hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 12:18:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,723 Branches 164 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
f8a61ffc4c C++: Expand the test as described in ODASA-640. 2020-02-27 15:26:53 +00:00
Geoffrey White
0a7d9db335 C++: Add example described in ODASA-640. 2020-02-27 15:23:16 +00:00
Geoffrey White
e6d35d314d C++: Fix typo. 2020-02-27 15:23:10 +00:00
Jonas Jensen
c9e56d13f7 C++: Add Expr.getUnconverted predicate 
This gets rid of the expensive predicate
`#Cast::Conversion::getExpr_dispred#ffPlus`, I've observed to cause
memory pressure on large databases.
 2020-02-27 14:52:42 +01:00
Rasmus Wriedt Larsen
24e9f65a2f Python: Fix documentation of MultiAssignmentDefinition.indexOf 
As discussed in person
 2020-02-27 14:12:33 +01:00
Anders Schack-Mulligen
67d386b5ba C++/C#: Add synchronization. 2020-02-27 14:10:16 +01:00
Rasmus Wriedt Larsen
4433cc044d Python: Document MultiAssignmentDefinition.indexOf 2020-02-27 13:48:43 +01:00
Max Schaefer
7148b66d31 Make extractor targets phony. 2020-02-27 12:32:05 +00:00
Asger Feldthaus
52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00
Taus
0da554c701 Merge pull request #2914 from RasmusWL/python-remove-optimize-true-directive 
Python: Remove `--optimize: true` from options files
 2020-02-27 13:16:59 +01:00
Taus
d9383d0e86 Merge pull request #2902 from RasmusWL/python-use-of-input 
Python: Highlight py/use-of-input is for Python 2
 2020-02-27 13:15:32 +01:00
Taus
8bd3063d2b Merge pull request #2875 from RasmusWL/python-taint-urlsplit 
Python: Add taint for urlsplit
 2020-02-27 13:13:47 +01:00
Asger F
b25a4614de Merge pull request #2926 from asger-semmle/js/format-everything 
JS: Autoformat everything
 2020-02-27 12:11:01 +00:00
Anders Schack-Mulligen
8e2b56cfd0 Java: Include count in messages. 2020-02-27 13:10:42 +01:00
Taus
e09907894d Merge pull request #2817 from BekaValentine/objectapi-to-valueapi-truncateddivision 
Python: ObjectAPI to ValueAPI: TruncatedDivision
 2020-02-27 12:52:26 +01:00
Erik Krogh Kristensen
a872d7c5c5 add comment about negative optionsArg 2020-02-27 12:42:22 +01:00
Erik Krogh Kristensen
bb911bbbf1 Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-27 12:38:06 +01:00
Anders Schack-Mulligen
33f6392be5 Java: Add some more taint-getter-setter tests. 2020-02-27 10:47:25 +01:00
Asger Feldthaus
fefcf1a7a6 JS: Autoformat everything 2020-02-27 09:41:01 +00:00
Anders Schack-Mulligen
0c30d7cced Java: Update test output. 2020-02-27 10:28:12 +01:00
Erik Krogh Kristensen
9c06c48dc7 Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00
Anders Schack-Mulligen
a09e479033 Java: Change relevantNode to a class, and add two more checks. 2020-02-27 10:14:14 +01:00
Max Schaefer
a52e33ecc0 Merge pull request #38 from sauyon/use-text 
.gitattributes: Use -text instead of binary
 2020-02-27 08:27:31 +00:00
Sauyon Lee
8e909a49e9 .gitattributes: Use -text instead of binary 
Also only add attributes to go files under the ql directory
 2020-02-27 00:23:56 -08:00
Esben Sparre Andreasen
1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Rebecca Valentine
fe2bb8fb4b Adds preliminary modernization 2020-02-26 22:01:31 -08:00
Rebecca Valentine
057fed2cb8 Fixes erroneus naming 2020-02-26 21:55:02 -08:00
Rebecca Valentine
84875d70ff Adds preliminary modernization 
This will overlapp with/depend on changes to CallArgs and ObjectAPI that are already in the WrongNamedArgumentInCall PR
 2020-02-26 21:42:52 -08:00
yo-h
63adc63597 CONTRIBUTING.md: add paragraph on maintaining backwards compatibility 2020-02-26 18:39:23 -05:00
yo-h
aeb8793197 Update docs/experimental.md 
Break sentence down into shorter ones, as per review comment.
