hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 17:58:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,721 Branches 164 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Porcupiney Hairs
4aba80b0bd include changes from review 2020-05-11 04:05:41 +05:30
Porcupiney Hairs
3d10ec7e51 remove some obvious false positives and include changes from review 2020-05-11 03:13:01 +05:30
Erik Krogh Kristensen
f8de69156e inline basicFlowStep into flowStep 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen
87167900d1 deduplicate - and slightly optimize IndirectInclusionTest 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen
6d05b40d23 eliminate recursion from GuardControlFlowNode::dominates 2020-05-10 22:15:34 +02:00
Cornelius Riemenschneider
3596ff7c51 Address review. 2020-05-10 19:34:16 +02:00
Artem Smotrakov
bab6f3788e Java: Added a query for unsafe TLS versions 
- Added experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
- Added SslLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-327
 2020-05-10 19:14:52 +02:00
Mathias Vorreiter Pedersen
b34db333a5 C++: Add upgrade script 2020-05-09 13:41:39 +02:00
Grzegorz Golawski
a16295ebc0 Fix typos 2020-05-08 20:13:50 +02:00
yo-h
c54f8d8128 Merge pull request #3383 from aschackmull/java/printast 
Java: Library for pretty-printing AST in linear time.
 2020-05-08 13:01:39 -04:00
Jason Reed
beccdce108 C#: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for C# source archives.
 2020-05-08 07:31:50 -04:00
jcreedcmu
c9788a7928 Merge pull request #3308 from jcreedcmu/jcreed/jump-to-def 
Add queries for VS Code jump-to-definition
 2020-05-08 07:29:02 -04:00
Mathias Vorreiter Pedersen
86f283dff2 C++: Add new stats file from Jenkins job 2020-05-08 09:15:58 +02:00
Grzegorz Golawski
afea9330b7 Fix the case where user-controlled input is passed as URL to env Hashtable 2020-05-08 00:44:22 +02:00
Grzegorz Golawski
df9921f870 Update according to the review comments 2020-05-07 23:19:13 +02:00
Geoffrey White
bff97d9fe5 C++: Effect of #3382. 2020-05-07 19:06:05 +01:00
Geoffrey White
6499197087 C++: Add a test of TOCTOUFilesystemRace.ql. 2020-05-07 19:03:32 +01:00
Robert Marsh
761e3186f5 Merge pull request #3426 from MathiasVP/test-3110 
C++: Add testcase for #3110
 2020-05-07 10:40:12 -07:00
Jason Reed
01eeebc068 Java: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for Java source archives.
 2020-05-07 12:44:36 -04:00
Jason Reed
48e4079c64 JS: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for javascript source archives.
 2020-05-07 12:44:36 -04:00
Mathias Vorreiter Pedersen
8df25c3025 C++: Add QLDoc 2020-05-07 18:34:26 +02:00
Max Schaefer
0e779d0b64 Merge pull request #62 from max-schaefer/update-data-flow 
Port recent data-flow improvements
 2020-05-07 16:07:33 +01:00
Jonas Jensen
4b9a3f1482 Merge remote-tracking branch 'upstream/master' into dataflow-defbyref-to-field 2020-05-07 16:48:41 +02:00
Jonas Jensen
88eeca39fb Merge commit '52d8acc1a198c5ea29c1dddceda1d6c0fb75de14' into dataflow-defbyref-to-field 
This is a partial merge from master. In particular, it takes in #3382
and #3385.
 2020-05-07 16:46:11 +02:00
Jonas Jensen
5e8bd0a724 C++: Fix variable name in comment 2020-05-07 16:38:15 +02:00
Jonas Jensen
32e04b4033 C++: Support std::addressof 
I didn't add this support in `AddressConstantExpression.qll` since I
think it would require extra work and testing to get the constexprness
right. My long-term plan for `AddressConstantExpression.qll` is to move
its functionality to the extractor.
 2020-05-07 16:30:44 +02:00
Tom Hvitved
948c2f7f7e C++: Add change note 2020-05-07 16:01:55 +02:00
Tom Hvitved
0b85f3fed4 Address review comments 2020-05-07 15:58:46 +02:00
Taus
2502d1c3ed Merge pull request #3410 from RasmusWL/python-fix-3397 
Python: More safe methods for py/modification-of-default-value
 2020-05-07 15:28:24 +02:00
Anders Schack-Mulligen
2561ba82db Merge pull request #3215 from aibaars/validating-object-input 
Java: teach UnsafeDeserialization about ValidatingObjectInputStream
 2020-05-07 14:57:50 +02:00
Cornelius Riemenschneider
1aa7a827af Add QLDoc. 2020-05-07 14:53:41 +02:00
Mathias Vorreiter Pedersen
594f3b1807 C++: Add testcase for #3110 2020-05-07 14:39:53 +02:00
Dave Bartolomeo
e435484740 C++/C#: Fix formatting 2020-05-07 08:39:01 -04:00
Mathias Vorreiter Pedersen
43ffcfe730 C++: Remove abstract keyword from BuiltInOperation 2020-05-07 13:18:12 +02:00
Taus
964b8478dc Merge pull request #3405 from jcreedcmu/jcreed/jump-to-def-python 
Python: Refactor definitions query, add queries for ide search
 2020-05-07 12:51:35 +02:00
Max Schaefer
994536e93b Add change note. 2020-05-07 11:46:31 +01:00
Mathias Vorreiter Pedersen
dd0ca34038 C++: Remove abstract keyword from a couple of AST classes 2020-05-07 12:01:07 +02:00
Calum Grant
313c9ac6ec C#: Address review comments. 2020-05-07 10:35:29 +01:00
Rasmus Wriedt Larsen
f099e0fdc6 Merge branch 'master' into python-keyword-only-args 2020-05-07 11:27:11 +02:00
Erik Krogh Kristensen
945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
James Fletcher
29eed6866c Merge pull request #3409 from jf205/sd-68 
"CodeQL for X" docs: update "Further reading" sections
 2020-05-07 09:35:23 +01:00
Dave Bartolomeo
f0e86a9191 C++: Add missing module comment 2020-05-06 17:30:20 -04:00
Dave Bartolomeo
df4fdaf6ff C++: Fix PR feedback 
Note that the various predicates to access the singleton instances of the `EdgeKind` classes have been moved into a module named `EdgeKind`.
 2020-05-06 17:06:48 -04:00
Max Schaefer
70f87b59d2 Data flow: Support stores into nodes that are not PostUpdateNodes. 
cf https://github.com/github/codeql/pull/3312
 2020-05-06 19:43:27 +01:00
Max Schaefer
fd2e618be2 Data flow: No more summaries 
cf https://github.com/github/codeql/pull/3110
 2020-05-06 19:43:27 +01:00
Max Schaefer
968d4d9cdd Revert the join order fix from https://github.com/github/codeql/pull/2872. 
cf https://github.com/github/codeql/pull/3202
 2020-05-06 19:43:27 +01:00
Max Schaefer
f2b43f65f9 Data flow: Exclude param-param flow through identical params. 
cf https://github.com/Semmle/ql/pull/3060
 2020-05-06 19:43:27 +01:00
Max Schaefer
aabe2f2f82 Data flow: No magic in returnFlowCallableCand. 
cf https://github.com/Semmle/ql/pull/3142
 2020-05-06 19:43:27 +01:00
Max Schaefer
c9ba6dd672 Fix up hasLocationInfo predicate. 2020-05-06 19:43:27 +01:00