hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 05:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,318 Commits 1,679 Branches 158 Tags
codeql-cli/v2.14.4
Commit Graph

58318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
b2e304951e Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00
Max Schaefer
a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen
b4952e7bfd JS: improve and expose SensitiveActions::HeuristicNames 2018-08-20 08:27:42 +02:00
Esben Sparre Andreasen
804c06bd59 JS: add models of logging frameworks 2018-08-20 08:27:42 +02:00
Dave Bartolomeo
d975964674 Merge pull request #70 from hvitved/csharp/graph-tests 
C#: Do not use `@kind graph` in ql tests
 2018-08-18 10:04:07 -07:00
Dave Bartolomeo
332e944c16 C++: Remove ConvertToVoid, replace with Convert 2018-08-18 10:01:12 -07:00
Dave Bartolomeo
650539dbb6 C++: IR sanity query unnecessaryPhiInstruction 
Have `Instruction.getResultSize()` return zero for `void`.
 2018-08-17 15:37:19 -07:00
Denis Levin
276deee68c Added comments to the test file. Fixed a typo. 2018-08-17 10:50:52 -07:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Robert Marsh
4698d13a0d JavaScript: add change note 2018-08-17 10:16:51 -07:00
Robert Marsh
4da9d6d795 JavaScript: add support for Electron http client 2018-08-17 10:16:51 -07:00
calumgrant
c2ad56adce Fix table format 2018-08-17 18:15:02 +01:00
calum
2a66585028 Address some review comments, apart from the bullet format. 2018-08-17 18:12:08 +01:00
Tom Hvitved
0edd0057fc C#: Do not use @kind graph in ql tests 2018-08-17 17:55:13 +02:00
Asger F
7f77acf5f6 TypeScript: add change note 2018-08-17 14:48:53 +01:00
Asger F
3806e4b1aa JavaScript: add tests for "import" types 2018-08-17 14:26:32 +01:00
Asger F
c902a4e880 TypeScript: add classes for "import" types 2018-08-17 14:26:32 +01:00
Asger F
875b6d0155 TypeScript: add "import" types to dbscheme 2018-08-17 14:26:32 +01:00
Asger F
4dc1462b6b JavaScript: fix performance issue in ServerSideUrlRedirect.qll 2018-08-17 14:02:19 +01:00
Dave Bartolomeo
f4a060099b C++: Handle casts to void in IR 
Casts to `void` did not have a semantic conversion type in the AST, so they also weren't getting generated correctly in the IR. I've added a `VoidConversion` class to the AST, along with tests. I've also added IR translation for such conversions, using a new `ConvertToVoid` opcode. I'm not sure if it's really necessary to generate an instruction to represent this, but it may be useful for detecting values that are explicitly unused (e.g. return value from a call).

I added two new sanity queries for the IR to detect the following:
- IR blocks with no successors, which usually indicates bad IR translation
- Phi instruction without an operand for one of the predecessor blocks.

These sanity queries found another subtle IR translation bug. If an expression that is normally translated as a condition (e.g. `&&`, `||`, or parens in certain contexts) has a constant value, we were not creating a `TranslatedExpr` for the expression at all. I changed it to always treat a constant condition as a non-condition expression.
 2018-08-17 01:44:54 -07:00
Robert Marsh
bea298fcab Merge pull request #65 from dave-bartolomeo/dave/Graph 
C++: Make IR dump and AST dump tests use the official graph query format
 2018-08-16 17:33:30 -07:00
Denis Levin
2a46a26d9e Update addressing review comments 2018-08-16 17:29:04 -07:00
semmle-qlci
83c539ace6 Merge pull request #54 from denislevin/denisl/cs/ZipSlip 
Approved by calumgrant
 2018-08-16 20:01:53 +01:00
Dave Bartolomeo
3ebb7938f6 C++: Make IR dump and AST dump tests use the official graph query format 2018-08-16 10:14:56 -07:00
calum
68d8b66a1f Minor edits. 2018-08-16 14:01:31 +01:00
calum
72e690764e Add the QL Style Guide. 2018-08-16 13:23:01 +01:00
ian-semmle
692f416143 Merge pull request #40 from nickrolfe/dependent_template_alias 
C++: dependent template alias
 2018-08-15 17:41:24 +01:00
Geoffrey White
fdfbfb365f Merge pull request #62 from ian-semmle/302_1_test 
C++: Improve the JSF 3.02 rule 1 message, and add a test
 2018-08-15 17:22:33 +01:00
semmle-qlci
63180d484b Merge pull request #60 from pavgust/imp/c-wrapped-functions 
Approved by dave-bartolomeo, jbj
 2018-08-15 16:44:27 +01:00
Ian Lynagh
d2b4265b73 C++: Improve the JSF 3.02 rule 1 message, and add a test 2018-08-15 15:26:18 +01:00
Jonas Jensen
6225fcf2b8 Merge pull request #12 from pavgust/imp/c-locations 
Simplify C locations handling
 2018-08-15 16:14:31 +02:00
semmle-qlci
6132b2c419 Merge pull request #34 from esben-semmle/js/twitter_text-library 
Approved by xiemaisi
 2018-08-15 14:45:52 +01:00
ian-semmle
6e7b3ad90c Merge pull request #61 from Semmle/cpp-CODEOWNERS 
Remove @Semmle/cpp from CODEOWNERS
 2018-08-15 13:36:59 +01:00
semmle-qlci
12577f0280 Merge pull request #47 from jbj/ir-perf-blocks-etc 
Approved by dave-bartolomeo
 2018-08-15 12:53:43 +01:00
Nick Rolfe
6b6749854e Remove @Semmle/cpp from CODEOWNERS 2018-08-15 12:32:54 +01:00
Nick Rolfe
df1f51463f C++: extend test to cover template aliases 2018-08-15 10:44:51 +01:00
Nick Rolfe
5bef9f7118 C++: test for resolving specialisations dependent on template aliases 2018-08-15 10:44:51 +01:00
Geoffrey White
f904aed016 Merge pull request #57 from jbj/suites-in-ql-repo 
C++: Move C/C++ suites to ql repo
 2018-08-15 10:19:08 +01:00
semmle-qlci
8e5059f43a Merge pull request #58 from xiemaisi/js/demote-heterogeneous-comparison 
Approved by asger-semmle
 2018-08-15 09:01:24 +01:00
Max Schaefer
105b6c9d84 Merge pull request #59 from tibbes/js/fix-qhelp-typo 
JS: fix typo in qhelp (parameter type confusion)
 2018-08-15 08:36:25 +01:00
Esben Sparre Andreasen
a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Denis Levin
a09e7db08d Removing @precision high tag 2018-08-14 18:41:21 -07:00
Denis Levin
cdc065cc38 Merge pull request #1 from calumgrant/cs/ZipSlip 
C#: Fix the unit tests for ZipSlip
 2018-08-14 18:35:48 -07:00
Pavel Avgustinov
d999ada22c FunctionsWithWrappers: Simplify/tidy library. 2018-08-14 17:16:15 -07:00
Pavel Avgustinov
628edc9577 definitions.qll: Tidy up handling of type mentions 2018-08-14 16:38:57 -07:00
Pavel Avgustinov
3bc06627e1 Simplify definitions.qll for C++. 2018-08-14 16:38:56 -07:00
Pavel Avgustinov
382ae85431 Simplify location handling for C++ locations. 2018-08-14 16:38:56 -07:00
Max Schaefer
303b0a0027 JavaScript: Demote HeterogenousComparison to warning level. 2018-08-14 15:54:07 +01:00