hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 11:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
a709a2d0f3 C++: Add Variable.isConstexpr() 2019-02-28 15:26:15 +00:00
Mark Shannon
af2680729f Python: Fix qldoc. 2019-02-28 15:25:43 +00:00
Mark Shannon
faf9b4886d Python: Add change note for CherryPy support. 2019-02-28 15:25:41 +00:00
Mark Shannon
2df718d632 Python: Make bottle response logic consistent with other frameworks. 2019-02-28 15:25:15 +00:00
Mark Shannon
91a1cc9f0b Python: Add cherrypy handler function return values as taint sinks. 2019-02-28 15:25:13 +00:00
Mark Shannon
6c82be8bda Python: CherryPy web framework support -- requests. 2019-02-28 15:24:58 +00:00
Mark Shannon
e933ba28d5 Python: Add basic support for stdlib cookie objects. 2019-02-28 15:24:36 +00:00
Geoffrey White
832a436a49 Revert "C++: Revert doc-related changes to dbscheme" 
This reverts commit e81d197ebd.
 2019-02-28 14:50:49 +00:00
Geoffrey White
e55dc43111 CPP: Consistency changes suggested by Dave. 2019-02-28 14:50:49 +00:00
Geoffrey White
b1bf1b8f1c CPP: More annotations. 2019-02-28 14:50:49 +00:00
Geoffrey White
dd271f1c93 CPP: Fix type 'diagnosstic'. 2019-02-28 14:50:49 +00:00
Geoffrey White
0c84e06234 CPP: Fix typo. 2019-02-28 14:50:49 +00:00
Geoffrey White
6398298bea CPP: Add keyset annotations to the CPP dbscheme. 2019-02-28 14:50:49 +00:00
Taus
b8b4216352 Merge pull request #979 from markshannon/python-falcon 
Python: Add support for falcon web API framework.
 2019-02-28 15:47:35 +01:00
Max Schaefer
c4fa29dd0f JavaScript: Autoformat extractor sources using google-java-format. 
No special settings; command:

  find javascript/extractor/src -name "*.java" | xargs java -jar /path/to/google-java-format-1.7-all-deps.jar --replace
 2019-02-28 14:30:06 +00:00
Asger F
5478e0da62 Merge pull request #998 from xiemaisi/js/autobuild-file-types 
JavaScript: Make file types customisable in AutoBuild.
 2019-02-28 15:26:35 +01:00
Max Schaefer
2ecabad553 Merge pull request #1004 from asger-semmle/suffix-check-bug 
JS: Recognize '+' in suffix check
 2019-02-28 14:23:26 +00:00
Jonas Jensen
40f3fecb00 C++: Simplify stubs in DataFlowDispatch.qll 
Some of these stubs were quite slow to evaluate. It's possible they
could be optimised, but it seems pointless as long as we don't have
call-context-sensitive virtual dispatch in the C++ library.
 2019-02-28 14:38:29 +01:00
Mark Shannon
1444b3976c Python: Add wsgi.environment as a kind of taint, and add suuport for env attribute of falcon request objects. 2019-02-28 13:06:11 +00:00
Asger F
03ef167c56 JS: Treat res.end() as alias for res.send() in Express 2019-02-28 12:37:11 +00:00
semmle-qlci
edba24129d Merge pull request #1003 from xiemaisi/js/fix-test 
Approved by esben-semmle
 2019-02-28 12:05:44 +00:00
Jonas Jensen
264301be66 C++: Cache TNode and localFlowStep 
These two elements weren't cached, which meant that local data flow was
recalculated in every query that used data flow. They are also cached in
the Java version of `DataFlowUtil.qll`.
