hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 19:51:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
6b1cd17009 C++: Fix FPs due to data flow Conversion handling 
Since we cannot track data flow from a fully-converted expression but
only the unconverted expression, we should check whether the address
initially escapes into the unconverted expression, not the
fully-converted one.

This fixes most of the false positives observed on lgtm.com.
 2019-03-16 20:50:27 +01:00
Jonas Jensen
1a7351ef6e C++: Add tests for three FPs observed on lgtm.com 2019-03-16 20:50:27 +01:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
aa9ba9557c JavaScript: Include 'unzipper' library in ZipSlip. 2019-03-15 09:32:39 -04:00
Jason Reed
8124980f58 JavaScript: Add change note and comment. 2019-03-15 09:32:39 -04:00
Jason Reed
a674dbb5cd JavaScript: Update docstrings to reflect generalization. 2019-03-15 09:31:26 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Calum Grant
5a3cf2c5bb Merge pull request #1054 from raulgarciamsft/users/raulga/ICryptoTransformLambda 
2n part of ICryptoTransform.
 2019-03-15 12:55:09 +00:00
Max Schaefer
5441352d41 Merge pull request #1113 from esben-semmle/js/useless-property-assign-setter 
JS: improve use of attributes from ~Object.defineProperty~
 2019-03-15 12:11:50 +00:00
Mark Shannon
7213b72b9b Python: Allow points-to extensions to specify just the object, and infer the class. Allows points-to extensions to more easily compatible across versions. 2019-03-15 11:09:46 +00:00
Taus
af1c502b11 Merge pull request #1098 from markshannon/python-2-print 
Python: Don't report Python 2 print statements as having no effect.
 2019-03-15 11:40:32 +01:00
Taus
eec59c2c7d Merge pull request #1092 from markshannon/python-fix-2-tests 
Python: Update python-2 specific tests for new parser/tokenizer.
 2019-03-15 11:38:34 +01:00
Jonas Jensen
690e2ae514 Merge pull request #1116 from rdmarsh2/rdmarsh/cpp/ir-guards-perf 
C++: fix cartesian product in IRGuards.qll
 2019-03-15 11:35:15 +01:00
Taus
0b2f44b54b Merge pull request #1052 from markshannon/python-taint-tracking-configuration 
Python: Add taint-tracking configuration.
 2019-03-15 11:34:59 +01:00
Pavel Avgustinov
7386ca911b Merge pull request #763 from sjvs/patch-1 
Make licensing text in README.md more generic
 2019-03-15 09:02:08 +00:00
semmle-qlci
cb86687302 Merge pull request #1078 from psygnisfive/UndefinedReturns 
Approved by xiemaisi
 2019-03-15 08:37:12 +00:00
Felicity Chapman
ee9e083f2a Minor text changes to analysis notes 2019-03-15 08:03:27 +00:00
Robert Marsh
dfb7076fae C++: fix cartesian product in IRGuards.qll 2019-03-14 13:37:35 -07:00
Robin Neatherway
6453b05a41 Merge pull request #1087 from jf205/update-qhelp-style-guide 
Docs: mention lgtm in qhelp style guide
 2019-03-14 19:28:43 +00:00
Ziemowit Laski
2d5bdc85b0 Add 'restrict' support to the C++ test cases. 2019-03-14 12:12:45 -07:00
Raul Garcia
110c75051c Update .gitignore 2019-03-14 11:04:03 -07:00
Raul Garcia
2521848322 Merging the scenarios. 2019-03-14 10:57:22 -07:00
Rebecca Valentine
f3683794d6 stylistic changes per PR change req. in description 
https://github.com/Semmle/ql/pull/1078#pullrequestreview-214401005
 2019-03-14 09:49:02 -07:00
semmle-qlci
e648477d14 Merge pull request #1114 from xiemaisi/js/yield-import 
Approved by asger-semmle
 2019-03-14 16:48:04 +00:00
Calum Grant
