hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shati Patel
28e5904079 Merge pull request #3149 from Semmle/jf205-patch-2 
Change 'Set Literals' to 'Set literals'
 2020-03-27 16:47:58 +00:00
James Fletcher
2c571d3655 Update language.rst 2020-03-27 16:40:48 +00:00
Jonas Jensen
710eb0cab9 C++: Replace "min = max" with "unique" 
With the new `unique` aggregate added to QL, we can express directly
what the "min = max" pattern emulates.

Replacing "min and max" with `unique` might in general lead to fewer
results, but that happens only in cases where the aggregate expression
has multiple values. For the three predicates changed in this commit,
that should only happen on malformed databases.
 2020-03-27 17:15:09 +01:00
Peter Stöckli
c6688eb349 Fix OpenStream documentation 2020-03-27 17:08:49 +01:00
Peter Stöckli
3de00443ff Review feeback for OpenStream 2020-03-27 17:06:58 +01:00
Rasmus Wriedt Larsen
d55acc38df Python: Constrain execution paths for taint_at_depth 
Thanks Taus!
 2020-03-27 16:20:08 +01:00
Erik Krogh Kristensen
4864e77430 Merge branch 'master' of git.semmle.com:Semmle/ql into UrlSearch 2020-03-27 15:59:29 +01:00
Philip Ginsbach
a91a5c3db9 "aggregation yields" => "query returns" 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:50:41 +00:00
Philip Ginsbach
23e4ae3f49 "and hence" => ", so" 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:50:07 +00:00
Philip Ginsbach
3406ee72ee Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:49:45 +00:00
Philip Ginsbach
811bc01d1e the `expression => <expression>` 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:49:23 +00:00
Philip Ginsbach
c91c3f24a0 fixed typo "the the" 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 14:47:57 +00:00
Dave Bartolomeo
3039aaf4f3 C++: Fix test expectations for complex literals 2020-03-27 10:33:19 -04:00
Shati Patel
0b62a1d980 Merge pull request #3144 from ginsbach/setliteralhandbook 
Mention set literals in handbook
 2020-03-27 14:25:56 +00:00
Peter Stöckli
5e62a6bebe Move CWE-036 directory to experimental 2020-03-27 15:10:15 +01:00
Peter Stöckli
74fc416a35 Merge branch 'master' into cwe-036 2020-03-27 14:54:41 +01:00
Erik Krogh Kristensen
0ebbd80745 autoformat 2020-03-27 14:54:34 +01:00
Philip Ginsbach
73845923aa Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-03-27 13:34:20 +00:00
Philip Ginsbach
90b82a0905 unique in aggregate section 2020-03-27 13:09:35 +00:00
Henning Makholm
875a70c0a3 Merge pull request #3129 from ginsbach/master 
Set Literal in QL
 2020-03-27 14:02:55 +01:00
Philip Ginsbach
d979bd958b better wording for the unique aggregate 2020-03-27 13:01:50 +00:00
james
a6cfdfe8e3 docs: small change to codeql training landing page 2020-03-27 13:00:26 +00:00
james
b4b1903642 docs: simplify 'learning codeql' landing page 2020-03-27 13:00:26 +00:00
james
76f344638e docs: 'What's new' -> 'Further reading' 2020-03-27 13:00:26 +00:00
james
deb657acdb docs: tidy up 'codeql for x' pages 
Manually construct tocs including intro text.
Fix a few intros and titles.
 2020-03-27 13:00:00 +00:00
Philip Ginsbach
05be9b82a2 better wording for type compatibilit 2020-03-27 12:56:37 +00:00
Philip Ginsbach
135a288bed Update docs/language/ql-handbook/expressions.rst 
Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-03-27 12:55:42 +00:00
semmle-qlci
fad902fc9b Merge pull request #3095 from erik-krogh/MorePerf 
Approved by asgerf
 2020-03-27 12:51:37 +00:00
Mathias Vorreiter Pedersen
5ba5791ec6 C++: Only allow flow through non-conflated chi instructions 2020-03-27 13:37:17 +01:00
Mathias Vorreiter Pedersen
580310f321 Merge branch 'master' into ir-flow-fields 2020-03-27 13:32:26 +01:00
semmle-qlci
9b3400337b Merge pull request #3130 from erik-krogh/PreciseSteps 
Approved by asgerf
 2020-03-27 12:18:28 +00:00
Philip Ginsbach
1b4df6e24c whitespace fix 2020-03-27 11:53:19 +00:00
Philip Ginsbach
8e873f35ac mention set literals in handbook 2020-03-27 11:51:03 +00:00
Philip Ginsbach
f9442211bf unique aggregate in handbook and reference 2020-03-27 11:31:25 +00:00
Mathias Vorreiter Pedersen
7890a322c8 C++/C#/Java: Sync identical files 2020-03-27 11:51:38 +01:00
Mathias Vorreiter Pedersen
9ab8580ca7 Data flow: No magic in parameterThroughFlowCand 2020-03-27 11:51:10 +01:00
Rasmus Wriedt Larsen
8aadb8bd06 Python: Fix iterable-unpacking tests 2020-03-27 11:42:37 +01:00
semmle-qlci
1975a83cdd Merge pull request #3116 from max-schaefer/js/postgres-type-tracking 
Approved by asgerf
 2020-03-27 09:23:52 +00:00
Erik Krogh Kristensen
58af63d8cc add test case for XSS on url suffix 2020-03-27 10:02:24 +01:00
Erik Krogh Kristensen
d3e1a258fa autoformat 2020-03-27 09:34:56 +01:00
Erik Krogh Kristensen
be11418c77 autoformat 2020-03-27 00:18:41 +01:00
Robert Marsh
968ddc6274 Merge pull request #3137 from jbj/DefaultTaintTracking-argv 
C++: Never track flow out of an argv argument
 2020-03-26 15:29:52 -07:00
Calum Grant
b94b4b7c91 C#: Fix tests 2020-03-26 20:40:40 +00:00
Calum Grant
8a968dac81 C#: Enable nullability in Semmle.Util 2020-03-26 20:10:21 +00:00
Jonas Jensen
95f116eb48 Merge branch 'DefaultTaintTracking-argv' into dataflow-indirect-args 2020-03-26 20:47:50 +01:00
Jonas Jensen
2801941ca2 C++: Never track flow out of an argv argument 
This change removes some duplicate results that will otherwise appear
due to https://github.com/Semmle/ql/pull/3123 and possibly
https://github.com/Semmle/ql/pull/2704.
 2020-03-26 20:40:16 +01:00
Calum Grant
782f2b5b50 Merge pull request #3073 from hvitved/csharp/null-maybe-fp 
C#: Add test for `cs/dereferenced-value-may-be-null`
 2020-03-26 18:55:54 +00:00
Dave Bartolomeo
7879dde8b8 Merge pull request #3097 from jbj/detect-conflated-memory 
C++: Implement Instruction.isResultConflated
 2020-03-26 14:52:47 -04:00
Rasmus Wriedt Larsen
96d1fc8c0b Python: Fix iterable-unpacking taint CP 
When running ql/python/ql/src/Security/CWE-079/ReflectedXss.ql against the
database for flask.

Iitially there were 10 million result-tuples for iterable_unpacking_descent.

With this change, we're down to roughly 2100,
 2020-03-26 16:42:48 +01:00
Calum Grant
71e0dc087b C#: General code tidy. 2020-03-26 15:35:31 +00:00