hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 07:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,700 Branches 161 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
bbe6a1aa76 CPP: Additional test case. 2019-11-22 15:13:05 +00:00
Jonas Jensen
eb0b0d1e7f C++: Fix remaining FP on MAME 
This should fix a FP in libretro/mame2003-plus-libretro.
 2019-11-22 16:05:17 +01:00
Erik Krogh Kristensen
9fc20cd9b0 add change note 2019-11-22 15:58:00 +01:00
Erik Krogh Kristensen
7d825af9a3 Added an XSS sink for Handlebars.SafeString 2019-11-22 15:56:21 +01:00
semmle-qlci
5c3c8eb35d Merge pull request #2406 from erik-krogh/returnlessFp 
Approved by asgerf
 2019-11-22 13:06:03 +00:00
Erik Krogh Kristensen
f40d79271d cleanup module imports and update expected outputs 2019-11-22 13:55:47 +01:00
Erik Krogh Kristensen
85b22536d0 adjust formatting 2019-11-22 13:36:16 +01:00
Esben Sparre Andreasen
5d34806e50 Merge pull request #2379 from asger-semmle/typescript-fixes 
TS: A bunch of TypeScript fixes
 2019-11-22 13:31:30 +01:00
Max Schaefer
6fbaa7a5ea JavaScript: Make File not extend Locatable anymore. 
Files have strange `:0:0:0:0` locations for... reasons. This makes the predicates inherited from `Locatable` meaningless. A particularly bad case is `getNumLines()`, which will always return one. The right predicate to use is, of course, `getNumberOfLines()`, which is defined in `File` itself.
 2019-11-22 11:57:06 +00:00
Calum Grant
846600e855 Merge pull request #2410 from shati-patel/fix-heading 
C# change notes: Remove duplicated heading
 2019-11-22 11:52:53 +00:00
semmle-qlci
ec9b65ee61 Merge pull request #2369 from max-schaefer/js/odasa-8179 
Approved by esbena
 2019-11-22 11:26:54 +00:00
Cornelius Riemenschneider
0e7a08201f Address review by Anders. 2019-11-22 12:19:06 +01:00
Rasmus Wriedt Larsen
46b6e6d722 Merge pull request #2409 from tausbn/python-typing-forward-reference-fp 
Python: Support forward references inside return type annotations.
 2019-11-22 11:18:04 +01:00
Rasmus Wriedt Larsen
536c211a73 Merge pull request #2401 from tausbn/python-fix-non-iterable-class-confusion-fp 
Python: Fix false positive in `py/non-iterator-in-for-loop`
 2019-11-22 11:15:16 +01:00
Geoffrey White
9471134064 Merge pull request #2417 from jbj/enclosing-reeval 
C++: Prevent cached stages from being re-evaluated
 2019-11-22 09:55:01 +00:00
Max Schaefer
a3a46bfdc2 JavaScript: Add change note. 2019-11-22 09:27:14 +00:00
Max Schaefer
83f5b614e9 JavaScript: Switch detection of callback-based string replacement to data flow. 2019-11-22 09:24:34 +00:00
Max Schaefer
1951461f55 JavaScript: Simplify DoubleEscaping. 
Undo previous work on generalising the concept of a replacement, which did not work out.
 2019-11-22 09:24:34 +00:00
Max Schaefer
ff002a7af4 JavaScript: Whitelist more harmless incomplete escapes. 2019-11-22 09:24:34 +00:00
Max Schaefer
659cc812fe JavaScript: Rephrase two predicates to help the optimiser. 2019-11-22 09:24:34 +00:00
Max Schaefer
db3eaa23ef JavaScript: Introduce modelling of String.prototype.replace and use it in two queries. 2019-11-22 09:24:34 +00:00
Max Schaefer
f43e843b20 JavaScript: Introduce class RegExpLiteralNode. 2019-11-22 09:24:34 +00:00
Max Schaefer
12ea81af9c JavaScript: Move getAMatchedConstant(RegExpTerm) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
a5a5debdc7 JavaScript: Move getStringValue(RegExpLiteral) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00
Max Schaefer
5dcf55e113 JavaScript: Refactor DoubleEscaping.ql. 2019-11-22 09:24:34 +00:00
Max Schaefer
e367a48f6e Mark isEmptyInterface as noinline. 2019-11-22 09:19:34 +00:00
Jonas Jensen
bd4fa10ffb C++: Tie macro exclusion to <, not + 
This fixes a failing qltest and makes the exclusion similar to what's in
`PointerOverflow.ql`. It's possible we should exclude based on both `+`
and `<`, but we can revisit that if false positives show up.