0471471d46 Merge pull request #1109 from hvitved/csharp/conditional-bypass 
C#: Fix performance regression in `cs/user-controlled-bypass`
 2019-03-14 16:19:47 +00:00
Taus
95eb4cf90d Merge pull request #1089 from markshannon/python-fix-redundant-comparison-complex-test 
Fix false positive for redundant comparison query
 2019-03-14 17:12:44 +01:00
semmle-qlci
d549a0dcb8 Merge pull request #1111 from xiemaisi/js/performance-fiddling 
Approved by esben-semmle
 2019-03-14 14:56:26 +00:00
Esben Sparre Andreasen
bfc1c6ec8e JS: change notes 2019-03-14 14:53:26 +01:00
semmle-qlci
5d9d23ee71 Merge pull request #1110 from xiemaisi/js/yield-in-non-generator 
Approved by asger-semmle
 2019-03-14 11:59:43 +00:00
semmle-qlci
7513bcf7ec Merge pull request #1095 from xiemaisi/js/base64 
Approved by esben-semmle
 2019-03-14 11:58:50 +00:00
semmle-qlci
bd3792a49a Merge pull request #1108 from xiemaisi/js/make-zipslip-visible-by-default 
Approved by esben-semmle
 2019-03-14 11:58:00 +00:00
Max Schaefer
8e52528219 JavaScript: Refactor reachableFromInput to improve join. 2019-03-14 11:53:46 +00:00
Max Schaefer
993345fb7b JavaScript: Track Electron browser objects locally only. 2019-03-14 11:53:46 +00:00
Esben Sparre Andreasen
bd7eef08e8 JS: introduce CallToObjectDefineProperty::getAPropertyAttribute 2019-03-14 11:59:27 +01:00
Esben Sparre Andreasen
ff5b85067a JS: add tests 2019-03-14 11:55:41 +01:00
Max Schaefer
69c63110c1 JavaScript: Teach Function.isGenerator to check for yield. 2019-03-14 10:48:44 +00:00
Mark Shannon
ab23a157ef Python: Move taint-tracking library to new location and extend configuration to match API of other languages. 2019-03-14 10:22:57 +00:00
Tom Hvitved
84c3073c2a C#: Fix performance regression in cs/user-controlled-bypass 2019-03-14 10:36:50 +01:00
Felicity Chapman
01b8770b7c Merge pull request #1065 from yh-semmle/java-frameworks-notes 
Java: update frameworks list for 1.20 release
 2019-03-14 09:15:46 +00:00
Max Schaefer
5d35626c58 JavaScript: Rename a test file to avoid case clash. 2019-03-14 08:55:30 +00:00
Max Schaefer
cc8d68082e JavaScript: Show ZipSlip results by default. 2019-03-14 08:50:47 +00:00
semmle-qlci
28efd91bbc Merge pull request #1106 from xiemaisi/js/fix-backtrack-example 
Approved by asger-semmle
 2019-03-14 08:18:00 +00:00
Ziemowit Laski
586aa0ae41 Updated query to look for Microsoft-specific '_alloca' and '_malloca' entry points. Added sundry positive and negative test cases. 2019-03-13 18:43:24 -07:00
ian-semmle
6a555d0054 Merge pull request #1102 from nickrolfe/declarationEntry 
C++: accept test output from extractor changes to template class decls
 2019-03-13 22:45:49 +00:00
yh-semmle
d7925ee2ec Java: tweak change note as per review comment 2019-03-13 14:31:13 -04:00
Rebecca Valentine
f9012cb00e improves tests 2019-03-13 10:48:02 -07:00
Rebecca Valentine
64f731c8aa adds clarification in docs 2019-03-13 10:46:39 -07:00
Rebecca Valentine
688e7a9730 improves docs 2019-03-13 10:10:57 -07:00
Calum Grant
a547fbea14 Merge pull request #1073 from hvitved/csharp/get-an-indexer-call 
C#: Improve performance and correctness of `IndexerProperty::getAnIndexerCall()`
 2019-03-13 17:10:52 +00:00
Rebecca Valentine
7ef33de9d2 add tests to ignore generators and async functions per PR change request in description 
https://github.com/Semmle/ql/pull/1078#discussion_r265010018
 2019-03-13 10:04:23 -07:00