hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 17:04:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
46fc91315b Java/C++/C#: Revert the join order fix from #2872 
This revert brings back the performance problems in
`DataFlowImplLocal.qll` so they can be fixed in a different way. The fix
in #2872 was asymptotically good but had undesired overhead because it
introduced another predicate in the SCC that existed purely for join
ordering.

I did the revert by inlining the helper predicate, eliminating the
`enclosing` variable, and re-ordering the resulting lines to what they
were before #2872.
 2020-04-06 10:04:50 +02:00
Robert
1096e5d947 Merge pull request #3163 from robertbrignull/code_scanning_suites 
Add code-scanning suites
 2020-04-06 08:45:40 +01:00
Rasmus Wriedt Larsen
4ce3d5b748 Merge pull request #3040 from BekaValentine/python-objectapi-to-valueapi-iterreturnsnonself 
Python: ObjectAPI to ValueAPI: IterReturnsNonSelf
 2020-04-06 09:37:40 +02:00
Tom Hvitved
c8c706a0ba C#: Un-deprecate PublicCallableParameterFlowSource 2020-04-06 09:01:44 +02:00
Mathias Vorreiter Pedersen
317734f41e C++: Attach PostUpdateNodes to Chi nodes following aschackmull's suggestion 2020-04-05 22:35:26 +02:00
Jonas Jensen
530d4294b0 Merge remote-tracking branch 'upstream/master' into DefaultTaintTracking-Configuration 2020-04-05 07:27:07 +02:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
54a23a486a C++: Accept test changes for 108d5177b8 2020-04-04 16:46:59 +02:00
Jonas Jensen
d7332644f0 C++: Fix DefinitionByReferenceNode.toString 
This predicate now has a value also for calls to function pointers.
 2020-04-04 15:31:01 +02:00
Jonas Jensen
108d5177b8 C++: Fix two bugs found by @rdmarsh2 
Co-Authored-By: Robert Marsh <rdmarsh2@gmail.com>
 2020-04-04 15:24:44 +02:00
Rebecca Valentine
01aac8273c Python: ObjAPI to ValAPI: WrongNumArgsInCall: Update queries to use objectapi 2020-04-04 03:11:25 -07:00
Rebecca Valentine
8c1aeb24cb Python: ObjAPI to ValAPI: WrongNumArgsInCall: Updates query expected results 2020-04-04 00:57:09 -07:00
Rebecca Valentine
88be3359ac Python: ObjAPI to ValAPI: WrongNumForArgsInCall: Update affected queries to use objectapi 2020-04-04 00:15:10 -07:00
Rebecca Valentine
26bdb9ab04 Python: ObjAPI to ValAPI: WrongNumArgsInCall: Exceptions.qll: Removes extraneous spaces in comments 2020-04-03 20:33:17 -07:00
Rebecca Valentine
bbe7314c17 Python: ObjAPI to ValAPI: WrongNumArgsInCall: Autoformats ObjectAPI.qll 2020-04-03 20:30:24 -07:00
Rebecca Valentine
7615452b31 Python: ObjAPI to ValAPI: WrongNumArgsInCall: Autoformat CallArgs.qll 2020-04-03 20:28:19 -07:00
Rebecca Valentine
1e76720a92 Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-04-03 20:25:53 -07:00
Rebecca Valentine
e0f26d4f7e Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall: Updates expected results 2020-04-03 20:11:42 -07:00
Rebecca Valentine
f25428b7a9 Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall: Exceptions.qll: Fixes incorrect implementation of localRaisedType 2020-04-03 20:08:00 -07:00
Rebecca Valentine
c6fbbb1cd1 Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall: CallArgs.qll: Fixes too_*_args refs to getA*Call 2020-04-03 20:06:43 -07:00
Rebecca Valentine
2ad0f5af2d Python: ObjectAPI to ValueAPI: WrongNumberArgumentsInCall: ObjectAPI.qll: Adds getAFunctionCall and getAMethodCall predicates to FunctionValue 2020-04-03 20:04:32 -07:00