 2019-11-22 09:20:00 +01:00
Jonas Jensen
ca1b91aab2 Merge pull request #2414 from dbartol/dbartol/FixWarnings 
C++/C#: Fix QL compilation warnings/errors
 2019-11-22 09:14:33 +01:00
Sauyon Lee
4ea45dbf34 Use data-flow API in stringConcatStep 2019-11-21 23:48:23 -08:00
Jonas Jensen
0e4ed1cbbf C++: Prevent cached stages from being re-evaluated 
Before this change, evaluating `cpp/constant-comparison` followed by
`cpp/signed-overflow-check` would result in re-evaluation of almost all
the cached stages they share: CFG, basic blocks, SSA, and range
analysis. The same effect could be seen on `cpp/bad-strncpy-size`, which
also uses the GVN library.
 2019-11-22 08:45:49 +01:00
semmle-qlci
62859d140d Merge pull request #2394 from esbena/js/support-getDerivedFromError 
Approved by max-schaefer
 2019-11-22 07:45:45 +00:00
semmle-qlci
2c623372b6 Merge pull request #2405 from esbena/js/another-bind-model 
Approved by asgerf
 2019-11-22 07:35:58 +00:00
Sauyon Lee
9651a0bfc4 Use the split taint predicate to emulate taint where required 
In particular, the OpenUrlRedirect and CleartextLogging queries, which both have taint flow into
an object when one of its fields is written.
 2019-11-21 22:58:36 -08:00
Sauyon Lee
c0730fe4cc Make taintStep public 2019-11-21 22:58:25 -08:00
Sauyon Lee
73922e98d7 Merge pull request #188 from Semmle/rc/1.23 
Merge rc/1.23 into master
 2019-11-21 22:52:12 -08:00
Robert Marsh
a5e6b83dbd Merge pull request #2400 from jbj/1.23-changenote 
C++: Tweak 1.23 change note
 2019-11-21 13:53:28 -08:00
Robert Marsh
05aebeff79 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-21 13:45:31 -08:00
Dave Bartolomeo
fb67d3eae4 C++: Fix override errors in MagicDraw.qll 2019-11-21 13:18:45 -07:00
Dave Bartolomeo
27cc6b1e4f C++/C#: Fix compilation error in PrintSSA.qll 
We were privately importing `semmle.code.<lang>.ir.internal.Overlap`, but `PrintSSA.qll` was depending on it being public. This is made a little more complicated by the presence of cross-langage pyrameterized modules.
 2019-11-21 13:18:25 -07:00
Jonathan Leitschuh
21193bd780 Java: Use of HTTP/FTP to download/upload Maven artifacts 
This adds a security alert for the use of HTTP or FTP to download or upload
artifacts using Maven.
 2019-11-21 13:35:29 -05:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
92f32a12d8 Add tests for nullness tracking by comparing variables. 2019-11-21 19:23:39 +01:00
Robert Marsh
dbe885fd38 Merge pull request #1926 from jbj/ir-dataflow-toString 
C++: DataFlow::Node.toString consistency
 2019-11-21 10:20:35 -08:00
Geoffrey White
676e8a2c2e Merge pull request #2399 from jbj/ExprHasNoEffect-templates 
C++: Suppress ExprHasNoEffect on template code
 2019-11-21 18:01:41 +00:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00