hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 20:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,690 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
ef0a6b6713 Python points-to: Rationalize handling of expressions and conditions. Tweak API to be a bit more backward-compatible. 2019-04-26 16:21:46 +01:00
Mark Shannon
54c27e1d4b Python points-to: Various minor performance tweaks. 2019-04-26 16:21:46 +01:00
Mark Shannon
23ca403728 Python points-to: Understand callable and hasattr. 2019-04-26 16:21:46 +01:00
Mark Shannon
8af6cb6644 Python points-to: Use objects, not booleans when doing evaluation of tests. 2019-04-26 16:21:46 +01:00
Mark Shannon
610a35c187 Python points-to: Improve backwards compatibility for comparisons. 2019-04-26 16:21:45 +01:00
Mark Shannon
f7edbcc6d9 Python points-to: Clean up interface, and deprecate old interface. 2019-04-26 16:21:45 +01:00
Mark Shannon
d3762ac5a1 Rename 'points_to' to 'pointsTo'. 2019-04-26 16:21:45 +01:00
Mark Shannon
931100c772 Python points-to: Add float objects for better backwards compatibility. 2019-04-26 16:21:45 +01:00
Mark Shannon
e9f58ba3a7 Python: refactor ConstantObjects. 2019-04-26 16:21:45 +01:00
Mark Shannon
0b0a6337f3 Python points-to: Support descriptor protocols, particularly functions. 2019-04-26 16:21:45 +01:00
Mark Shannon
dbf228d005 Python points-to: Better handling of *args, **kwargs and procedures. 2019-04-26 16:21:45 +01:00
Mark Shannon
f5c32421f4 Python points-to: Handle list, dict and float literals as instances. 2019-04-26 16:21:45 +01:00
Mark Shannon
48297e299e Python points-to: Improve handling of 'type' object. 2019-04-26 16:21:45 +01:00
Mark Shannon
85a9016c8c Python points-to: make 'self' instances distinct from other instances. 2019-04-26 16:21:45 +01:00
Mark Shannon
12853ccf30 Python points-to: Add support for tuples. 2019-04-26 16:21:45 +01:00
Mark Shannon
dd83149cc3 Python points-to: Port old API classes to use new points-to. 2019-04-26 16:21:45 +01:00
Mark Shannon
aa30745492 Python points-to: Further types and flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
e3ed8c6abf Python points-to: Simplify handling of booleans and comparisons. 2019-04-26 16:21:45 +01:00
Mark Shannon
84c9866c50 Python points-to: Add generic instances and handle returns for builtin functions. Move attribute lookup handling to objects. 2019-04-26 16:21:45 +01:00
Mark Shannon
ce9d0f1a06 Python points-to: Add support for some more ESSA definitions. 2019-04-26 16:21:45 +01:00
Mark Shannon
ec151e9b02 Python points-to: Convert two pairs of predicates to methods on booleans. 2019-04-26 16:21:45 +01:00
Mark Shannon
39b9723054 Python: Add support for bound-methods. 2019-04-26 16:21:45 +01:00
Mark Shannon
bf692f4aad Python: Add better class support, including inheritance. 2019-04-26 16:21:45 +01:00
Mark Shannon
5a46df2132 Python: Add ADTs for ints and strings. Add some global data-flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
051683fadf Python: Break-up internal object modules. 2019-04-26 16:21:45 +01:00
Mark Shannon
c48d63f2ec Python: First draft of ADT based objects and attendant points-to. 2019-04-26 16:21:45 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Max Schaefer
e2666a9203 Update javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-04-26 11:58:40 +02:00
Esben Sparre Andreasen
27f88c38ac JS: help the optimizer with NPMPackage/File relations 2019-04-26 11:49:07 +02:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Robert Marsh
f5c57b77e6 C++: fix whitespace 2019-04-25 16:16:27 -07:00
Mark Shannon
2db06f9881 Merge pull request #1282 from taus-semmle/python-various-dist-compare-fixes 
Python: Add missing `override` annotations.
 2019-04-25 18:39:01 +01:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Geoffrey White
63b6942d0d CPP: Improve performance of RedundantNullCheckSimple.ql. 2019-04-25 15:56:49 +01:00
Taus Brock-Nannestad
c8cbae37d9 Python: Add missing override annotations. 2019-04-25 16:48:47 +02:00
Felicity Chapman
156c826f86 Update supported versions for C# 2019-04-25 15:36:01 +01:00
Jonas Jensen
48a3385809 C++: Work around extractor issue CPP-383 
This fixes `PointlessComparison.ql` on https://github.com/an-tao/drogon.
The QL is a bit obfuscated because it looks for a pattern that's
impossible according to the dbscheme. There is no accompanying test
because we haven't been able to boil this problem down to a simple test
case. If we could, we'd fix it directly in the extractor instead.
 2019-04-25 15:05:27 +02:00
semmle-qlci
3231b60e6b Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Asger F
47ba7d3004 Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
semmle-qlci
a504ad4261 Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
semmle-qlci
3fbfb79c5b Merge pull request #1276 from adityasharad/js/node-runtime-env-var 
Approved by asger-semmle
 2019-04-24 16:55:14 +01:00
Taus
0917936100 Merge pull request #1273 from markshannon/python-fix-odasa-7890 
Add test confirming correct handling of zope.interface.Interface in query.
 2019-04-24 11:59:35 +02:00
Asger F
a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Jonas Jensen
1dcfd21a5c Merge pull request #1264 from geoffw0/redundantnullperf 
CPP: Add qhelp for RedundantNullCheckSimple.ql.
 2019-04-24 10:25:23 +02:00
Aditya Sharad
4121e7245b TS extractor: Allow the Node.js runtime to be configured via environment variables. 
`SEMMLE_TYPESCRIPT_NODE_RUNTIME` can be used to provide the path to the Node.js runtime executable.
If this is omitted, the extractor defaults to the current behaviour of looking for `node` on the PATH.

`SEMMLE_TYPESCRIPT_NODE_RUNTIME_EXTRA_ARGS` can be used to provide additional arguments to the
Node.js runtime. These are passed first, before the arguments supplied by the extractor.

These changes are designed to allow TypeScript extraction in controlled customer environments where
we cannot control the PATH, or must use custom Node.js executables with certain arguments set.
 2019-04-23 15:04:14 -07:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
semmle-qlci
060aa8cb6c Merge pull request #1274 from asger-semmle/ts-export-equals 
Approved by xiemaisi
 2019-04-23 17:07:52 +01:00
Geoffrey White
6234b26496 CPP: Make some repairs manually. 2019-04-23 14:45:27 +01:00