hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 09:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
44c66a3b09 C++: Fixup test .expected files after merge. 2020-03-16 15:45:29 +00:00
Erik Krogh Kristensen
cd6fe8115d Update javascript/ql/src/semmle/javascript/Promises.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-16 16:27:50 +01:00
Geoffrey White
034f7cc948 Merge branch 'master' into model-gets 2020-03-16 15:12:36 +00:00
Calum Grant
945418869d Merge pull request #3022 from hvitved/csharp/autobuild/dotnet-clean-try 
C#: Ignore `dotnet clean` exit code in autobuilder
 2020-03-16 15:10:32 +00:00
Taus Brock-Nannestad
c724b17368 Python: Fix up regression comment. 2020-03-16 16:01:05 +01:00
Tom Hvitved
fb2b239db7 C#: Add test for cs/dereferenced-value-may-be-null 2020-03-16 15:38:29 +01:00
Geoffrey White
40db92bfd1 C++: Change note. 2020-03-16 13:22:00 +00:00
Geoffrey White
2cee756587 C++: Support the mirror case with <=. 2020-03-16 13:22:00 +00:00
Geoffrey White
3c96b09d47 C++: Behaviour preserving transform. 2020-03-16 13:22:00 +00:00
Geoffrey White
dcf2f7f19c C++: Add some test cases for the mirror case, with <=. 2020-03-16 13:22:00 +00:00
Geoffrey White
3d8633f701 C++: Additional test cases for the recursive bit of UnsignedGEZero. 2020-03-16 13:22:00 +00:00
Nick Rolfe
17c57dcb4c Merge pull request #2971 from matt-gretton-dann/codeql-c-extractor/40-spaceship 
C++20 Add DB Support for the <=> operator
 2020-03-16 12:07:58 +00:00
semmle-qlci
eb7d8092a6 Merge pull request #3064 from asger-semmle/js/typescript-semantic-errors 
Approved by erik-krogh
 2020-03-16 11:57:55 +00:00
Taus Brock-Nannestad
dda32abd6a Python: Fix test result for pruning test. 2020-03-16 12:55:12 +01:00
Taus Brock-Nannestad
5579dfb976 Python: Fix comment based on review. 2020-03-16 12:49:46 +01:00
Taus Brock-Nannestad
81f6877727 Python: Fix up tests. 2020-03-16 12:48:41 +01:00
james
42b6c116aa docs: open-source -> open source 2020-03-16 11:47:16 +00:00
james
b7f87225d9 docs: update links following titles changes 2020-03-16 11:47:16 +00:00
james
764303acb5 docs: rework 'CodeQL queries' landing page 2020-03-16 11:47:16 +00:00
james
ff07f3d3b7 docs: 'About CodeQL queries' content updates 2020-03-16 11:47:16 +00:00
james
6721495160 docs: retitle locations 2020-03-16 11:47:16 +00:00
james
8055e91a5c docs: update titles and intros (writing codeql queries) 2020-03-16 11:42:16 +00:00
Taus Brock-Nannestad
2d8f3bb033 Python: Use TUnknown instead of TUnknownInstance. 2020-03-16 11:34:54 +01:00
Erik Krogh Kristensen
f2548aa3b1 add more models for file related sinks and sources 2020-03-16 11:07:23 +01:00
Erik Krogh Kristensen
557b642a8e add isRelevant check on flowStep predicate 2020-03-16 11:01:20 +01:00
Matthew Gretton-Dann
3465c96c12 C++: Update DB Stats 2020-03-16 09:58:02 +00:00
Matthew Gretton-Dann
b325bce4c6 C++: Add upgrade script 2020-03-16 09:58:02 +00:00
Matthew Gretton-Dann
06accfe72b C++: Add support for the spaceship operator 2020-03-16 09:58:02 +00:00
Matthew Gretton-Dann
c5b3df1eb2 C++: Update expression precedences 
The spaceship (<=>) operator adds a new row to the C++ precendence
table.  In preparation for that shift the necessary precedences up one
to create a suitable hole.

Note: In investigations I belive precedence 14 was not used.  However,
in order to make review easier I have kept that gap.
