hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,690 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
e7bf485807 JS: Add another interprocedural flow test case 2019-05-07 10:33:01 +01:00
Asger F
3cbd6d3786 JS: Test case for nested statements 2019-05-07 10:26:30 +01:00
Asger F
f3a4acf0b2 JS: Add async functions to test 2019-05-07 10:11:42 +01:00
Asger F
1f897b4b63 JS: step through Error constructor and accept the potential FP 2019-05-07 10:11:41 +01:00
Asger F
b0090c2fe6 JS: Add test case for flow through new Error() 2019-05-07 10:11:41 +01:00
Asger F
36cefd8fc6 JS: Track taint through exceptions 2019-05-07 10:11:41 +01:00
Tom Hvitved
7b7a1ecea0 C#: Move DelegateDataFlow.qll into internal folder 2019-05-06 14:54:11 +02:00
Tom Hvitved
c6a471e4b6 C#: Adopt shared data flow implementation 
- General refactoring to fit with the shared data flow implementation.
- Move CFG splitting logic into `ControlFlowReachability.qll`.
- Replace `isAdditionalFlowStepIntoCall()` with `TaintedParameterNode`.
- Redefine `ReturnNode` to be the actual values that are returned, which should
  yield better path information.
- No longer consider overrides in CIL calls.
 2019-05-06 14:54:11 +02:00
Tom Hvitved
a6fa6dfd74 C#: Add shared data flow files 2019-05-06 14:54:11 +02:00
Tom Hvitved
26debb846c C#: Change ImplicitCapturedArgumentNode::toString() 2019-05-06 14:54:11 +02:00
Jonas Jensen
639d715d03 Merge pull request #1226 from hvitved/dataflow/prepare-for-csharp 
Generalize data-flow library in preparation for C# adoption
 2019-05-06 14:42:46 +02:00
Anders Schack-Mulligen
f367427fb8 Java: Deprecate RemoteUserInput. 2019-05-06 13:43:58 +02:00
Jonas Jensen
b52015a584 C++: QLDoc for QualifiedName.qll 2019-05-06 11:28:56 +02:00
Jonas Jensen
56e88cbac0 C++: Use underlyingElement for QualifiedName calls 
Since the types in `QualifiedName.qll` are raw db types, callers need to
use `underlyingElement` and `unresolveElement` as appropriate. This has
no effect right now but will be needed when we switch the AST type
hierarchy to `newtype`s.
 2019-05-06 11:24:28 +02:00
Jonas Jensen
662d55fd72 C++: Add tests for qualified names 2019-05-06 10:58:05 +02:00
Jonas Jensen
98657ebea7 C++: Change note for hasGlobalName 2019-05-06 10:14:44 +02:00
Calum Grant
19c7360e19 Merge pull request #1301 from hvitved/csharp/more-dataflow-tests 
C#: Add more data flow tests
 2019-05-03 16:41:21 +01:00
Anders Schack-Mulligen
10a6362357 Java: Introduce an abstract class RemoteFlowSource to ease customization. 2019-05-03 15:48:22 +02:00
Tom Hvitved
d9bf0a670e Data flow: Address review comments 2019-05-03 15:00:48 +02:00
Max Schaefer
e0e6224987 Merge pull request #1298 from asger-semmle/full-mode-fixes-rc120 
TS: Backport full-mode fixes to rc/1.20
v1.20.2 		2019-05-03 13:57:47 +01:00
Jonas Jensen
b98daae077 C++: Remove deprecated from hasQualifiedName/1 
The predicate is still deprecated, but we can't mark it as such until
the queries in our internal repo have migrated away from it.
 2019-05-03 13:22:23 +02:00
Geoffrey White
ceda0d5c25 Merge pull request #1300 from jbj/MistypedFunctionArguments-rounding 
C++: Use a smaller `double` literal in test
 2019-05-03 09:56:42 +01:00
Jonas Jensen
6d954fe53e C++: Deprecate hasQualifiedName/1 
This predicate handles templates differently from the other overloads
with the same name, so it's likely to cause confusion.
