-flow 
C++: Alternate instruction -> operand flow
 2020-09-07 13:37:20 +02:00
Erik Krogh Kristensen
320879bc1e recognize colon in command-prefixes 2020-09-07 13:12:38 +02:00
Jonas Jensen
0fe5d75375 Merge pull request #4196 from MathiasVP/mathiasvp/field-to-object-taint-tests 
C++: Add field to object taint tests
 2020-09-07 13:02:22 +02:00
Max Schaefer
1821cca5d2 Merge pull request #285 from smowton/protobufs 
Protobuf modelling
 2020-09-07 11:42:37 +01:00
CodeQL CI
85f6388a19 Merge pull request #4206 from erik-krogh/consistentJquery 
Approved by esbena
 2020-09-07 11:23:23 +01:00
Tom Hvitved
68f421f9c3 Merge pull request #4205 from tamasvajk/feature/printast-accessor 
C#: Add stable order for generated accessors in printed AST
 2020-09-07 11:25:46 +02:00
Erik Krogh Kristensen
8ada928b16 Merge branch 'main' into snake_case_pr 2020-09-07 11:12:57 +02:00
Erik Krogh Kristensen
4175637631 add change note for unsafe-jquery 2020-09-07 11:08:21 +02:00
Erik Krogh Kristensen
61e2e5647c autoformat 2020-09-07 11:05:56 +02:00
CodeQL CI
b5872fe848 Merge pull request #3873 from asger-semmle/js/type-qualified-name-fallback 
Approved by erik-krogh
 2020-09-07 09:48:05 +01:00
yoff
2a70da4da6 Merge pull request #4210 from tausbn/python-remove-spurious-global-flow 
Python: Remove implicit uses from `essaFlowStep`
 2020-09-07 10:16:18 +02:00
yoff
ae9f58489d Merge pull request #4159 from RasmusWL/python-port-dataflow-tests 
Python: port dataflow tests
 2020-09-07 09:54:12 +02:00
Tom Hvitved
14567f5314 C#: Support wild-cards in file patterns 
Implements the specification at https://wiki.semmle.com/display/SDmaster/project-layout+format
by compiling file path specifications to regular expressions.
 2020-09-07 09:03:56 +02:00
Mathias Vorreiter Pedersen
b3d18ef610 C++: Add cases for conditional and comma operator in AV RUle 82 2020-09-07 08:59:08 +02:00
Slavomir
25e3f75ddc Add taint-tracking for mime/quotedprintable package. 2020-09-06 17:45:09 +02:00
Slavomir
99b251d4f0 Add taint-tracking for mime/multipart 2020-09-06 17:42:57 +02:00
Slavomir
c44d426794 Add taint-tracking for mime package. 2020-09-06 17:39:41 +02:00
Slavomir
3b2e16e292 Move text/template classes to TextTemplate module inside stdlib. 2020-09-06 17:32:34 +02:00
Slavomir
0d5c7e3132 Add taint-tracking for text/template template. 2020-09-06 17:32:34 +02:00
Slavomir
db0b09beb4 Add taint-tracking for text/tabwriter package. 2020-09-06 17:32:34 +02:00
Slavomir
4df363d2ce Add taint-tracking for text/scanner package. 2020-09-06 17:32:34 +02:00
Mathias Vorreiter Pedersen
a5ac8ebc2f C++: Don't import internals. 2020-09-05 11:47:22 +02:00
Robert Marsh
4be138d790 C++: Improve performance of getExplicitlyConverted 2020-09-04 14:17:56 -07:00
Mathias Vorreiter Pedersen
a4890ef99c C++: Add annotations describing whether the flow is an instance of field-to-object flow 2020-09-04 18:32:28 +02:00
Mathias Vorreiter Pedersen
cfd606a4e0 Merge branch 'main' into alternative-instruction-operand-flow 2020-09-04 18:26:38 +02:00
Chris Smowton
cfba0896f0 Improve code style 
No behavioural changes
 2020-09-04 17:05:32 +01:00
Mathias Vorreiter Pedersen
208b85c7fc Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-04 18:04:15 +02:00
Chris Smowton
fb85ccb2a5 Look through implicit deref operations when propagating taint down a chain of field- and element-access instructions. 
This enables us to use PostUpdateNode properly. Also introduce a test showing a case where this doesn't work, because the underlying variable doesn't have a post-update node.
 2020-09-04 17:03:52 +01:00
Chris Smowton
3635d7d007 Introduce and use writeComponent 2020-09-04 17:03:52 +01:00
Chris Smowton
2a863fbbe7 Abbreviate protobuf package names 2020-09-04 17:03:52 +01:00
Chris Smowton
18ed6bd1ee Add missing qldoc 2020-09-04 17:03:52 +01:00
Chris Smowton
90915284ba Move getUnderlyingNode into Protobuf.qll 
This is its only user for now.
 2020-09-04 17:03:52 +01:00
Chris Smowton
59f9c6073d Introduce instruction type for component access 
This is the union of a field-access and an element-access instruction
 2020-09-04 17:03:52 +01:00
Chris Smowton
455cf0c502 Add support and tests for protobuf messages with map fields 2020-09-04 17:03:52 +01:00
Chris Smowton
b2d4e2692f Taint underlying aggregates of protobuf messages when an element is written 
For example, writing to a[b].c[d] taints 'a'.
 2020-09-04 17:03:52 +01:00
Chris Smowton
3d82308e07 Introduce common base class for ElementReadNode and FieldReadNode 2020-09-04 17:03:52 +01:00
Jonas Jensen
eea893483d Merge pull request #4209 from geoffw0/taintbits 
C++: Fix a few remaining holes in taint through std::string
 2020-09-04 17:52:48 +02:00
Jonas Jensen
f92139d2b0 Merge pull request #4202 from geoffw0/localhidesparam 
C++: Improve handling of template functions in cpp/declaration-hides-parameter
 2020-09-04 17:52:35 +02:00
Mathias Vorreiter Pedersen
ed7e499b02 Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-04 17:25:36 +02:00