hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,703 Branches 162 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
shati-patel
e103527d32 Merge pull request #2610 from jf205/python-link 
docs: fix link in Python topic
 2020-01-08 15:48:37 +00:00
james
cff5df0779 docs: fix ast node link 2020-01-08 15:30:04 +00:00
Max Schaefer
308da0774d Merge pull request #2525 from asger-semmle/promise-missing-await 
JS: New query: missing await
 2020-01-08 15:29:45 +00:00
Max Schaefer
de15ecf47b Merge pull request #2593 from asger-semmle/regexp-always-matches 
JS: Add RegExpAlwaysMatches query
 2020-01-08 15:21:39 +00:00
James Fletcher
8e700081f1 Merge pull request #2609 from RasmusWL/doc-fix-python-taint-links 
docs: Fix Python taint tracking links
 2020-01-08 15:21:07 +00:00
Rasmus Wriedt Larsen
f44ce7d647 docs: Fix Python taint tracking links 
at some point we moved security/TaintTracking.qll to dataflow/TaintTracking.qll
 2020-01-08 16:10:27 +01:00
yo-h
1078424f79 Java: allow single-line /* ... */ comments for alert suppression 2020-01-08 09:19:25 -05:00
shati-patel
9b4f6af007 Merge pull request #2605 from RasmusWL/small-doc-fix 
docs: remove extra comma in dataflow articles
 2020-01-08 14:01:41 +00:00
Rasmus Wriedt Larsen
e882060839 docs: remove extra comma in dataflow articles 2020-01-08 14:53:31 +01:00
Geoffrey White
b6e1f35ff6 CPP: Generalize the fix to all template code. 2020-01-08 13:36:59 +00:00
Geoffrey White
8044fefb1f CPP: Change note. 2020-01-08 13:19:11 +00:00
Geoffrey White
527d29ba23 CPP: Exclude template classes from the query. 2020-01-08 13:16:38 +00:00
Geoffrey White
d527dbe47a CPP: Add test case. 2020-01-08 13:13:06 +00:00
Asger Feldthaus
775e63d9c0 JS: Fix qhelp validation error 2020-01-08 10:38:10 +00:00
Asger F
ef79023e52 Update javascript/ql/src/Expressions/MissingAwait.qhelp 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-01-08 10:23:30 +00:00
Sauyon Lee
3ab68cb624 Merge pull request #208 from max/incomplete-url-scheme-check 
Add `IncompleteUrlSchemeCheck` query
 2020-01-08 00:50:58 -08:00
Tom Hvitved
85f6e5fe22 Merge pull request #2450 from calumgrant/cs/expr-nullability 
C#: Expression nullability
 2020-01-08 09:50:03 +01:00
Mathias Vorreiter Pedersen
100ace532f C++: Fixed handling of false negative. Query now supports global variables 2020-01-07 22:57:21 +01:00
Mathias Vorreiter Pedersen
db08076fed C++: Fixed false negative 2020-01-07 22:20:04 +01:00
Mathias Vorreiter Pedersen
229da0a9c0 C++: Add testcase demonstrating false negative 2020-01-07 22:12:34 +01:00
Dave Bartolomeo
690d23d15e C++: Fix formatting 2020-01-07 13:23:36 -07:00
Dave Bartolomeo
9df37399f8 C++: Consolidate opcode properties onto Opcode class 
Previously, we had several predicates on `Instruction` and `Operand` whose values were determined solely by the opcode of the instruction. For large snapshots, this meant that we would populate large tables mapping each of the millions of `Instruction`s to the appropriate value, times three (once for each IR flavor).

This change moves all of these opcode properties onto `Opcode` itself, with inline wrapper predicates on `Instruction` and `Operand` where necessary. On smaller snapshots, like ChakraCore, performance is a wash, but this did speed up Wireshark by about 4%.

Even ignoring the modest performance benefit, having these properties defined on `Opcode` seems like a better organization than having them on `Instruction` and `Operand`.
 2020-01-07 13:17:27 -07:00
Max Schaefer
3d7046e38c Apply suggestions from code review 
Co-Authored-By: Shati Patel <shati@semmle.com>
 2020-01-07 20:07:44 +00:00
Calum Grant
bc1b2c3ead C#: Address review comment 2020-01-07 18:39:52 +00:00
Calum Grant
d0d7ed620c C#: Update comments in test file to reflect fixed test output. 2020-01-07 18:39:52 +00:00
Calum Grant
359dea2c2b C#: Fixed test output. 2020-01-07 18:39:52 +00:00
Calum Grant
bcd8dca780 C#: When creating conditionally accessed expressions, use the typeinfo from the conditional expression to ensure correct flow state and type nullability. 2020-01-07 18:39:51 +00:00
Calum Grant
85c9459b35 C#: Add more tests showing incorrect extraction. 2020-01-07 18:39:51 +00:00
Calum Grant
10181e93e2 C#: Update QLtest output 2020-01-07 18:39:51 +00:00
Calum Grant
a1bedf2e06 C#: Use expression flow state to determine non-null guards 2020-01-07 18:39:51 +00:00
Calum Grant
2eb29224e8 C#: Update guards tests. 2020-01-07 18:39:51 +00:00
Calum Grant
ecb22f1379 C#: Fix typo in dbscheme. 2020-01-07 18:39:51 +00:00
Calum Grant
f67240a316 C#: Analysis change notes 2020-01-07 18:39:51 +00:00
Calum Grant
1036640e24 C#: Update db stats 2020-01-07 18:38:58 +00:00
Calum Grant
4e710e9685 C#: DB upgrade script 2020-01-07 18:38:58 +00:00
Calum Grant
8db46bc8ec C#: More tests for nullable flow state. 2020-01-07 18:38:58 +00:00
Calum Grant
6c9ebaba0b C#: Populate expression type nullability and nullable flow state. 2020-01-07 18:38:58 +00:00
Calum Grant
0327b83958 C#: Update nullability tests. 2020-01-07 18:38:58 +00:00
Dave Bartolomeo
3072e9c7da Merge pull request #2598 from geoffw0/av114_asm 
CPP: Exclude functions containing asm from cpp/missing-return
 2020-01-07 09:04:14 -07:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
9cff56b975 Rename StringConcatenation.qll to StringOps.qll and add HasPrefix class. 2020-01-07 14:46:49 +00:00
Mathias Vorreiter Pedersen
633c42ced0 C++: Removed comment 2020-01-07 14:41:37 +01:00
Anders Schack-Mulligen
d918cb1f6f Merge pull request #2550 from JLLeitschuh/task/JLL/improve_netty_response_splitting_detection 
Add io.netty.handler.codec.http.DefaultHttpResponse to Netty Response Splitting Detection
 2020-01-07 14:28:01 +01:00
Mathias Vorreiter Pedersen
d9f931da3c C++: Fix false positives 2020-01-07 14:16:50 +01:00
Mathias Vorreiter Pedersen
6bbe2c48bf C++: Add testcase demonstrating false positive 2020-01-07 14:13:34 +01:00
Geoffrey White
c584ceb2f4 CPP: Change note. 2020-01-07 12:46:07 +00:00
Geoffrey White
72b4792391 CPP: Exception for AsmStmts. 2020-01-07 12:46:07 +00:00
Geoffrey White
0a85637fef CPP: Add a test. 2020-01-07 12:46:07 +00:00
Mathias Vorreiter Pedersen
9a841636dc C++: Fix false positive 2020-01-07 13:22:07 +01:00
Mathias Vorreiter Pedersen
faa9d83567 C++: Add testcase demonstrating false positive 2020-01-07 13:18:38 +01:00