hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 09:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
ce3b196b93 Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:57 +01:00
Esben Sparre Andreasen
b9860d3444 Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:49 +01:00
Esben Sparre Andreasen
d74c16f86c Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-18 10:11:36 +01:00
Jonas Jensen
260bfe7b1d C++: Manual magic in inStaticInitializer 
Since `runtimeExprInStaticInitializer` only looks at expressions at the
top level of an initializer or directly below some number of top-level
aggregate literals, there is no need for `inStaticInitializer` to
include expressions strictly below those in the AST.

I tested this on Wireshark, which has very large static initializers,
but found no measureable difference in run time. There are some
differences in tuple counts and iteration counts, though:

- `inStaticInitializer` changes from 6,241,153 rows (86 iterations) to
  5,031,617 rows (7 iterations).
- `runtimeExprInStaticInitializer` changes from 386,350 rows to 4,705
  rows.
- `hasDynamicInitialization` has 410 rows both before and after, which
  suggests that this change does not affect results.

Even though there is no impact on this snapshot at this time, things
might look different if/when the restriction on aggregate literals to
100 children is removed in the extractor.
 2020-03-18 09:28:45 +01:00
Jonas Jensen
93c6f8f1f7 Merge pull request #3056 from dbartol/dbartol/static-locals 
C++: Model dynamic initialization of static local variables in IR
 2020-03-18 08:16:21 +01:00
Dave Bartolomeo
309ccf3daf C++: Factor out common code to avoid recursion 2020-03-17 18:44:29 -04:00
Dave Bartolomeo
772324fafa C++: Add comment with IR for dynamic init of static var 2020-03-17 18:44:00 -04:00
Dave Bartolomeo
709757f7f2 Merge remote-tracking branch 'upstream/master' into dbartol/static-locals 2020-03-17 18:35:13 -04:00
Taus
46567a5842 Merge pull request #3029 from BekaValentine/python-objectapi-to-valueapi-handles 
Python: ObjectAPI to ValueAPI: Handles
 2020-03-17 22:37:27 +01:00
Rebecca Valentine
f351916418 Merge branch 'master' into testmerge 2020-03-17 12:32:45 -07:00
Taus
ca26feefbf Merge pull request #2978 from BekaValentine/python-objectapi-to-valueapi-illegalexceptionhandlertype 
Python: ObjectAPI to ValueAPI: IllegalExceptionHandlerType
 2020-03-17 17:56:34 +01:00
Rebecca Valentine
a7a64952e2 Python: ObjectAPI.qll: Fixes docstring 2020-03-17 09:48:54 -07:00
Robert Marsh
84a74f406a Merge pull request #3002 from theopolis/cpp-linux-drop-privileges-outoforder 
CPP: Add query for CWE-273 that detects out-of-order setuid
 2020-03-17 09:10:51 -07:00
Robert Marsh
3a66b04e7a C#: add debug switch to IRConfiguration 2020-03-17 08:51:00 -07:00
Dave Bartolomeo
9cc3cda58e C++: Model varargs in IR, Part I 
This change introduces a new synthesized `IRVariable` in every varargs function. This variable represents the entire set of arguments passed to the ellipsis by the caller. We give it an opaque type big enough hold all of the arguments passed by the largest vararg call in the database. It is treated just like any other parameter. It is initialized the same, it has indirect buffers, etc.

I had to introduce a couple new APIs to `Call` and `Function`. The QLDoc comments should explain these. I added tests for these new APIs as well.

