hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 03:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
abc71cba4c Merge pull request #913 from markshannon/python-add-3-library-tests 
Python add 2/3 specific library tests
 2019-02-12 12:54:15 +01:00
calum
33e6b5e55f C#: Fix tests 2019-02-12 10:59:31 +00:00
semmle-qlci
ac3f413b87 Merge pull request #920 from xiemaisi/js/field-as-prop-write 
Approved by asger-semmle
 2019-02-12 10:48:13 +00:00
Calum Grant
0513828000 Merge pull request #922 from hvitved/csharp/cfg/remove-exception-edges 
C#: Remove some impossible CFG exception edges
 2019-02-12 10:42:07 +00:00
Calum Grant
e10ea73a07 Merge pull request #901 from hvitved/csharp/conditional-assign-join-order 
C#: Improve join order in `conditionalAssign()`
 2019-02-12 10:39:49 +00:00
Mark Shannon
220b881096 Python: Points-to should flow through call-sites if not assigned outside of scope. 2019-02-12 09:57:45 +00:00
Mark Shannon
384fa5db3f Python: clarfiy change note. 2019-02-12 09:53:00 +00:00
Calum Grant
b557b7b438 Merge pull request #895 from hvitved/csharp/get-a-thrown-exception 
C#: Avoid using `ExceptionClass` in deliberate Cartesian products
 2019-02-12 09:49:03 +00:00
Dave Bartolomeo
c224bbd767 C++: Fix Operand.getSize() 2019-02-11 17:48:59 -08:00
calum
b51eb2cb92 C#: Fix tags in documentation. 2019-02-11 17:52:55 +00:00
Dave Bartolomeo
bd46c43067 C++: Add sanity test for missing operand type 2019-02-11 09:47:00 -08:00
Dave Bartolomeo
a54d86423a C++: Add Operand.getType() 2019-02-11 09:47:00 -08:00
Dave Bartolomeo
fa2ef620ac C++: Rationalize RegisterOperand vs. MemoryOperand 
This change does some shuffling to make the distinction between memory operands and register operands more clear in the IR API. First, any given type that extends `Operand` is now either always a `MemoryOperand` or always a `RegisterOperand`. This required getting rid of `CopySourceOperand`, which was used for both the `CopyValue` instruction (as a `RegisterOperand`) and for the `Load` instruction (as a `MemoryOperand`). `CopyValue` is now just a `UnaryInstruction`, `Store` has a `StoreValueOperand` (`RegisterOperand`), and all of the instructions that read a value from memory indirectly (`Load`, `ReturnValue`, and `ThrowValue`) all now have a `LoadOperand` (`MemoryOperand`).

There are no diffs in the IR output for this commit, but this change is required for a subsequent commit that will make each `MemoryOperand` have a `Type`, which in turn is needed to fix a critical bug in aliased SSA construction.
 2019-02-11 09:47:00 -08:00
calum
8bb1af884a C# extractor: Limit string literals to 1MB. This is made more complicated by the fact that we need to limit the number of bytes to output, rather than the number of characters. 2019-02-11 17:36:23 +00:00
Tom Hvitved
8cb8c967d2 C#: Remove some impossible CFG exception edges 2019-02-11 16:17:01 +01:00
Tom Hvitved
6ff4206d53 C#: Add CFG test 2019-02-11 16:03:25 +01:00
Tom Hvitved
14bdea1cf2 Merge pull request #847 from calumgrant/cs/json.net 
C#: Model Json.NET dataflow
 2019-02-11 15:48:01 +01:00
Anders Schack-Mulligen
be3191aa6b Merge pull request #871 from nickrolfe/vim 
Vim syntax highlighting and file-type detection
 2019-02-11 13:10:48 +01:00
Anders Schack-Mulligen
52ad816074 Merge pull request #904 from rneatherway/zipslip-fix 
Java: Add a flow step for `Path::toFile` in ZipSlip
 2019-02-11 13:08:38 +01:00
Nick Rolfe
7db2f643cc Vim syntax: add missing annotations and annotation arguments 2019-02-11 11:42:53 +00:00
semmle-qlci
10b00254ec Merge pull request #915 from asger-semmle/closure-uri-methods 
Approved by xiemaisi
 2019-02-11 10:51:07 +00:00
Anders Schack-Mulligen
e4ba5ce608 Merge pull request #787 from hmakholm/pr/fix-useless-parameter 
Fix false positives in java/unused parameter
 2019-02-11 11:49:21 +01:00
Robin Neatherway
409733838b Java: Add a flow step for Path::toFile in ZipSlip 2019-02-11 10:33:44 +00:00
Taus
fb8d0f5b1f Merge pull request #850 from markshannon/python-improve-import-analysis 
Python improve import analysis
 2019-02-11 10:28:37 +01:00
Max Schaefer
10ef945b51 JavaScript: Restrict InstanceFieldAsPropWrite to fields with initializers. 2019-02-11 08:17:53 +00:00
Robert Marsh
184e65d8a1 Merge pull request #919 from dave-bartolomeo/dave/SSATests 
C++: Split out SSA IR tests
 2019-02-08 18:18:01 -08:00
Dave Bartolomeo
bda00bbff2 C++: Split out SSA IR tests 
The IR tests were getting kind of unwieldy. We were using "ir.cpp" to contain test cases that covered both IR construction (every language construct imaginable) and SSA construction. We would then build and dump all three flavors of IR. For IR construction tests, examining the SSA dumps when you add a new test case is tedious.

