hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 00:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jcreedcmu
12f264ca63 Merge pull request #3354 from dbartol/dbartol/Recommendation 
Recommend the CodeQL for VSCode extension
 2020-04-27 10:26:02 -04:00
Esben Sparre Andreasen
04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
 2020-04-27 14:31:13 +02:00
Mathias Vorreiter Pedersen
b1a94d8809 Merge branch 'master' into get-an-assigned-value-join-order 2020-04-27 14:11:30 +02:00
Tom Hvitved
d28c4fb0f5 Merge pull request #3202 from jbj/pathStep-join-unique 
Java/C++/C#: Use `unique` to improve join order fix
 2020-04-27 13:06:27 +02:00
Cornelius Riemenschneider
3f7d68178c Use stripTopLevelSpecifiers() to get the allocated element type for malloc(). 2020-04-27 12:46:14 +02:00
Cornelius Riemenschneider
92e8604fa1 Provide getAllocatedElementType predicate for AllocationExprs. 
This predicate tries to determine the type of the allocated elements of an allocation expression.
 2020-04-27 12:41:19 +02:00
Cornelius Riemenschneider
203315ae33 Assign malloc results in test to variables. 2020-04-27 12:40:35 +02:00
Esben Sparre Andreasen
c0250894de Apply suggestions from code review 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-27 12:37:39 +02:00
Geoffrey White
230e5a3a9a Merge pull request #3326 from Cornelius-Riemenschneider/alloc-size-mul 
C++: Allocation.qll: Analyze common pattern of malloc() invocations to provide more accurate getSizeMult()
 2020-04-27 11:18:54 +01:00
Erik Krogh Kristensen
1ad64bc619 introduce PropRef#mayHavePropertyName 2020-04-27 11:47:51 +02:00
Jonas Jensen
20c956e0a9 Merge pull request #3320 from Semmle/rdmarsh/cpp/taint-tracking-util-port 
C++: move logic from DefaultTaintTracking into TaintTrackingUtil
 2020-04-27 11:34:03 +02:00
Taus
de08433bd3 Merge pull request #3212 from RasmusWL/python-fix-tests-filter 
Python: Fix (some) shortcomings of tests filter
 2020-04-27 11:26:35 +02:00
James Fletcher
73c29ec189 Merge pull request #3346 from jf205/sd-48 
Learn CodeQL docs: add note about path queries to data flow tutorials
 2020-04-27 09:12:51 +01:00
Cornelius Riemenschneider
a50d5b7c6a Accept changed test output. 2020-04-27 09:17:16 +02:00
Esben Sparre Andreasen
0a8e371b0e Update javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.qhelp 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-27 09:09:26 +02:00
semmle-qlci
cbe417f5eb Merge pull request #3336 from erik-krogh/MoarJQuery 
Approved by esbena
 2020-04-25 15:17:55 +01:00
Arthur Baars
59869ace63 Java: teach Encryption.qll about MessageDigest.getInstance 
We already modelled usage of the protected `MessageDigest(String algo)`
constructor as a crypto algorithm specification. For some reason we did
not model the more commonly used public `MessageDigest.getInstance` method.
 2020-04-25 00:41:10 +02:00
Robert Marsh
4eea62cbde Merge pull request #3345 from Cornelius-Riemenschneider/openssl-allocators 
C++: Allocation.qll: Add support for openssl allocation/deallocation functions.
 2020-04-24 14:48:05 -07:00
Dave Bartolomeo
5e09d6d02d Tell GitHub to allow JSON files with comments 2020-04-24 14:04:05 -04:00
Dave Bartolomeo
5180b44e1e Recommend the CodeQL for VSCode extension 
I've added a `.vscode/extensions.json` file that will automatically recommend the CodeQL for Visual Studio Code extension to anyone who opens the repo in VS Code (without the extension already installed).
 2020-04-24 13:46:35 -04:00
Mathias Vorreiter Pedersen
38ebb81036 Merge pull request #3352 from jbj/SuspiciousAddWithSizeof-select 
C++: Speed up SuspiciousAddWithSizeof select
 2020-04-24 18:27:25 +02:00
Jonas Jensen
5917ce60b7 Merge pull request #3342 from dbartol/dbartol/SyncTask 
Add a VS Code task to run `sync-files.py`
 2020-04-24 16:42:44 +02:00
Dave Bartolomeo
c539e84071 Update README.md with VSCode info 2020-04-24 10:36:16 -04:00
Taus
bcb980b3d5 Merge pull request #3302 from RasmusWL/python-str-taint-add-methods 
Python: Add taint for string methods
 2020-04-24 16:29:11 +02:00
Rasmus Wriedt Larsen
b2b0296120 Merge pull request #3242 from BekaValentine/python-objectapi-to-valueapi-incorrectlyoverridenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod
 2020-04-24 16:28:11 +02:00
semmle-qlci
4c7a5007d8 Merge pull request #3314 from RasmusWL/python-model-stdlib-http.server 
Approved by tausbn
 2020-04-24 15:27:21 +01:00
Dave Bartolomeo
97565fd90f Add Sync Identical Files tasks to build group 2020-04-24 10:24:17 -04:00
Jonas Jensen
718f4cd3f9 C++: Speed up SuspiciousAddWithSizeof select 
This `select` clause had become very slow after we started caching
`ElementBase::toString` because the query used string concatenation to
produce alert messages, and those string concatenations were done very
early in the pipeline, producing lots of strings that would be discarded
moments later.

