hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 02:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
0d4b2e4bf7 C#/C++: Autoformat post rebase. 2020-01-29 13:16:46 +01:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
Jonas Jensen
02cb8e9cc7 Merge remote-tracking branch 'upstream/master' into dataflow-partial-chi 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
 2020-01-29 13:03:40 +01:00
Calum Grant
c0379cc3f1 C#: Address review comment: an SQL 2020-01-29 11:46:28 +00:00
Calum Grant
aff0a7534c Update change-notes/1.24/analysis-csharp.md 
Fix indentation

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-01-29 11:44:17 +00:00
Anders Schack-Mulligen
9b7a728609 Java: Autoformat. 2020-01-29 12:16:25 +01:00
semmle-qlci
fb90c2ba52 Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Anders Schack-Mulligen
9391058363 Java: Add unit test for ldap injection. 2020-01-29 11:37:33 +01:00
Jonas Jensen
27b5902258 Merge pull request #2707 from geoffw0/taint-format 
C++: Add TaintFunction model to FormattingFunction
 2020-01-29 08:20:34 +01:00
Grzegorz Golawski
bbcfbd7a28 Apply suggestion from code review 2020-01-28 22:34:01 +01:00
Robert Marsh
9504da54d1 Merge pull request #2713 from MathiasVP/dynamic-cast-taint-propagation 
C++: Taint propagation through dynamic_cast
 2020-01-28 15:09:49 -05:00
Dave Bartolomeo
60a0eff4d7 Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 2020-01-28 12:06:43 -07:00
yo-h
97069a7988 Merge pull request #2683 from aschackmull/java/lshift32 
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
 2020-01-28 13:30:26 -05:00
Dave Bartolomeo
542579de7f C++: Accept dataflow test changes due to new alias analysis 2020-01-28 10:58:27 -07:00
Dave Bartolomeo
dda32359fa C++: Accept IR dump test results changes due to new alias analysis 2020-01-28 10:58:05 -07:00
Dave Bartolomeo
7013bc6bf4 C++: Update escape analysis tests to new API 2020-01-28 10:57:07 -07:00
Dave Bartolomeo
bb9485d548 C++: Update points_to tests to use new framework 2020-01-28 10:56:49 -07:00
Dave Bartolomeo
af9d90cf46 C++: New test framework that allows expected results as comments in source code 2020-01-28 10:56:13 -07:00
Dave Bartolomeo
d12b140921 C++/C#: Update shared file list 2020-01-28 10:55:38 -07:00
Dave Bartolomeo
976b564b68 C++: Update AliasedSSA to use Allocation instead of IRVariable 
This introduces a new type of `MemoryLocation`: `EntireAllocationMemoryLocation`, representing an entire contiguous allocation whose size is not known. This is used to model the memory accesses on `InitializeIndirection` and `ReturnIndirection`.
 2020-01-28 10:55:24 -07:00
Dave Bartolomeo
165a45d9b5 C++/C#: Update SimpleSSA to use Allocation instead of IRVariable 2020-01-28 10:53:18 -07:00
Dave Bartolomeo
1bbc875442 C++/C#: Parameterize alias analysis based on AliasConfiguration 
Instead of tracking `IRVariable`s directly, alias analysis now tracks instances of the `Allocation` type provided by its `Configuration` parameter. For unaliased SSA, an `Allocation` is just an `IRAutomaticVariable`. For aliased SSA, an `Allocation` is either an `IRVariable` or the memory pointed to by an indirect parameter.
 2020-01-28 10:51:21 -07:00
Dave Bartolomeo
b15dd82732 C++/C#: Share alias analysis between C++ and C# 2020-01-28 10:47:37 -07:00
Dave Bartolomeo
1b1fded535 C++/C#: Add new MemoryAccessKind to represent entire allocation 2020-01-28 10:41:53 -07:00
Mathias Vorreiter Pedersen
67d29e31cc C#: Sync identical files 2020-01-28 17:52:45 +01:00
Mathias Vorreiter Pedersen
c1091a03d0 C++: Accept output 2020-01-28 17:38:35 +01:00
Mathias Vorreiter Pedersen
46ce228bce C++: Add instruction for CheckedConvertOrNull and handle it in alias analysis and data flow 2020-01-28 17:36:17 +01:00
Mathias Vorreiter Pedersen
928b0c50d2 C++: Add test demonstrating false negative when using dynamic_cast 2020-01-28 17:31:53 +01:00
Rasmus Wriedt Larsen
4ca72de4cd Python: Fix recommended module for deprecated posixfile 
$ python2 -W default -c 'import posixfile'
-c:1: DeprecationWarning: The posixfile module is deprecated; fcntl.lockf() provides better locking

https://docs.python.org/2.7/library/posixfile.html
 2020-01-28 16:44:47 +01:00
Rasmus Wriedt Larsen
6c7cddf258 Python: py/import-deprecated-module handle backwards compatible code 2020-01-28 16:36:47 +01:00
Rasmus Wriedt Larsen
e92d6c0459 Python: Stop py/import-deprecated-module from double alerting 
This changes the location from the import statement, to the actual expression
 2020-01-28 16:15:46 +01:00
Rasmus Wriedt Larsen
7949acc3ef Python: Autoformat 2020-01-28 16:15:21 +01:00
Rasmus Wriedt Larsen
194228850a Python: Add tests for py/import-deprecated-module 2020-01-28 16:15:21 +01:00
Calum Grant
6b377d7ad4 C#: Analysis change notes 2020-01-28 14:59:25 +00:00
Geoffrey White
fc1816cbd7 C++: Update change note. 2020-01-28 14:53:18 +00:00
Geoffrey White
f02ffcbbd2 C++: Modify ParameterIndex to account for varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
d66f608d41 C++: Taint from FormattingFunction varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
8b215c155e C++: Correct a few test comments. 2020-01-28 14:51:46 +00:00
Geoffrey White
b1f66ae825 C++: Fix warnings. 2020-01-28 14:51:46 +00:00
yo-h
95d138bf00 Merge pull request #2659 from aschackmull/java/remove-parexpr 
Java: Update dbscheme for ParExpr removal.
 2020-01-28 09:50:06 -05:00
Erik Krogh Kristensen
aea365c424 adjust API naming 2020-01-28 15:09:31 +01:00
Calum Grant
0b3821c828 C#: Remove false positive for out params 2020-01-28 13:59:33 +00:00
Jonas Jensen
24a50fceef Merge pull request #2709 from MathiasVP/ql-tests-taint-tracking-fixup 
C++: Fix annotations in testcase file
 2020-01-28 14:52:55 +01:00
Erik Krogh Kristensen
cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Mathias Vorreiter Pedersen
287af2bdec C++: Fix annotations in testcase file 2020-01-28 13:51:36 +01:00
Asger F
701d9989be Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:51 +00:00
Asger F
310dd05185 Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:34 +00:00
Geoffrey White
01dc3661b7 C++: Autoformat. 2020-01-28 12:17:56 +00:00