 2019-05-03 10:37:48 +02:00
Jonas Jensen
5e789901df C++: Remove all uses of hasQualifiedName/1 2019-05-03 10:37:48 +02:00
Jonas Jensen
64a87a863c C++: Remove uses of getQualifiedName 
This removes all uses of `Declaration.getQualifiedName` that I think can
be removed without changing any behaviour. The following uses in the
LGTM default suite remain:

* `cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql` (in `select`).
* `cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowDispatch.qll` (needs template args).
* `cpp/ql/src/semmle/code/cpp/security/FunctionWithWrappers.qll` (used for alert messages).
 2019-05-03 10:37:48 +02:00
Jonas Jensen
0a2e28858a C++: Rework how qualified names are computed 2019-05-03 10:37:48 +02:00
Jonas Jensen
b51ce87ae8 C++: Autoformat QualifiedName.qll 2019-05-03 10:37:47 +02:00
Jonas Jensen
b97ff1a72f C++: Take QualifiedName.qll from Ian's branch 
This imports `QualifiedName.qll` from
2f74a456290b9e0850b7308582e07f5d68de3a36 and makes minimal changes so it
compiles.

Original author: Ian Lynagh <ian@semmle.com>
 2019-05-03 10:37:12 +02:00
Tom Hvitved
dfdfae8dd6 C#: Add more data flow tests 2019-05-03 09:41:39 +02:00
Jonas Jensen
93658038bc C++: Use a smaller double literal in test 
This number got rounded differently on Linux and Windows, causing the
Windows test to fail.
 2019-05-03 09:06:10 +02:00
Jonas Jensen
82a6629799 Merge pull request #1016 from dave-bartolomeo/dave/PreciseDefs 
C++: SSA flow through fields and imprecise defs
 2019-05-03 08:12:13 +02:00
Tom Hvitved
b6206d7370 Data flow: Introduce ReturnKind 2019-05-02 20:30:50 +02:00
Dave Bartolomeo
7071692373 C++: Clarify comment based on PR feedback 2019-05-02 11:18:10 -07:00
Dave Bartolomeo
34a422c756 C++: Accept test output after value category extractor fix 2019-05-02 11:18:10 -07:00
Dave Bartolomeo
ad966e4bd4 C++: Accept test diffs after imprecise use format change 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
fef58ec1ee C++: Add "~" prefix to inexact uses 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
ff12ed145e C++: Update test expectations after StmtExpr changes 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
95a62beb7a C++: Update test expectations due to better dataflow analysis 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
5dcd314908 C++: Update to conform to new API naming 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
65535449d6 C++: Fix merge conflicts 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
0cde86d3c1 C++: Fix PR feedback 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
9869fd32d0 C++: Add implementation documentation for SSA 2019-05-02 11:18:08 -07:00
Dave Bartolomeo
e0f7344676 C++: Imprecise definitions in SSA 2019-05-02 11:18:08 -07:00
Dave Bartolomeo
9726428bcc C++: More SSA test cases 2019-05-02 11:18:08 -07:00
Dave Bartolomeo
eed0894029 C++: Add operand labels for more operand tags 
I kept forgetting which operand on a Chi instruction was which, so I added dump labels. I added labels for the function target of a `Call`, for positional arguments, and for address operands as well.
 2019-05-02 11:18:08 -07:00
Dave Bartolomeo
a7f3160684 C++: New SSA tests 2019-05-02 11:18:08 -07:00
Jonas Jensen
e68dda8ce8 Merge pull request #1299 from felicity-semmle/cpp-qldoc/fix-typo 
Fix typo in C/C++ QL library docs
 2019-05-02 17:10:25 +02:00
ian-semmle
464f66b529 Merge pull request #1287 from nickrolfe/fold 
C++: support for fold expressions
 2019-05-02 15:39:10 +01:00
Felicity Chapman
46177dd378 Fix typo in C/C++ QL library docs 2019-05-02 13:36:39 +01:00
Asger F
5ed3c50dbe TS: Workaround issue with infer types 2019-05-02 13:28:30 +01:00