hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 17:34:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,683 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
f24f03e1f8 JS: add mongodb .connect tests 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
e61f522f30 JS: bump change notes for mongodb 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
21e6e69f22 JS: support mongodb v3 (minimally) 
https://github.com/github/codeql-javascript-team/issues/79
 2020-03-10 09:57:45 +01:00
Mathias Vorreiter Pedersen
8b467eb9a7 C++: Allow multiple results in getValue 2020-03-10 09:50:28 +01:00
Felicity Chapman
d54a9c9630 Merge branch 'rc/1.23' into merge-123-master 2020-03-10 08:45:22 +00:00
Rebecca Valentine
7ce905a310 Python: Adds preliminary modernization 2020-03-09 19:29:47 -07:00
Rebecca Valentine
bbeefd5747 Python: Modernizes query 2020-03-09 19:21:31 -07:00
Rebecca Valentine
047c328c58 Update python/ql/src/semmle/python/objects/ObjectAPI.qll 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 19:20:08 -07:00
Rebecca Valentine
e8708a083f Python: Modernizes query and expecteds 2020-03-09 19:13:54 -07:00
Rebecca Valentine
48e67bca51 Python: Modernizes query 2020-03-09 18:57:42 -07:00
Rebecca Valentine
810efc5ca2 Python: Adds Rasmus's suggestion 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 16:21:34 -07:00
Rebecca Valentine
f4f8c6e1e5 Python: Swaps out element_from_tuple 2020-03-09 16:20:22 -07:00
Taus
be09c17367 Merge pull request #2990 from BekaValentine/python-objectapi-to-valueapi-raisingtuple 
Python: ObjectAPI to ValueAPI: RaisingTuple
 2020-03-10 00:16:12 +01:00
Taus
96e99f55ad Merge pull request #2976 from BekaValentine/python-objectapi-to-valueapi-emptyexcept 
Python: ObjectAPI to ValueAPI: EmptyExcept
 2020-03-09 23:56:27 +01:00
Taus
b51e2a9e80 Merge pull request #2977 from BekaValentine/python-objectapi-to-valueapi-catchingbaseexception 
Python: ObjectAPI to ValueAPI: CatchingBaseException
 2020-03-09 22:54:50 +01:00
Mathias Vorreiter Pedersen
1a5282ae21 C++: Add testcase that previously resulted in a false positive 2020-03-09 22:33:59 +01:00
Mathias Vorreiter Pedersen
525a00098e C++: Address review comments 2020-03-09 22:16:05 +01:00
Dave Bartolomeo
9fae2faaeb Merge pull request #2994 from jbj/IRSanity-separate-file 
C++: Move InstructionSanity out of Instruction.qll
 2020-03-09 16:34:36 -04:00
Rebecca Valentine
c9c469b201 Python: Modernizes queries 2020-03-09 12:52:33 -07:00
Rebecca Valentine
6a1203a60f Python: Adds modernized predicates 2020-03-09 12:52:15 -07:00
Rebecca Valentine
6636f72e07 Python: Moves more predicates over to suffixed form 2020-03-09 11:59:44 -07:00
Rebecca Valentine
6d10c47cba Python: Moves predicates over to suffixed form 2020-03-09 11:56:57 -07:00
Erik Krogh Kristensen
ad52d6446e add test case for tuple-like use 2020-03-09 19:47:05 +01:00
Rebecca Valentine
bf92cee1b1 Python: Updates expected results 2020-03-09 11:16:58 -07:00
Erik Krogh Kristensen
981eef2587 expose arrayFunctionTaintStep in TaintTracking.qll 2020-03-09 17:22:29 +01:00
Erik Krogh Kristensen
509941649c remove redundant qldoc, and change parameter names to better reflect behavior 2020-03-09 17:20:12 +01:00
Erik Krogh Kristensen
a476fc5c3b revert Array.from change 2020-03-09 17:09:31 +01:00
Rasmus Wriedt Larsen
a38fd2d3d1 Python: Use unambiguous name getCallNode 2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen
a9674ef6e8 Python: Resolve autoformat ugliness 2020-03-09 16:54:55 +01:00
Erik Krogh Kristensen
68ffd52d4c update expected output 2020-03-09 16:45:10 +01:00
Erik Krogh Kristensen
b4b05696e1 two bugfixes 2020-03-09 16:45:03 +01:00
semmle-qlci
155985c77d Merge pull request #3024 from max-schaefer/js/move-portals-to-experimental 
Approved by asgerf
 2020-03-09 15:39:36 +00:00
Rasmus Wriedt Larsen
31cfb1689c Python: Fix minor bug in modernisation-rewrite 
Obviously the result module shouldn't be a package 🤦 I was confusing
myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D
 2020-03-09 15:49:08 +01:00
Mathias Vorreiter Pedersen
6dee7061a0 C++: Handle constant variable accesses in SimpleRangeAnalysis.qll 2020-03-09 15:44:32 +01:00
Rasmus Wriedt Larsen
0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen
cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00
Tom Hvitved
6a10516c1e Merge pull request #3021 from aschackmull/dataflow/partial-path-perf 
Java/C++/C#: Fix performance issue in partial paths exploration.
 2020-03-09 15:04:33 +01:00
Max Schaefer
3c785ecaa7 JavaScript: Move flow summaries to experimental. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Asger F
5a1bf94994 Merge pull request #2987 from asger-semmle/js/urls-not-sensitive-data 
JS: Declassify sensitive exprs with special characters
 2020-03-09 12:29:47 +00:00
Asger Feldthaus
6c1f98a5ae JS: Update vague variable name 2020-03-09 11:58:38 +00:00
Tom Hvitved
a2269158df C#: Ignore dotnet clean exit code in autobuilder 2020-03-09 12:00:28 +01:00
Calum Grant
250afda7da Merge pull request #2831 from hvitved/csharp/local-function-fresh-label 
C#: Generate fresh TRAP ID for local functions
 2020-03-09 10:46:45 +00:00
Anders Schack-Mulligen
a2bbacf58d Java/C++/C#: Fix performance issue in partial paths exploration. 2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen
4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen
f491fcd5ae Java/C++/C#: Sync. 2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen
7a74634cfd Java/C++/C#: Simplify. 2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen
cf84a53573 Java/C++/C#: Fix bug in type pruning. 2020-03-09 11:04:24 +01:00
Erik Krogh Kristensen
0f0187d585 move Array.from to ArrayCreationNode 2020-03-09 10:26:21 +01:00
Erik Krogh Kristensen
dc4e361d75 add data-flow steps for arrays 2020-03-09 09:53:08 +01:00
Erik Krogh Kristensen
8e3cf5c9c8 add test for data-flow on arrays 2020-03-09 09:25:17 +01:00