hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 08:54:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
5b5f9adfc6 C#: Add missing CFG edge from generic catch block to finally block 2020-04-23 08:45:11 +02:00
Tom Hvitved
bd075a7de0 C#: Add CFG test 2020-04-23 08:45:11 +02:00
Esben Sparre Andreasen
161c05dced Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-04-23 08:41:54 +02:00
Mathias Vorreiter Pedersen
cfecc9cafa Merge pull request #3319 from jbj/Declaration-not-abstract 
C++: Make `Declaration` not abstract
 2020-04-23 08:36:18 +02:00
Mathias Vorreiter Pedersen
7b51d0c8a5 C++: Remove unnecessary part of comment 2020-04-23 08:35:44 +02:00
Cornelius Riemenschneider
293e6466d4 AllocationExpr.getSizeMult() now analyzes the size expression of function calls. 
This yields more precise size information in a lot of the common cases of C allocation code,
as the common pattern malloc(count * sizeof(type)) is now understood.
 2020-04-23 02:05:31 +02:00
Cornelius Riemenschneider
247fc42ec5 Add tests that show AllocationExpr.getSizeMult() behaviour. 2020-04-23 02:02:57 +02:00
Robert Marsh
0dc797d288 C++: autoformat ModelUtil.qll 2020-04-22 16:14:58 -07:00
Robert Marsh
ac22e7950c C++: autoformat FlowSources.qll 2020-04-22 16:11:33 -07:00
Robert Marsh
471f536326 Merge pull request #3307 from dbartol/dbartol/BinaryConditional 
C++: IR translation for binary conditional operator
 2020-04-22 15:01:16 -07:00
Erik Krogh Kristensen
6ada588dd1 add support for util.inherits 2020-04-22 22:55:12 +02:00
Erik Krogh Kristensen
957e4073b0 use getABoundCallbackParameter in SocketIO 2020-04-22 21:56:34 +02:00
Erik Krogh Kristensen
40822e10b4 add SocketIO test case 2020-04-22 21:55:20 +02:00
Tom Hvitved
5a2dcc591c Merge pull request #3317 from Semmle/revert-2814-cs/unqualify-trap-ids 
Revert "C#: Improve db consistency by removing assembly id"
 2020-04-22 20:46:35 +02:00
Felicity Chapman
89bf35cd43 Merge branch 'rc/1.24' into merge-124-master 
Conflicts:
	change-notes/1.24/analysis-javascript.md
    Resolved in favor of the rc/1.24 branch
 2020-04-22 19:01:47 +01:00
Taus
cf9114761f Merge pull request #3321 from felicitymay/1.24/move-python-change-notes 
1.24: Move python change notes into rc/1.24 branch
 2020-04-22 19:42:12 +02:00
Felicity Chapman
523f1068b8 Editorial suggestions 
We don't hyphenate "QL-library" and there were a few typos. Feel free to further revise this if I've changed the meaning too much.

As discussed separately, I was unable to raise this as a PR in GitHub.com and had to resort to a direct commit.

