hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-04 22:58:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,732 Branches 164 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
d273974045 Python: Don't flag return procedure_call() in __init__ as error 
This commit fixes the results for
0d8a429b7e/files/mayaTools/cgm/lib/classes/AttrFactory.py (L90)

```
def __init__(...):
    if error_case:
        return guiFactory.warning(...)
```

that was wrongly reporting _Explicit return in __init__ method._ as an error.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
6e50a0ef84 Python: Modernise the py/explicit-return-in-init query. 
Add explicit test case to show that we don't doulbe report this problem.
 2019-09-23 11:22:55 +02:00
Rasmus Wriedt Larsen
f0479687d8 Python: Fix documentation for Function.isInitMethod 2019-09-23 11:22:55 +02:00
Shati Patel
f88f7962e7 QL etudes: Update predicate 2019-09-23 10:19:49 +01:00
Anders Schack-Mulligen
f8f3a4b25f Java: Minor additional type pruning. 2019-09-23 11:07:10 +02:00
Shati Patel
f94b01cb40 QL etudes: Address comments + fix sphinx warning 2019-09-23 09:52:43 +01:00
semmle-qlci
7a57a3c743 Merge pull request #1996 from xiemaisi/js/fix-illegal-invocation-refl 
Approved by esben-semmle
 2019-09-23 09:16:33 +01:00
Max Schaefer
149ae5d7ab JavaScript: Fix IllegalInvocation. 
This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.
 2019-09-23 07:44:14 +01:00
Tom Hvitved
e4d17a9b04 C#: Refactor getAnOutNode() predicate 2019-09-22 18:55:34 +02:00
Erik Krogh Kristensen
814c5537be update name of loop bound injection in change-notes 2019-09-20 22:56:08 +02:00
Asger F
69a88c4fcd JS: Fix typo and add metadata to DomValueRefs 2019-09-20 15:43:08 +01:00
Asger F
1ce0a48996 JS: Update tests 2019-09-20 15:41:36 +01:00
Geoffrey White
9100ab9360 CPP: Autoformat. 2019-09-20 15:30:59 +01:00
Anders Schack-Mulligen
42a970b905 Java: Update qldoc. 2019-09-20 16:21:03 +02:00
Geoffrey White
accb8246d4 CPP: Change note. 2019-09-20 15:15:35 +01:00
Anders Schack-Mulligen
d9aa46d3b0 Java: Add missing field pruning. 2019-09-20 16:13:48 +02:00
Anders Schack-Mulligen
648335d46d Java: Remove two unnecessary unbinds. 2019-09-20 16:12:56 +02:00
Geoffrey White
f7607313e7 CPP: Fix FPs. 2019-09-20 15:12:55 +01:00
Geoffrey White
9a407eb43c CPP: Test format args with mismatching declarations. 2019-09-20 14:54:44 +01:00
Calum Grant
b31cd8ab32 Merge pull request #1982 from hvitved/csharp/null-maybe-dynamic 
C#: Remove false positives from `cs/dereferenced-value-may-be-null`
 2019-09-20 14:46:01 +01:00
Calum Grant
8408e90b5f C#: Change note & docs. 2019-09-20 14:44:07 +01:00
Shati Patel
56bc8cb035 QL etudes: Add river crossing puzzle 
WIP
 2019-09-20 14:23:47 +01:00
Calum Grant
fdc8abce4d C#: Fix CFG by removing unnecessary edge. 2019-09-20 14:22:31 +01:00
Calum Grant
d696235668 C#: Updated CFG for switch statements - note that the last() predicate is incorrect. 2019-09-20 14:22:31 +01:00
Calum Grant
81110dca0a C#: Add new test for switch statements. 2019-09-20 14:22:31 +01:00
Calum Grant
478095223e Merge pull request #1983 from hvitved/csharp/unit-test-windows 
C#: Fix broken unit test on Windows
 2019-09-20 13:52:01 +01:00
Pavel Avgustinov
1c971d3f88 HashCons: Further performance improvements 
The key insight here is that `HC_FieldCons` and `HC_Array` are
functionally determined by the things that arise in another
recursive call. Lifting them to their own predicate, therefore,
reduces nonlinearity and constrains the join order in a way that
cannot be asymptotically bad -- and, indeed, makes quite a big
difference in practice.
 2019-09-20 12:00:33 +01:00
semmledocs-ac
573796c0ea Merge pull request #1984 from jf205/ql-links/sd-3902 
docs: fix links in QL topics
 2019-09-20 11:37:59 +01:00
james
06b391ef9b docs: fix links 2019-09-20 11:14:16 +01:00
Tom Hvitved
cb6e1536a3 C#: Fix broken unit test on Windows 2019-09-20 11:40:18 +02:00
semmle-qlci
6d9d859119 Merge pull request #1934 from asger-semmle/node-js-classification 
Approved by esben-semmle
 2019-09-20 09:50:34 +01:00
Tom Hvitved
fb68d839a9 C#: Add change note 2019-09-20 10:40:20 +02:00
Max Schaefer
4fe74c0b2a Merge pull request #1960 from Semmle/rc/1.22 
Merge rc/1.22 into master
 2019-09-20 09:08:40 +01:00
Tom Hvitved
aa0c78cd85 C#: Teach guards library about more null guards 2019-09-20 09:58:04 +02:00
Tom Hvitved
40fafc5fda C#: Teach comparison library about dynamic comparison operations 2019-09-20 09:51:35 +02:00
Tom Hvitved
c923cc6378 C#: Add tests for dynamic comparisons 2019-09-20 09:19:03 +02:00
Tom Hvitved
cb7db8f4c0 C#: Add more nullness tests 2019-09-20 09:18:55 +02:00
Robert Marsh
d3f2d8169e Merge pull request #1967 from jbj/tainttracking-ir-2 
C++: DefaultTaintTracking flow from a to a[i]
 2019-09-19 15:00:29 -07:00
Robert Marsh
9c6a0ffc48 Merge pull request #1979 from nickrolfe/wrong_type_uninstantiated 
C++: ignore uninstantiated templates in WrongTypeFormatArguments.ql
 2019-09-19 14:51:45 -07:00
Nick Rolfe
56f4f86921 C++: ignore uninstantiated templates in WrongTypeFormatArguments.ql 2019-09-19 21:18:47 +01:00
semmle-qlci
0387177acd Merge pull request #1851 from hvitved/csharp/early-identify-duplicate-extraction 
Approved by calumgrant
 2019-09-19 19:45:33 +01:00
Robert Marsh
fd88f7a3ce Merge pull request #1884 from jbj/dataflow-addressof 
C++: Data flow through address-of operator (&)
 2019-09-19 09:15:43 -07:00
Robert Marsh
340c8026de Merge pull request #1965 from jbj/bitfield-template 
C++: Ignore templates in AmbiguouslySignedBitField.ql
 2019-09-19 07:46:54 -07:00
semmle-qlci
6b783141e9 Merge pull request #1962 from shati-patel/sphinx/collapse 
Approved by jf205
 2019-09-19 15:33:45 +01:00
Calum Grant
3a51e02f66 Merge pull request #1923 from AndreiDiaconu1/ircsharp-pointers-typespec 
C# IR: Fix loads and assign ops, add pointers, ref, in, out params
 2019-09-19 15:25:54 +01:00
Shati Patel
2956cb781b Sphinx: Change to pointer 2019-09-19 15:07:18 +01:00
Jonas Jensen
29c93488bc C++: DefaultTaintTracking flow from a to a[i] 
Switching `security.TaintTracking` to use `DefaultTaintTracking` causes
us to lose a result from `UnboundedWrite.ql`, while this commit restores
it:

diff --git a/semmlecode-cpp-tests/DO_NOT_DISTRIBUTE/security-tests/CWE-120/CERT/STR35-C/UnboundedWrite.expected b/semmlecode-cpp-tests/DO_NOT_DISTRIBUTE/security-tests/CWE-120/CERT/STR35-C/UnboundedWrite.expected
index 1eba0e52f0e..d947b33b9d9 100644
--- a/semmlecode-cpp-tests/DO_NOT_DISTRIBUTE/security-tests/CWE-120/CERT/STR35-C/UnboundedWrite.expected
+++ b/semmlecode-cpp-tests/DO_NOT_DISTRIBUTE/security-tests/CWE-120/CERT/STR35-C/UnboundedWrite.expected
@@ -1,2 +1,3 @@
+| main.c:54:7:54:12 | call to strcat | This 'call to strcat' with input from $@ may overflow the destination. | main.c:93:15:93:18 | argv | argv |
 | main.c:99:9:99:12 | call to gets | This 'call to gets' with input from $@ may overflow the destination. | main.c:99:9:99:12 | call to gets | call to gets |
 | main.c:213:17:213:19 | buf | This 'scanf string argument' with input from $@ may overflow the destination. | main.c:213:17:213:19 | buf | buf |
 2019-09-19 14:52:40 +02:00
Jonas Jensen
34a5368101 C++: Ignore templates in AmbiguouslySignedBitField 
If it's possible that the type is not fully resolved, it's better to
avoid giving an alert.

This fixes a FP in https://github.com/heremaps/flatdata.
 2019-09-19 14:21:53 +02:00
Jonas Jensen
0ed0951d43 C++: Demonstrate AmbiguouslySignedBitField FP 2019-09-19 14:19:34 +02:00
semmle-qlci
6f2e485ace Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible 
Approved by esben-semmle
 2019-09-19 12:45:45 +01:00