hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,715 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
d85d9b9b5b autoformat 2020-07-07 16:21:03 +03:00
Arseny Reutov
b46b49586a Apply suggestions from code review 
`interpretsValueAsJavaScript` -> `interpretsValueAsJavaScriptUrl`

Co-authored-by: Asger F <asgerf@github.com>
 2020-07-07 16:21:03 +03:00
Raz0r
54db6c4a39 [js/client-side-unvalidated-url-redirection] add interpretsValueAsJavaScript predicate 2020-07-07 16:21:03 +03:00
Max Schaefer
3a897a9dd0 Merge pull request #247 from shati-patel/docs 
Docs: Editorial changes to library modeling topic
 2020-07-07 13:37:51 +01:00
Max Schaefer
b4c56928c4 Merge pull request #248 from max-schaefer/location-doc 
Port Location qldoc update.
 2020-07-07 13:37:36 +01:00
Max Schaefer
47a858610d Merge pull request #239 from smowton/smowton/feature/find-noreturn-user-functions 
Switch from using mustPanic to mayReturnNormally to construct a call-expression's CFG
 2020-07-07 13:37:18 +01:00
Luke Cartey
3fef5cabf1 Merge pull request #1 from aschackmull/java/spring-3653 
Java: Review changes for https://github.com/github/codeql/pull/3653
 2020-07-07 12:07:33 +01:00
Chris Smowton
6e5ee47ade Switch from using mustPanic to mayReturnNormally to construct a call-expression's CFG 
We also use this to note that user-defined functions can only return normally if their CFG normal exit node is reachable, and annotate some well-known functions as noreturn.

For example, this will by fiat declare os.Exit noreturn (never returns normally), and will also notice that a user function `func myExit() { os.Exit(1) }` is also noreturn, because it doesn't have any control-flow edges that reach the normal return node.
 2020-07-07 11:40:06 +01:00
Max Schaefer
842860d7ca Port Location qldoc update. 
cf https://github.com/github/codeql/pull/3907
 2020-07-07 10:58:00 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
Rasmus Wriedt Larsen
42227c625d Python: Fix grammar 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-07 11:33:54 +02:00
Rasmus Wriedt Larsen
27d1512a75 Python: MWE for call-graph tracing and ql comparison 2020-07-07 11:05:03 +02:00
Shati Patel
5ddcf92859 Editorial changes to library modeling topic 2020-07-07 10:02:33 +01:00
Shati Patel
eaec2d722c Merge pull request #3888 from shati-patel/go-docs 
Learning CodeQL: Add new library modeling guide (Go)
 2020-07-07 09:54:39 +01:00
Anders Schack-Mulligen
993506d781 Merge pull request #3820 from Marcono1234/patch-2 
Add missing java.nio.file.Files methods to FileReadWrite.qll
 2020-07-07 10:29:17 +02:00
Max Schaefer
d8ff2d1641 Merge pull request #246 from smowton/smowton/feature/nuisance-dead-code-warnings 
UnreachableStatement: tolerate more harmless unreachable return statements
 2020-07-07 09:26:48 +01:00
Anders Schack-Mulligen
173e108606 Merge pull request #3907 from Marcono1234/patch-1 
Java: Clarify documentation for Location predicate results
 2020-07-07 07:58:39 +02:00
semmle-qlci
f2ce125e61 Merge pull request #3902 from Marcono1234/fix-outdated-query-links 
Approved by shati-patel
 2020-07-06 21:13:05 +01:00
Philippe Antoine
8f7ff1a537 Adds another redundant null check rule 2020-07-06 21:45:54 +02:00
Marcono1234
5649254dbd Fix broken link formatting in introduce-libraries-java.rst 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-07-06 20:35:11 +02:00
Ian Lynagh
0d9b18dbd7 C++: Accept test changes for is_constexpr 
Generated copy and move constructors may now be marked as constexpr.
 2020-07-06 19:24:39 +01:00
Geoffrey White
0caa17ab10 C++: Test the new methods. 2020-07-06 18:47:56 +01:00
Geoffrey White
52e501c41d C++: Extend the 'swap' taint tests with methods that do not have recognizable signatures (copy/move assignment). 2020-07-06 18:44:37 +01:00
Shati Patel
f98491a052 Apply suggestions from code review 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-06 18:30:01 +01:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
Marcono1234
0a9686709b Fix wrong method name 2020-07-06 18:52:07 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
Chris Smowton
5b34c05916 UnreachableStatement: tolerate more harmless unreachable return statements 
The Golang compiler isn't particularly good at spotting paths that don't need a return statement due to a dominating noreturn statement (e.g. os.Exit(1)), so dead return statements are common. We already tried to tolerate some instances of this pattern; this additionally allows 'true' and 'false' literals, and anything of type 'error'.