By using `$@` to interpolate elements into strings, the concatenation is
done outside of QL.

Testing on a Chromium snapshot, this commit takes us from

    #select#ff ................ 6m2s

to

    #select#cpe#134#fff ....... 15.2s
 2020-04-24 16:18:18 +02:00
Dave Bartolomeo
8ed8d3ccc5 Merge pull request #3343 from sauyon/sync-files 
sync-files.py: cast line to string before concat
 2020-04-24 10:12:52 -04:00
Mathias Vorreiter Pedersen
98c2fd8401 Merge branch 'master' into get-an-assigned-value-join-order 2020-04-24 15:03:59 +02:00
Taus
266de2efa2 Merge pull request #3348 from RasmusWL/python-random-modernisation 
Python: random modernisations
 2020-04-24 14:18:10 +02:00
Anders Schack-Mulligen
beab320557 Java: Add more qldoc. 2020-04-24 14:17:47 +02:00
Rasmus Wriedt Larsen
2b3025265b Python: Clean up QLdoc 
Co-Authored-By: Taus <tausbn@gmail.com>
 2020-04-24 14:05:02 +02:00
Calum Grant
fcc2b66d1a Merge pull request #3347 from hvitved/csharp/vsvars-test 
C#: Update expected test output
 2020-04-24 12:12:31 +01:00
Rasmus Wriedt Larsen
367ee3e8c4 Python: Modernise security/injection/Path.qll 
And we're making things a bit more clean since it's not *any* argument of `open()` that is a taint-sink.
 2020-04-24 12:03:42 +02:00
Rasmus Wriedt Larsen
67837887c8 Python: Modernise security/injection/Exec.qll 2020-04-24 11:59:05 +02:00
Calum Grant
1f1ac72de8 Merge pull request #3309 from hvitved/csharp/cfg/catch-finally-bug 
C#: Add missing CFG edge from generic `catch` block to `finally` block
 2020-04-24 10:12:53 +01:00
Esben Sparre Andreasen
58b5bd5cfd JS: fixup documentation 2020-04-24 10:56:53 +02:00
semmle-qlci
28cfe548d5 Merge pull request #3325 from erik-krogh/MoreEventClasses 
Approved by asgerf
 2020-04-24 09:02:27 +01:00
semmle-qlci
671e7c6637 Merge pull request #3335 from asger-semmle/js/cached-chained-methods 
Approved by esbena
 2020-04-24 08:28:05 +01:00
Tom Hvitved
6911937ab8 C#: Update expected test output 2020-04-24 09:26:50 +02:00
Esben Sparre Andreasen
f0a05f6a6c JS: change notes 2020-04-24 09:18:16 +02:00
Esben Sparre Andreasen
6d6ec89ba8 JS: add qhelp 2020-04-24 09:18:09 +02:00
Esben Sparre Andreasen
708fd3d73f JS: add query to query suite 2020-04-24 09:17:46 +02:00
Esben Sparre Andreasen
89613dbd23 JS: add query for incomplete HTML attribute sanitization 2020-04-24 09:17:46 +02:00
Mathias Vorreiter Pedersen
7df45a9bb4 Merge pull request #3316 from jbj/arithTypesMatch-perf 
C++: inline arithTypesMatch predicate
 2020-04-24 09:13:02 +02:00
Jonas Jensen
d98e956c2b Merge pull request #3322 from felicitymay/merge-124-master 
Merge rc/1.24 into master
 2020-04-24 08:48:54 +02:00
Rasmus Wriedt Larsen
8878884724 Python: Rewrite web/stdlib/Request.qll QLDoc to be more clear 2020-04-24 08:07:23 +02:00
Rasmus Wriedt Larsen
23f3736b67 Python: Simplify CgiFieldStorageFieldKind.getTaintOfAttribute 2020-04-24 08:04:55 +02:00
Cornelius Riemenschneider
c25eb19b18 Add support for openssl allocation/deallocation functions. 2020-04-24 01:57:14 +02:00