 2020-02-26 18:38:42 -05:00
Robert Marsh
95a762c987 Merge master for submodule update 2020-02-26 13:44:26 -08:00
Robert Marsh
4333fe7905 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-26 13:15:27 -08:00
Sauyon Lee
fe4003fc69 Merge pull request #37 from max-schaefer/clarify-field-identity 
Clarify field identity
 2020-02-26 11:49:29 -08:00
yo-h
62f8bf2b2e Java: add release note for Customizations.qll 2020-02-26 14:36:27 -05:00
yo-h
bd91bc0b29 Java: add Customizations.qll 2020-02-26 13:18:13 -05:00
Rebecca Valentine
b0493458d6 Combine and clean up the test files 2020-02-26 09:04:14 -08:00
Rebecca Valentine
ba1f3c46b8 Removes obsolete asBuiltin predicate 2020-02-26 08:17:45 -08:00
Geoffrey White
427b440389 Merge pull request #2918 from jbj/UnsignedGEZero-recursion 
C++: Fix performance of UnsignedGEZero.ql
 2020-02-26 15:49:03 +00:00
Taus Brock-Nannestad
5c3109a324 Python: Fix bug in multi_assignment_points_to. 
This turned out to be a fairly simple but easy to make bug. When we want to
figure out the value pointed-to in a multi-assignment, we look at the left hand
side to see what value from the right hand side we should assign. Unfortunately,
we accidentally attempted to look up this information in the _left hand side_ of
the assignment, resulting in no points-to information at all. The only thing
needed to fix this was to properly link up the left and right hand sides: using
the left hand side to figure out what index to look at, and then looking up the
points-to information for the corresponding place in the right hand side.
 2020-02-26 16:11:43 +01:00
Taus
85f5ad2231 Merge pull request #2904 from RasmusWL/python-http-clients 
Python: Model outgoing HTTP client requests
 2020-02-26 15:49:41 +01:00
Anders Schack-Mulligen
ce70b86604 Java: Add data-flow consistency checks. 2020-02-26 14:17:07 +01:00
Rasmus Wriedt Larsen
771dfecf6d Python: Add sanitized edges for urlsplit test 2020-02-26 14:10:30 +01:00
Rasmus Wriedt Larsen
0b31cb1716 Python: Show that we have initial taint in urlsplit test 2020-02-26 14:09:02 +01:00
Rasmus Wriedt Larsen
400a8ffae5 Python: Use slightly better name than foobar 
I intended to rename before committing, but woops
 2020-02-26 14:08:10 +01:00
Anders Schack-Mulligen
508b6050a8 Java: Remove some irrelevant bounds from TypeFlow. 2020-02-26 13:51:25 +01:00
Taus
dce121b565 Merge pull request #2916 from BekaValentine/python-objectapi-to-valueapi-callargsandothers 
Python: ObjectAPI to ValueAPI: CallArgs and Others
 2020-02-26 12:51:18 +01:00
semmle-qlci
326522c250 Merge pull request #2846 from erik-krogh/CVE481 
Approved by asgerf, esbena
 2020-02-26 11:16:41 +00:00
Mathias Vorreiter Pedersen
1bee0ffe3b C++: Autoformat 2020-02-26 12:09:21 +01:00
Jonas Jensen
5f6d07dd57 C++: Fix performance of UnsignedGEZero.ql 
This query used two fastTC operations that were already somewhat
inefficient on their own but could send the evaluator into an OOM loop
when run in parallel without enough RAM.

The fix is to recurse manually, starting just from the expressions that
are potential candidates for alerts.
 2020-02-26 11:32:41 +01:00
Max Schaefer
9bf5a31351 Clarify field identity. 
Like-named fields declared in identical types are identical. This can be a little confusing, since such fields will have multiple declarations and multiple locations, so it's worth calling out explicitly in the documentation.
 2020-02-26 10:10:47 +00:00