The next step will be to change the IR generation for the `va_*` macros to manipulate the ellipsis parameter.
 2020-03-17 11:11:48 -04:00
Tom Hvitved
2e8bd5ccba Data flow: Sync files 2020-03-17 15:16:12 +01:00
Tom Hvitved
0645940a5c Address review comments 2020-03-17 15:16:01 +01:00
semmle-qlci
8792d0d248 Merge pull request #3070 from erik-krogh/DataPerf 
Approved by asgerf
 2020-03-17 13:47:09 +00:00
semmle-qlci
fa08258c14 Merge pull request #3036 from erik-krogh/CustomTrack 
Approved by asgerf
 2020-03-17 13:44:51 +00:00
semmle-qlci
ea46873bfe Merge pull request #3065 from erik-krogh/PathSinks 
Approved by esbena
 2020-03-17 13:00:00 +00:00
Pavel Avgustinov
1472bf0c11 Merge pull request #3078 from jbj/contributing-supported-2 
Docs: refactor guidelines for new queries
 2020-03-17 12:46:28 +00:00
Erik Krogh Kristensen
9403026fff add change note 2020-03-17 11:48:02 +01:00
Erik Krogh Kristensen
1dfe9e9c2a changes based on review 2020-03-17 11:28:29 +01:00
Erik Krogh Kristensen
9a3176d3cc Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-03-17 11:26:35 +01:00
Esben Sparre Andreasen
380f66cb19 JS: rename Mongoose::CommonInterfase -> Mongoose::InvokeNode 2020-03-17 11:25:05 +01:00
Erik Krogh Kristensen
095d4d711a change import to an absolute import to fix warning 2020-03-17 11:21:46 +01:00
James Fletcher
55f9034712 Merge pull request #3080 from jf205/migration-tidy-links 
CodeQL docs: tidy up a few links
 2020-03-17 09:42:21 +00:00
James Fletcher
07e52d3b96 Merge pull request #3055 from jf205/codeql-migration-2162 
CodeQL docs: update titles and small content changes (CodeQL queries)
 2020-03-17 09:21:49 +00:00
Anders Schack-Mulligen
9c9e302a73 Java: Add URLDecoder.decode as taint step. 2020-03-17 10:19:02 +01:00
james
d615c58060 docs: tidy up a few links 2020-03-17 09:06:32 +00:00
Erik Krogh Kristensen
d7b69fcfea autoformat 2020-03-17 09:52:08 +01:00
Jonas Jensen
9899d46999 Docs: refactor guidelines for new queries 2020-03-17 08:24:03 +01:00
Robert Marsh
de2d23b432 C++/C#: autoformat 2020-03-16 17:25:53 -07:00
Rebecca Valentine
ff6e0ce35c Python: UnguardedNextInGenerator.ql: Excludes next with default value 2020-03-16 17:08:06 -07:00
Rebecca Valentine
68c455cd97 Python: IncorrectExceptOrder.ql: Autoformats w/ new QL indentation 2020-03-16 16:52:48 -07:00
Rebecca Valentine
c7a2925620 Python: Exceptions.qll: Clean up handleObject again 2020-03-16 14:52:51 -07:00
Rebecca Valentine
34ab4efeda Python: ObjectAPI.qll: getOrigin now returns a CFG 2020-03-16 14:52:23 -07:00
Rebecca Valentine
45e47b92a0 Python: IllegalExceptionHandlerType.ql: Autoformats 2020-03-16 14:48:05 -07:00
james
d35d440624 docs: address review comments 2020-03-16 21:39:17 +00:00
Esben Sparre Andreasen
7dc80664e6 Merge pull request #3045 from Semmle/esbena-patch-2 
JS: loosen qldoc for `barrierGuardIsRelevant`
 2020-03-16 22:28:22 +01:00
Esben Sparre Andreasen
b75486bb58 JS: refactor NoSQL::Mongoose. Introduce Mongoose::CommonInterface 2020-03-16 22:12:30 +01:00
Esben Sparre Andreasen
833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
Rebecca Valentine
5d55db116b Python: Exceptions.qll: Updates handledObject to use getOrigin 2020-03-16 11:24:55 -07:00
Rebecca Valentine
787b80f9ae Python: ObjectAPI.qll: Adds getOrigin predicate 2020-03-16 11:24:22 -07:00
Erik Krogh Kristensen
7145a57db3 refactor StepSummary into an internal .qll 2020-03-16 17:52:04 +01:00
Jonas Jensen
b7dc26e27d Merge pull request #3072 from geoffw0/gezero2 
C++: Improvement to cpp/unsigned-comparison-zero
 2020-03-16 17:00:38 +01:00