Rebecca Valentine
be86c9c066 Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: ObjectAPI.qll: Explains why getAnInferredReturnType is weird for builtins 2020-04-03 15:16:16 -07:00
Rebecca Valentine
64b17888e5 Python: ObjectAPI to ValueAPI: IterReturnsNonSelf: ObjectAPI.qll: Reorganizes getAnInferredReturnType() 2020-04-03 15:14:25 -07:00
Robert Marsh
316d932829 Merge pull request #3198 from MathiasVP/valuenumbering-provider-new-file 
C++/C#: Prevent accidental import of ValueNumberPropertyProvider
 2020-04-03 13:31:11 -07:00
Grzegorz Golawski
1d8da905ac Make the test runnable via codeql test run 2020-04-03 21:44:13 +02:00
ggolawski
79d7ea36ff Update java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-04-03 21:36:34 +02:00
Jonas Jensen
bb3616e4c4 C++: Add example for globalVarFromId 2020-04-03 17:51:35 +02:00
semmle-qlci
a8098a2b2d Merge pull request #3197 from erik-krogh/NormalPathSanitizer 
Approved by asgerf
 2020-04-03 16:33:18 +01:00
Jonas Jensen
5822cd7b84 C++: Put paths in the remaining LGTM-suite queries 2020-04-03 17:10:47 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
aaebe3687e C++: Fix copy-paste error in convertedExprNode 2020-04-03 16:37:23 +02:00
Jonas Jensen
469bdae9b2 C++: More helpful toString for def. by ref. node 2020-04-03 16:37:23 +02:00
Jonas Jensen
36da2d1dae C++: Manipulate the source end of paths too 
Without this, we get duplicate alerts in some cases and
unnatural-looking source nodes in other cases. The source nodes were
often `Conversion`s.
 2020-04-03 16:37:23 +02:00
Jonas Jensen
e916f07a8e C++: Formatting fixups 2020-04-03 15:52:13 +02:00
Jonas Jensen
427815d3d1 C++: taintedWithPath QLDoc + simplification 2020-04-03 15:52:13 +02:00
Jonas Jensen
3653627650 C++: Let configuration class extend singleton 2020-04-03 15:52:13 +02:00
Erik Krogh Kristensen
9c2053168b writing out the truth table for DotDotSlashPrefixRemovingReplace 2020-04-03 15:46:47 +02:00
Tom Hvitved
8d81b885c6 C#: Unset Platform env variable when invoking vcvarsall.bat 2020-04-03 14:47:34 +02:00
semmle-qlci
676da02118 Merge pull request #3192 from asger-semmle/js/missing-await-not-delete 
Approved by esbena
 2020-04-03 13:21:48 +01:00
Shati Patel
a93aafcab5 Merge pull request #3194 from shati-patel/50-intro-to-ql 
Docs: Include "Introduction to QL" in tutorial topic
 2020-04-03 12:12:00 +01:00
Tom Hvitved
4e2d6c0250 C#: Add missing QL doc 2020-04-03 12:45:56 +02:00
Mathias Vorreiter Pedersen
c54cddead1 C++: Include PrintValueNumbering in testcase 2020-04-03 12:42:06 +02:00
Calum Grant
adde52d33c C#: Add missing files 2020-04-03 11:22:50 +01:00
Jonas Jensen
16c7a35b1c Merge pull request #3195 from geoffw0/taintstring 
C++: Model taint flow through std::string constructor and c_str()
 2020-04-03 12:05:07 +02:00
Erik Krogh Kristensen
94751c1b31 dst can be relative for "../" replace call 2020-04-03 11:08:31 +02:00
Calum Grant
6a26a6542a C#: Remove a function. 2020-04-03 09:42:25 +01:00
semmle-qlci
dc774e0eac Merge pull request #3166 from erik-krogh/DeadLocal 
Approved by asgerf
 2020-04-03 09:36:20 +01:00
Tom Hvitved
08fbd1d2ad C#: Update change notes 2020-04-03 10:25:46 +02:00
Geoffrey White
73bfd819d9 C++: Rename classes. 2020-04-03 09:23:31 +01:00
Geoffrey White
1bcf187c3e C++: Rename Strings.qll -> StdString.qll. 2020-04-03 09:17:33 +01:00