 2019-02-28 11:41:51 +01:00
Asger F
8e8085ea1f JS: add test 2019-02-28 10:09:36 +00:00
Max Schaefer
c8a37297f3 Merge pull request #997 from asger-semmle/closure-promise 
JS: model of closure Promises
 2019-02-28 10:05:12 +00:00
Taus
a83f33be33 Merge pull request #1001 from markshannon/python-delete-internal-tests 
Python delete extractor tests. Duplicates of internal tests.
 2019-02-28 11:04:52 +01:00
Max Schaefer
1b5887014b Merge pull request #988 from asger-semmle/spread-taint-step 
JS: add taint step through object/array spread operators
 2019-02-28 09:58:23 +00:00
Calum Grant
c945b7793c Merge pull request #944 from hvitved/csharp/cfg/accessor-call 
C#: Improve CFG for assignments
 2019-02-28 09:34:56 +00:00
Jonas Jensen
7afb4898e6 C++: Change note for def-by-ref data flow 2019-02-28 09:39:51 +01:00
Jonas Jensen
8e6daafd7c C++: Add DefinitionByReferenceNode.getParameter 
This commits also adds a test that uses `getParameter`. The new tests
demonstrate that support for array-to-pointer decay works, but we get
data flow to the array rather than its contents.
 2019-02-28 09:39:51 +01:00
Jonas Jensen
2bc0a8d6fb C++: Remove getVariableAccess from def-by-ref node 
This accessor may not be forward-compatible with an IR-based version,
and it's unclear whether it has any use. The `VariableAccess` remains in
the `TDefinitionByReferenceNode` constructor since it's used to
implement `getType`.
 2019-02-28 09:38:40 +01:00
Max Schaefer
02dff4e9d9 JavaScript: Update expected test output. 2019-02-28 08:21:06 +00:00
Jonas Jensen
7ff732d962 C++: Use OO dispatch for getType and getFunction 2019-02-28 08:23:24 +01:00
Raul Garcia
9eca21cb5a Update .gitignore 2019-02-27 18:43:51 -08:00
Raul Garcia
e24ca8ec40 Update .gitignore 2019-02-27 18:43:33 -08:00
Raul Garcia
1ae18974d8 Fixing bugs found during Code Review. 2019-02-27 18:41:23 -08:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Tom Hvitved
4cbbe37b1e C#: Updated expected test output 2019-02-27 19:25:14 +01:00
Mark Shannon
9170d85155 Python: Fix falcon sources to only be source if a route is attached. 2019-02-27 16:42:31 +00:00
semmle-qlci
8e485b7972 Merge pull request #996 from xiemaisi/js/first-array-elt-in 
Approved by esben-semmle
 2019-02-27 16:19:21 +00:00
Mark Shannon
d605dfd542 Python delete extractor tests. Duplicates of internal tests. 2019-02-27 15:35:52 +00:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Jonas Jensen
972d00822c C++: Generalize std::move data flow 2019-02-27 15:53:00 +01:00
Jonas Jensen
80183464d9 C++: Define DefinitionByReferenceNode 
This enables data flow through `memcpy` and similar functions modeled in
`semmle.code.cpp.model`.
 2019-02-27 15:53:00 +01:00
Asger F
9497199cbd JS: add localFieldStep 2019-02-27 14:20:47 +00:00
Asger F
b6648def19 JS: Add ClassNode.getAReceiverNode 2019-02-27 14:20:47 +00:00
Jonas Jensen
5647a1a658 C++: BlockVar value stops at def by ref (partial) 2019-02-27 15:05:53 +01:00
Geoffrey White
25a5ff5e55 CPP: Similarly update other @deprecated messages. 2019-02-27 13:20:24 +00:00
Geoffrey White
f0356bb83b CPP: Reformat @deprecated message. 2019-02-27 13:18:29 +00:00
Geoffrey White
74f7379ab9 CPP: Change note. 2019-02-27 13:09:10 +00:00
Geoffrey White
3f2e902912 CPP: Remove it from the security dashboard (OverrunWrite.ql is already on there). 2019-02-27 13:09:09 +00:00