hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 10:24:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,684 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rebecca Valentine
04951faf86 autoformat 2020-02-25 09:43:51 -08:00
Taus Brock-Nannestad
1526c86e6d Python: Update test results for ReturnTypes.ql for Python 2. 2020-02-25 17:30:46 +01:00
yo-h
d06caefd8e Address code review comments for experimental.md 2020-02-25 11:17:42 -05:00
Taus Brock-Nannestad
35ada17e2a Python: Use object as default return type for built-ins. 2020-02-25 16:31:40 +01:00
Taus Brock-Nannestad
5813209337 Python: Add tests for missing points-to for built-in methods. 2020-02-25 16:25:41 +01:00
Erik Krogh Kristensen
dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
Taus Brock-Nannestad
887f85cee2 Python: Add test for missing points-to information 
To ease the rollout of this test, currently we only report missing points-to
information for nodes that either

- appear as an argument in a call to a function named `check`, or
- appear inside a scope where the first line is annotated with a comment ending
  in "check".

The idea behind the second version is that once we have points-to running at a
level where no node inside a scope that _ought_ to have points-to is missing
this information, we can simply remove all uses of `check(...)` from inside this
scope, and annotate the entire scope with `# check`. Once this has been done for
the entire file, we can then remove all the comments and just require
_everything_ to be checked.

Note that I don't expect all nodes to have the need for points-to information.
For instance, there are nodes representing scope entry and exit, and for these
it doesn't make sense to require that they "point-to" anything. Similarly,
`NameNode` appearing in a "store" (i.e. as the left hand side of an assignment)
do not strictly need to have points-to information, although it might be more
intuitive if they did.

Thus, the `relevant_node` predicate will almost certainly need to be extended to
exclude these kinds of nodes.
 2020-02-25 16:07:50 +01:00
Rasmus Wriedt Larsen
f10a86d3ac Python: Remove --optimize: true from options files 
Tests will be run with optimizations on by default now.
 2020-02-25 15:52:00 +01:00
Rasmus Wriedt Larsen
8f70101572 Python: docs: Use <code> tag consistently in UseofInput.qhelp 2020-02-25 15:40:08 +01:00
mchammer01
0c5216570c pre-migration work: fix typos 2020-02-25 04:50:14 -08:00
Jonas Jensen
db33c360bc Merge pull request #2910 from aschackmull/dataflow/cleanup 
Java/C++: Minor dataflow cleanup.
 2020-02-25 12:47:10 +01:00
semmle-qlci
03b882381a Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Taus
b453cf8f60 Merge pull request #2906 from RasmusWL/python-add-3-imports-tests 
Python: Add Python 3 Imports tests from internal repo
 2020-02-25 12:04:16 +01:00
Erik Krogh Kristensen
c83c27cbc4 add extra sanity-check that the output looks good 2020-02-25 11:11:58 +01:00
Erik Krogh Kristensen
8d26f32199 arg -> param 2020-02-25 10:53:07 +01:00
Erik Krogh Kristensen
87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Matthew Gretton-Dann
3465d5a0c7 docs: Correct AC5 version 2020-02-25 09:29:18 +00:00
Matthew Gretton-Dann
a48e36e2e1 docs: Update clang/gcc versions supported 2020-02-25 09:28:39 +00:00
Matthew Gretton-Dann
28e9cd7e38 docs: Detail support for C18. 2020-02-25 09:27:42 +00:00
Mathias Vorreiter Pedersen
b9bb2ec0ac Merge pull request #2864 from jbj/DefaultTaintTracking-cached 
C++: Cache DefaultTaintTracking
 2020-02-25 10:15:43 +01:00
Erik Krogh Kristensen
d540caecdd Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-25 10:04:51 +01:00
Anders Schack-Mulligen
fba8772411 Java/C++: Minor dataflow cleanup. 2020-02-25 09:40:25 +01:00
Asger F
160fc48803 Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Esben Sparre Andreasen
5baba62154 JS: model path-is-inside+is-path-inside for js/path-injection 2020-02-24 23:10:15 +01:00
Esben Sparre Andreasen
86b836cd29 JS: add tests for js/path-injection 2020-02-24 23:03:42 +01:00
semmle-qlci
aadb148c1c Merge pull request #2855 from asger-semmle/js/returned-partial-call 
Approved by esbena
 2020-02-24 21:37:41 +00:00
yo-h
43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Robert Marsh
ea4ca31fb3 Merge pull request #2907 from geoffw0/argvlocal 
C++: Modify the argvlocal tests
 2020-02-24 10:55:21 -08:00
Erik Krogh Kristensen
afd6ea2628 small correction in doc + autoformat 2020-02-24 17:54:29 +01:00
Geoffrey White
4af0193c98 C++: Modify the argvlocal tests. 2020-02-24 16:51:47 +00:00
Geoffrey White
9f271949d5 C++: Adjust layout of the argvlocal test. 2020-02-24 15:52:31 +00:00
Anders Schack-Mulligen
67b32796dd Merge pull request #853 from joshhale/tweak-cwe-078-example 
doc: remove - from command arguments
 2020-02-24 16:15:58 +01:00
Asger F
e665e3c187 Update change-notes/1.24/analysis-javascript.md 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-24 15:07:28 +00:00
Geoffrey White
c641a31640 C++: Refine nodeIsBarrierIn using getNodeForSource. 2020-02-24 14:39:31 +00:00
Rasmus Wriedt Larsen
2b997ec94a Python: Add Python 3 Imports tests from internal repo 2020-02-24 15:36:45 +01:00
Asger Feldthaus
6360073da4 JS: Rephrase change note 2020-02-24 14:35:17 +00:00
Rasmus Wriedt Larsen
9d629aef95 Python: Highlight py/use-of-input is for Python 2 2020-02-24 15:13:19 +01:00
Geoffrey White
843b72b11a C++: hasGlobalOrStdName(). 2020-02-24 14:12:19 +00:00
Erik Krogh Kristensen
b20e8520f6 add default message if not pretty printed call can be created 2020-02-24 14:52:08 +01:00
semmle-qlci
317356e591 Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers 
Approved by erik-krogh
 2020-02-24 13:35:32 +00:00
Erik Krogh Kristensen
b72404dc99 add change note 2020-02-24 14:07:49 +01:00
Erik Krogh Kristensen
a779ae58a8 add qhelp 2020-02-24 14:03:41 +01:00
Jonas Jensen
2d9df70abc Merge pull request #2887 from MathiasVP/fix-ir-gen-switch 
C++: Fix IR generation for switch statements
 2020-02-24 13:29:27 +01:00
Erik Krogh Kristensen
fb94af9764 remove the last dependency on PrettyPrinting 2020-02-24 13:18:15 +01:00
Erik Krogh Kristensen
051de247b0 change regexpMatch to regexpFind 2020-02-24 13:11:30 +01:00
Erik Krogh Kristensen
a768e937f0 complete qldoc 2020-02-24 13:08:50 +01:00
Jonas Jensen
ae68878476 C++: Cache DefaultTaintTracking 
This should speed up the overall suite, where `DefaultTaintTracking` is
used in several queries.
 2020-02-24 13:03:34 +01:00
Erik Krogh Kristensen
473787a426 refactor the getOptionsArg predicate into the SystemCommandExecution class 2020-02-24 12:59:20 +01:00
Geoffrey White
a0e839d3f1 C++: Block duplicate taint results from 'gets' and other functions. 2020-02-24 11:53:22 +00:00
Geoffrey White
06e649fc30 C++: Add support for fgetws. 2020-02-24 11:47:32 +00:00