The carte-blanche for error values aims to accommodate the pattern "abort(); return whateverErrorWouldOtherwiseBeAppropriate();", which is probably preferable to "return nil", a misleading no-error indication.
 2020-07-06 17:02:26 +01:00
Rasmus Wriedt Larsen
d00e7396c4 Python: Consistently use camelCase in annotated call-graph tests 2020-07-06 17:59:16 +02:00
Rasmus Wriedt Larsen
65c4e6c02a Python: Disable class instantiation annotation for now 
Adjusting test setup properly requires some deep thinking, and I don't think I'm
ready to do that right now. Added a TODO instead.
 2020-07-06 17:48:15 +02:00
Rasmus Wriedt Larsen
cd8ea78420 Python: Autoformat 2020-07-06 17:34:19 +02:00
Rasmus Wriedt Larsen
9e252d5465 Python: Explain random example 2020-07-06 17:30:49 +02:00
Rasmus Wriedt Larsen
849159b279 Python: Unlimited import depth 2020-07-06 17:30:26 +02:00
Rasmus Wriedt Larsen
acfc62cad6 Python: Fix grammar 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-07-06 17:21:29 +02:00
Anders Schack-Mulligen
f98460cfd0 Java: Use SpringHttpEntity class. 2020-07-06 16:54:20 +02:00
Anders Schack-Mulligen
ae21de90b6 Java: Misc grammar and formatting. 2020-07-06 16:19:42 +02:00
Anders Schack-Mulligen
b06d1c715a Java: More qldoc and some formatting. 2020-07-06 16:04:14 +02:00
Marcono1234
6ff8508d01 Java: Clarify documentation for Location predicate results 2020-07-06 15:46:11 +02:00
semmle-qlci
6d80445f24 Merge pull request #3851 from erik-krogh/queryStuff 
Approved by esbena
 2020-07-06 14:40:41 +01:00
Anders Schack-Mulligen
5e9e7feddc Java: Add some qldoc and minor formatting. 2020-07-06 15:39:20 +02:00
Anders Schack-Mulligen
e6658c5110 Java: Cleanup TaintTrackingUtil.qll 2020-07-06 15:35:16 +02:00
Erik Krogh Kristensen
9a944625d1 autoformat 2020-07-06 15:17:15 +02:00
Anders Schack-Mulligen
5d8f9a79f1 Java: Misc grammar fixes. 2020-07-06 14:50:33 +02:00
Anders Schack-Mulligen
a80e663ab5 Java: Minor typo fix and autoformat 2020-07-06 14:43:01 +02:00
Anders Schack-Mulligen
2ce0921935 Java: Clean up SpringHttp.qll 2020-07-06 14:35:53 +02:00
Anders Schack-Mulligen
2ae15f9ace Java: Remove list, map, and StringReplaceMethod flow steps. 2020-07-06 14:19:13 +02:00
Anders Schack-Mulligen
a41c2d8abf Java: Make a few predicates private and autoformat SpringController. 2020-07-06 14:18:16 +02:00
Erik Krogh Kristensen
2a8b37e004 update consistency comments in unsafe-jquery-plugin.js 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-07-06 14:15:23 +02:00
Erik Krogh Kristensen
c986f3bb7c add consistency checking for CWE-079 2020-07-06 13:42:35 +02:00
Erik Krogh Kristensen
dc8042adeb introduce conistency-checking for CWE-078 2020-07-06 12:47:56 +02:00