To make this easier to manage, I've split the SSA-specific test cases out into a separate directory. "ir.cpp" should now contain only IR construction test cases, and "ssa.cpp" should contain only SSA construction test cases. We dump just the raw IR for "ir.cpp", and just the two SSA flavors for "ssa.cpp". We still run all three flavors of the IR sanity tests for "ir.cpp", though.

I also removed the "ssa_block_count.ql" test, which wasn't really adding any coverage, because any change to the block count would be reflected in the dump as well.
 2019-02-08 15:28:06 -08:00
semmle-qlci
986afa1b1b Merge pull request #909 from xiemaisi/js/improve-incomplete-sanitization-alerts 
Approved by esben-semmle
 2019-02-08 17:39:36 +00:00
semmle-qlci
232d81a4ed Merge pull request #908 from xiemaisi/js/enable-ms-queries 
Approved by esben-semmle
 2019-02-08 17:38:27 +00:00
Mark Shannon
ee143ee041 Python: Add change note for unified parser. 2019-02-08 16:44:01 +00:00
Asger F
74a9c4b500 JS: use type inference to back up function-style classes 2019-02-08 16:42:24 +00:00
Mark Shannon
e37bda27d5 Python points-to: Clarify use of '$' variable. 2019-02-08 15:54:51 +00:00
Calum Grant
9319d66c13 Merge pull request #893 from hvitved/csharp/cfg/splitting-performance-tweaks 
C#: CFG performance improvements
 2019-02-08 15:52:51 +00:00
Geoffrey White
8b2405b267 CPP: Update severity/precision of LargeParameter.ql. 2019-02-08 15:23:57 +00:00
calum
d18bbf6a73 C#: Make query only apply to reftypes, since I believe valuetypes are safe or cannot be fixed trivially using the volatile keyword. 2019-02-08 15:18:29 +00:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00
Asger F
fd2e9f1fcb JS: shift line numbers in RequestForgery test 2019-02-08 15:13:33 +00:00
Mark Shannon
52ddd79cab Python: Add 2/3 specific query tests. 2019-02-08 15:13:17 +00:00
calum
b473d2f7a8 C#: Update change notes. Decrease the priority of this query because the volatile keyword is no longer needed on modern .Net runtimes. 2019-02-08 14:59:45 +00:00
calum
7addd41e38 C#: Fixes to double-checked lock. 2019-02-08 14:57:57 +00:00
Mark Shannon
adb4c42aa5 Python: Add 2-only library tests. 2019-02-08 14:49:04 +00:00
Mark Shannon
49307a72b4 Python: Add 3-only library tests. 2019-02-08 14:39:27 +00:00
calum
c9cf183878 C#: Fix merge conflicts. 2019-02-08 14:38:51 +00:00
calum
08d13ea363 C#: Address review comments. 2019-02-08 14:38:51 +00:00
calum
15a2f9dc13 C#: Add change note. 2019-02-08 14:38:51 +00:00
calum
7f7a92d092 C#: Model Json.NET dataflow. 2019-02-08 14:37:54 +00:00
semmle-qlci
937049e060 Merge pull request #891 from xiemaisi/js/simplify-sensitive-actions 
Approved by esben-semmle
 2019-02-08 14:12:47 +00:00
Taus
90eccbdf76 Merge pull request #836 from markshannon/python-mutating-descriptor 
Python: Fix up mutating-descriptor query
 2019-02-08 15:10:30 +01:00
Nick Rolfe
01fac31641 Vim syntax: highlight numbers and new keywords 2019-02-08 13:43:15 +00:00
Jonas Jensen
566eafc706 Merge pull request #823 from dave-bartolomeo/dave/IdentityString 
C++: Declaration.getIdentityString and Type.getTypeIdentityString
 2019-02-08 13:16:02 +01:00