hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 16:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
46332d4849 C++: Eliminate recursion from toString(). 2020-05-01 14:12:52 +01:00
Jonas Jensen
36bdcfa42d C++: Remove an unneeded local-flow case 
This case was added in dccc0f4db. The surrounding code has changed a lot
since then, and the case no longer seems to have an effect except to
create some dead ends and possibly cycles in the local flow graph.
 2020-05-01 15:08:15 +02:00
Tom Hvitved
fd32e1110a C#: Remove footnote from versions-compilers.rst 2020-05-01 13:57:28 +02:00
Tom Hvitved
8a41a5fc47 C#: Update version-compilers.rst to mention .NET Core 3.1 2020-05-01 13:48:24 +02:00
Jonas Jensen
5f74c24d4d C++: Test definitions through &, *, ... 2020-05-01 11:04:49 +02:00
Jonas Jensen
4ddf12119d C++: Don't suppress consistency checks for calls 
See https://github.com/github/codeql/pull/3162#discussion_r400849713.
 2020-05-01 11:04:42 +02:00
Taus
33f4503ac3 Merge pull request #3213 from RasmusWL/python-iter-str-seq-with-tests 
Python: supress non-useful results (w/ tests) for iter str/seq query
 2020-05-01 11:04:05 +02:00
Taus
40def2af05 Merge pull request #3311 from RasmusWL/python-parse_qs 
Python: Propagate taint through parse_qs
 2020-05-01 10:40:31 +02:00
Erik Krogh Kristensen
16823143dd refactor getAPropertyUsedInLoadStore 2020-05-01 09:58:11 +02:00
Erik Krogh Kristensen
1a42c9fd80 make predicates private 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-01 09:42:09 +02:00
Jonas Jensen
9fc27e9130 C++: Fix "is constant" check 
The check was supposed to check for constant type, not constant value.
This fixes a false negative that appeared in
`LargeParameter/test.cpp:106`.
 2020-05-01 09:04:31 +02:00
Rasmus Wriedt Larsen
e569d7ae41 Merge branch 'master' into python-parse_qs 2020-04-30 17:05:17 +02:00
Cornelius Riemenschneider
c856552b64 Add preOffset to the bindingset for simpleArrayLengthStep. 2020-04-30 15:00:12 +02:00
semmle-qlci
606a1145eb Merge pull request #3331 from RasmusWL/python-improve-file-taint 
Approved by tausbn
 2020-04-30 13:58:03 +01:00
Jonas Jensen
8ffa124bf9 C++: Addresses may escape through call qualifiers 
Also clarify the docs on `Call` to decrease the likelyhood of such an
omission happening again.

The updated test reflects that `f1.operator()` lets the address of `f1`
escape from the caller.
 2020-04-30 14:27:40 +02:00
Rasmus Wriedt Larsen
e0b4518a3e Merge branch 'master' into python-improve-file-taint 2020-04-30 11:24:29 +02:00
semmle-qlci
59a04282c1 Merge pull request #3381 from RasmusWL/docs-minor-python-fix 
Approved by shati-patel
 2020-04-30 10:11:28 +01:00
Rasmus Wriedt Larsen
862c4b0845 Docs: Fix result of cmp.getComparator(0) in Python tutorial 
Fixes https://github.com/github/codeql/issues/3360
 2020-04-30 10:59:59 +02:00
Tom Hvitved
b03e87f623 Merge pull request #3379 from calumgrant/cs/nullability-warning 
C#: Remove nullability warnings
 2020-04-30 08:38:28 +02:00
Cornelius Riemenschneider
b838426421 Move ArrayLengthAnalysis library to the correct location. 2020-04-29 21:07:44 +02:00
Jason Reed
62c128f9a4 C++: Add QLDoc. 2020-04-29 11:06:06 -04:00
semmle-qlci
2b055de4d6 Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Calum Grant
25d5c81896 C#: Enable nullability for Semmle.Extraction project. Some refactoring required. 2020-04-29 15:59:46 +01:00
Calum Grant
6b8a5606d6 C#: Enable nullability for Autobuild tests project. 2020-04-29 15:27:35 +01:00