 2020-03-16 09:54:59 +00:00
Jonas Jensen
5b20133415 Merge pull request #3067 from theopolis/cpp-additional-commandexec-apis 
Add execve to CommandExecution
 2020-03-16 10:33:20 +01:00
Ted Reed
429b07a95d Add execve to CommandExecution 2020-03-15 20:35:46 -04:00
semmle-qlci
1d4dd2b2f7 Merge pull request #3057 from esbena/js/infer-this-as-exports 
Approved by asgerf
 2020-03-15 12:55:12 +00:00
Asger Feldthaus
b2f008ea9e JS: Dont report TypeScript diagnostics by default 2020-03-15 12:06:08 +00:00
semmle-qlci
7e093a8e5c Merge pull request #3041 from erik-krogh/JQueryAjax 
Approved by esbena
 2020-03-14 22:31:59 +00:00
semmle-qlci
ff03478ae8 Merge pull request #3049 from asger-semmle/js/fix-cyclic-join 
Approved by erik-krogh
 2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen
486efbab77 refactor based on review 2020-03-14 14:53:38 +01:00
Erik Krogh Kristensen
4f39c28741 Merge branch 'master' of git.semmle.com:Semmle/ql into CustomTrack 2020-03-14 14:37:52 +01:00
semmle-qlci
20cae302fd Merge pull request #3054 from erik-krogh/NoDeferred 
Approved by asgerf
 2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen
4d6aa20990 Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks 
JS: Mongoose and MongoDB improvements
 2020-03-14 12:31:43 +01:00
Robert Marsh
e9459992a1 Merge pull request #3061 from MathiasVP/fix-constant-comparison 
C++: Fix getValue in SimpleRangeAnalysis
 2020-03-13 11:13:22 -07:00
Geoffrey White
cecbdae3e1 C++: Change note. 2020-03-13 17:58:31 +00:00
Mathias Vorreiter Pedersen
09984a4068 C++: The extractor already provides the getValue result when the variable is a local variable. Thus we can simplify the QL code. 2020-03-13 17:57:01 +01:00
Mathias Vorreiter Pedersen
e1942bbee1 C++: Fix false positives 2020-03-13 17:09:57 +01:00
Mathias Vorreiter Pedersen
cc25298f67 C++: Demonstrate false positives when a const variable is initialized in a parameter list 2020-03-13 17:00:54 +01:00
Felicity Chapman
8b8104a338 Merge pull request #3059 from felicitymay/2166-part-2-python 
Update link text for remaining links to Python topics
 2020-03-13 15:40:24 +00:00
Esben Sparre Andreasen
2fac7434df JS: infer this to be module.exports in node modules 2020-03-13 14:10:35 +01:00
Esben Sparre Andreasen
ae8d38236b JS: add some tests for this 2020-03-13 14:09:23 +01:00
Tom Hvitved
f935f5eaca Data flow: Sync files 2020-03-13 13:58:05 +01:00
Tom Hvitved
17e904f0f6 Data flow: Refactoring + performance improvements 
- Introduce `ReadTaintNode` and `TaintStoreNode` to simplify logic for taint
  getters and taint setters, respectively.
- `nodeCandFwd2`: Restrict `stored` column after a read, based on what it might
  be before a store of the same field.
- `nodeCand2`: Restrict `read` column (renamed from `stored`) after a store, based
  on what it might be after a read of the same field.
- Move big step predicates into a `LocalFlowBigStep` module.
- Define predicates by dispatch in `AccessPath[Front]` class.
- `flowCandFwd0`: Restrict `apf` column after a read, as it should be able to match
  a Boolean `read` column from `nodeCand2`.
- `flowFwd0`: Restrict columns `ap` and `apf` after a read, by introducing a
  `flowConsCandFwd` predicate (similar to what is done in the previous pruning steps).
- `flowFwd0`: Restrict columns `ap` and `apf` after a store, by introducing a
  `flowConsCand` predicate (similar to what is done in the previous pruning steps).
 2020-03-13 13:58:05 +01:00
Anders Schack-Mulligen
9fc75f1f92 Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00