(cherry picked from commit e29468135d)
 2020-04-22 18:15:43 +01:00
Taus
ac8cca37e8 Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
(cherry picked from commit 44b570f7b6)
 2020-04-22 18:15:43 +01:00
Taus Brock-Nannestad
63234aae40 Python: Finalise change notes for 1.24. 
(cherry picked from commit e97d88c158)
 2020-04-22 18:15:42 +01:00
Rebecca Valentine
89752f4b55 Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-04-22 09:52:33 -07:00
Rebecca Valentine
9cd2171fb8 Merge branch 'master' into python-objectapi-to-valueapi-incorrectlyoverridenmethod 2020-04-22 09:40:33 -07:00
Rebecca Valentine
d5c44d8513 Merge pull request #3315 from tausbn/python-finalise-1.24-change-notes 
Python: Finalise change notes for 1.24.
 2020-04-22 09:15:54 -07:00
Dave Bartolomeo
163ecd97de Merge pull request #3277 from geoffw0/rangeshift 
C++: Support for & and >> in SimpleRangeAnalysis
 2020-04-22 11:36:36 -04:00
Jonas Jensen
448bd2be87 C++: Make Declaration not abstract 
It looks like this change will stop `SignedOverflowCheck.ql` from
needlessly re-evaluating several cached stages.
 2020-04-22 17:34:18 +02:00
Rasmus Wriedt Larsen
22096c36b9 Python: Add standard HttpSources tests for BaseHTTPRequestHandler 2020-04-22 17:28:49 +02:00
Rasmus Wriedt Larsen
51a9094064 Python: Add sinks for http.server.BaseHTTPRequestHandler 2020-04-22 17:28:27 +02:00
Shati Patel
321eb44370 Highlight "unique" as a keyword 2020-04-22 15:54:50 +01:00
Felicity Chapman
e29468135d Editorial suggestions 
We don't hyphenate "QL-library" and there were a few typos. Feel free to further revise this if I've changed the meaning too much.

As discussed separately, I was unable to raise this as a PR in GitHub.com and had to resort to a direct commit.
 2020-04-22 15:48:01 +01:00
Tom Hvitved
8c0c283811 Revert "C#: Improve db consistency by removing assembly id" 2020-04-22 16:32:13 +02:00
Rasmus Wriedt Larsen
a27431e197 Python: Add module level QLDoc in web/stdlib/Request.qll 2020-04-22 16:22:03 +02:00
Taus
44b570f7b6 Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-04-22 16:03:20 +02:00
Jonas Jensen
7a3663976b C++: inline arithTypesMatch predicate 
This predicate is effectively a Cartesian product between all enum
types. It's infeasible to compute it in full, so luckily the optimizer
has been able to apply enough magic to make it feasible. That's not a
robust solution, and it has indeed broken on at least one version of the
1.24 release candidate.

On a Chromium snapshot where I ran the LGTM suite overnight, the
`m#MistypedFunctionArguments::arithTypesMatch#bb` predicate (magic for
`arithTypesMatch`) took 170m5s. That was commit b69fdf5 from the
internal repo. I tried to reproduce it in VSCode, this time with commit
646646, but it wasn't quite as bad: the predicate took only 38 seconds.
In any case, making the problematic predicate `pragma[inline]` removes
the slow magic and makes the `MistypedFunctionArguments.ql` query
faster.
 2020-04-22 15:14:07 +02:00
Taus Brock-Nannestad
e97d88c158 Python: Finalise change notes for 1.24. 2020-04-22 14:31:04 +02:00
Esben Sparre Andreasen
a0e6562208 JS: address review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2747e2a0c7 JS: formatting 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2186ca7efc JS: address non-semantic review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
27e5fce0ed JS: make the default PoIConfiguration/enabled inclusive 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
3b45bcd285 JS: remove the standard PoI configurations 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
dd6378f1d0 JS: address PoI review comments 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
b2ca3d2bdc JS: improve PoI::alertQuery docstring 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
a386d2dcee JS: add missing expected output 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
607d46e2f9 JS: improve PoI tests 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
c407cc072e JS: autoformat 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
e4ea089a0b JS: add experimental PoI module 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
ec73c97422 JS: refactor ClassifyFiles.qll from ClassifyFiles.ql 2020-04-22 14:24:34 +02:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Dave Bartolomeo
66381e89ef C++: Add comment from PR feedback 2020-04-22 08:11:43 -04:00
Erik Krogh Kristensen
0a29d132d0 reuse existing logic in DomBasedXss 2020-04-22 13:50:43 +02:00
Rasmus Wriedt Larsen
6b84137a92 Python: Model cgi.FieldStorage (parsing of submitted forms) 2020-04-22 11:37:47 +02:00
Rasmus Wriedt Larsen
1ecfa2eb55 Merge pull request #3278 from tausbn/python-fix-warnings 
Python: Fix remaining deprecation warnings.
 2020-04-22 11:33:16 +02:00