hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
f17720f587 Python: Add test and fix filename 2020-10-19 10:58:57 +02:00
Rasmus Lerchedahl Petersen
d76b2c0023 Python: Add concept and port query 2020-10-19 10:58:57 +02:00
Erik Krogh Kristensen
8c44392638 add local dataflow to js/template-syntax-in-string-literal 2020-10-19 10:58:40 +02:00
Max Schaefer
e1d90e90ad JavaScript: Add modelling for Module.prototype._compile. 2020-10-19 09:42:17 +01:00
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Dave Bartolomeo
ece20cdb5e Merge branch 'main' into dbartol/temporaries/work 2020-10-18 13:11:06 -04:00
Mathias Vorreiter Pedersen
7942d7332a Merge pull request #4501 from dbartol/dbartol/PrintPartialFlow 
C++: Annotate IR with partial flow info
 2020-10-18 17:48:54 +02:00
Dave Bartolomeo
b73cb3a4ce Accept C# IR diffs 2020-10-18 11:11:05 -04:00
Dave Bartolomeo
2f34c78552 Fix formatting 2020-10-18 11:08:42 -04:00
Dave Bartolomeo
0b2acff837 Add upgrade script 2020-10-18 08:42:24 -04:00
Dave Bartolomeo
939bfae6e0 Fix formatting 2020-10-18 08:32:08 -04:00
Dave Bartolomeo
5f6ae32f1c Accept test output after merge 2020-10-17 18:16:21 -04:00
Dave Bartolomeo
129e250569 Update test expectations 2020-10-17 17:01:24 -04:00
Dave Bartolomeo
eb9cea48b8 Fix modeling of std::set::emplace 2020-10-17 17:00:29 -04:00
Dave Bartolomeo
40cd96eb1d Merge from main 2020-10-17 15:14:26 -04:00
Dave Bartolomeo
4e0afb0dc3 Print targets of Load and Store instructions in IR dump 2020-10-17 15:01:45 -04:00
Dave Bartolomeo
e4fdf699ad Accept improved test results 2020-10-17 14:33:10 -04:00
Dave Bartolomeo
4814dcf145 Print partial flow info in PrintIRLocalFlow.qll 2020-10-17 14:32:31 -04:00
Dave Bartolomeo
a80c6fbf97 C++: Print target variable name for Load and Store, if known 
Now that we've started printing the targets of `Call` instructions in the IR dumps, I figured I might as well print the names of the variable being loaded or stored as well. We could potentially extend this to match fields, array elements, etc., but that's quite a bit more work.
 2020-10-17 14:21:27 -04:00
Dave Bartolomeo
100f13f202 C++: Annotate IR with partial flow info 
I've added one more property to the annotations provided by `PrintIRLocalFlow.qll`: The `pflow` property will now be emitted for any operand or instruction for which `configuration.hasPartialFlow` determines that there is partial flow to that node. This requires that partial flow be enabled via overriding `Configuration::explorationLimit()` in order to display. Otherwise, you'll still just get the local flow info as before.
 2020-10-17 13:17:08 -04:00
Dave Bartolomeo
1dae8f62c1 Model copy-ish constructors for std::pair 2020-10-17 11:33:20 -04:00
Dave Bartolomeo
1b53c4684d Fix test expectations due to pair/make_pair fixes 2020-10-17 09:46:18 -04:00
Dave Bartolomeo
686f5aa8ed Handle parameter indirections in make_shared and make_unique 2020-10-17 08:53:55 -04:00
Dave Bartolomeo
7da4eef90d Fix subtle typing issue with std::makr_pair 2020-10-17 08:53:20 -04:00
Dave Bartolomeo
675256acab Accept test diffs from set.cpp (50 new good results!) 2020-10-16 17:14:41 -04:00
Dave Bartolomeo
af799a79da Accept good test diffs 2020-10-16 17:07:46 -04:00
Dave Bartolomeo
cf19fcf4c0 C++: Improve dataflow model for copy/move constructors 2020-10-16 16:55:59 -04:00
Robert Marsh
4766492e39 C++: respond to PR comments on output iterators 2020-10-16 13:47:20 -07:00
Robert Marsh
7f2aa81d0b Merge pull request #4498 from dbartol/dbartol/PrintCallTargets 
C++: Print static call target for `Call` instruction in dumps
 2020-10-16 16:46:33 -04:00
Robert Marsh
1f8167b47b C++: fix test annotations 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-10-16 16:16:27 -04:00
Asger Feldthaus
f0034138ce JS: Fix DefaultFlowLabels test 2020-10-16 18:13:13 +01:00
Dave Bartolomeo
9afddf0dad Insert a load of the temporary object for arguments passed by value 2020-10-16 12:56:46 -04:00
Dave Bartolomeo
6a9ecf7ba2 Dump static call target for Call instructions 2020-10-16 12:55:30 -04:00
Asger Feldthaus
4137d3f971 JS: Split CWE-079 tests into their own folders 2020-10-16 17:32:36 +01:00
Dave Bartolomeo
6a6eadcf50 C++: Print static call target for Call instruction in dumps 2020-10-16 11:53:27 -04:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
Vadim Peretokin
8933bbd672 Add modern C++ variant 2020-10-16 17:11:41 +02:00
Erik Krogh Kristensen
8cf21e3b2b autoformat 2020-10-16 16:56:35 +02:00
Dave Bartolomeo
14ac9859c1 Remove more ODR violations from test code. 
PrintAST now works on `library-tests/dataflow/taint-tests`.
 2020-10-16 10:26:42 -04:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Tom Hvitved
d91ea55f0c Merge pull request #4440 from aschackmull/dataflow/adaptive-field-precision 
Dataflow: Adaptive field flow precision
 2020-10-16 15:08:56 +02:00
Erik Krogh Kristensen
27a2cd310d inline value in nodeLeadingToCsrfWrite 2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen
017c73dce3 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen
c2338b218f Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:12:36 +02:00
CodeQL CI
1d9b0ce059 Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths 
Approved by asgerf
 2020-10-16 05:05:29 -07:00
Anders Schack-Mulligen
2b19a48030 Merge pull request #3880 from hvitved/dataflow/precise-aps 
Data flow: Precise access paths
 2020-10-16 13:54:35 +02:00
Anders Schack-Mulligen
b352605d12 Dataflow: Code review fixes. 2020-10-16 13:45:51 +02:00
Erik Krogh Kristensen
7598d31fc1 add change note 2020-10-16 13:35:31 +02:00
Erik Krogh Kristensen
b3d5f9c4dd support throttle like calls as partial calls 2020-10-16 13:33:02 +02:00
Joe Farebrother
3ef9498d53 Java: Modify privateness of a couple imports for Guava 2020-10-16 12:09:39 +01:00