Calum Grant
86d032e2ea C#: Remove nullability warning by lifting local function. Warning seems to be caused by a compiler bug. 2020-04-29 15:21:43 +01:00
Jason Reed
e73833eda6 C++: Factor out file encoding predicate 2020-04-29 10:15:26 -04:00
Jason Reed
0500715bc1 C++: Fix docstring in localReferences.ql 2020-04-29 10:15:26 -04:00
Jason Reed
f0a7ff0d9d Exclude ide queries from lgtm suite. 2020-04-29 10:15:26 -04:00
Jason Reed
b341f768de C++: Fix formatting 2020-04-29 10:15:26 -04:00
Jason Reed
3b7fecab93 C++: Fix duplicate query ids 2020-04-29 10:15:26 -04:00
Jason Reed
5390f4b255 C++: Scope tags meant for ide contextual queries 2020-04-29 10:15:26 -04:00
Jason Reed
aa7a0e6879 CPP: Add tags for VS Code jump-to-defition 2020-04-29 10:15:26 -04:00
alexet
6a41028d3a CPP:Add preliminary local jump to def queries 2020-04-29 10:15:26 -04:00
Matthew Gretton-Dann
7d605095a5 C++: Update expected test results 2020-04-29 14:31:35 +01:00
Matthew Gretton-Dann
5b29a49c73 C++: Add library support for consteval 2020-04-29 14:31:35 +01:00
Cornelius Riemenschneider
f83c3452a1 Switch allocation size expression analysis to unconverted result expression. 2020-04-29 15:13:00 +02:00
Anders Schack-Mulligen
29a5ea121a Merge pull request #2901 from ggolawski/java-spring-boot-actuators 
CodeQL query to detect open Spring Boot actuator endpoints
 2020-04-29 15:10:54 +02:00
Cornelius Riemenschneider
64cf0906b5 Address review. 
Most important fix is that VNLength is now restricted to the subset
of value numbers that are Bounds in the RangeAnalysis.
 2020-04-29 15:10:30 +02:00
Erik Krogh Kristensen
2ef13ef6e8 cousing -> sibling 2020-04-29 14:30:03 +02:00
Nick Rolfe
55301b4b2f Merge pull request #3074 from matt-gretton-dann/codeql-c-extractor/50-char8_t 
Add support for C++20's char8_t type.
 2020-04-29 12:15:25 +01:00
Cornelius Riemenschneider
9d2533c8ab Fix bug in handling of subtractions. 2020-04-29 13:07:15 +02:00
Mathias Vorreiter Pedersen
8a1d96b313 Merge pull request #3374 from jbj/PartialDefinition-refactor 
C++: Refactor `PartialDefinition` charpred
 2020-04-29 13:03:40 +02:00
Cornelius Riemenschneider
e6d193294a Experimental library that tracks the length of memory. 
For each pointer, we start tracking (starting from the allocation or an array declaration)
1) how long is the chunk of memory allocated
2) where the current pointer is in this chunk of memory.
This information might not always exist, but when it does, it is reliable.
Currently only works intraprocedurally.
 2020-04-29 12:55:54 +02:00
Cornelius Riemenschneider
55cd0fac5c Move useful helper predicate and types from RangeAnalysis to RangeUtils. 2020-04-29 12:55:54 +02:00
Jonas Jensen
de3fa8e68b Merge pull request #3337 from Cornelius-Riemenschneider/alloc-type 
C++: Allocation.qll: Provide getAllocatedElementType predicate for AllocationExprs.
 2020-04-29 11:55:02 +02:00
Anders Schack-Mulligen
b6a7ab8bf4 Merge pull request #3372 from aibaars/spring-multipart 
Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource
 2020-04-29 11:35:04 +02:00
Matthew Gretton-Dann
a6947e0296 C++: Complete support for char8_t 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann
c0d0f7862b C++: Add DB Upgrade script 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann
52670dd956 C++: Update expected test output. 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann
2d898af2fe C++: Add library support for char8_t type. 2020-04-29 10:18:13 +01:00