hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 19:32:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
1951461f55 JavaScript: Simplify DoubleEscaping. 
Undo previous work on generalising the concept of a replacement, which did not work out.
 2019-11-22 09:24:34 +00:00
Max Schaefer
ff002a7af4 JavaScript: Whitelist more harmless incomplete escapes. 2019-11-22 09:24:34 +00:00
Max Schaefer
659cc812fe JavaScript: Rephrase two predicates to help the optimiser. 2019-11-22 09:24:34 +00:00
Max Schaefer
db3eaa23ef JavaScript: Introduce modelling of String.prototype.replace and use it in two queries. 2019-11-22 09:24:34 +00:00
Max Schaefer
f43e843b20 JavaScript: Introduce class RegExpLiteralNode. 2019-11-22 09:24:34 +00:00
Max Schaefer
12ea81af9c JavaScript: Move getAMatchedConstant(RegExpTerm) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
a5a5debdc7 JavaScript: Move getStringValue(RegExpLiteral) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00
Max Schaefer
5dcf55e113 JavaScript: Refactor DoubleEscaping.ql. 2019-11-22 09:24:34 +00:00
Jonas Jensen
bd4fa10ffb C++: Tie macro exclusion to <, not + 
This fixes a failing qltest and makes the exclusion similar to what's in
`PointerOverflow.ql`. It's possible we should exclude based on both `+`
and `<`, but we can revisit that if false positives show up.
 2019-11-22 09:20:00 +01:00
Jonas Jensen
ca1b91aab2 Merge pull request #2414 from dbartol/dbartol/FixWarnings 
C++/C#: Fix QL compilation warnings/errors
 2019-11-22 09:14:33 +01:00
Jonas Jensen
0e4ed1cbbf C++: Prevent cached stages from being re-evaluated 
Before this change, evaluating `cpp/constant-comparison` followed by
`cpp/signed-overflow-check` would result in re-evaluation of almost all
the cached stages they share: CFG, basic blocks, SSA, and range
analysis. The same effect could be seen on `cpp/bad-strncpy-size`, which
also uses the GVN library.
 2019-11-22 08:45:49 +01:00
semmle-qlci
62859d140d Merge pull request #2394 from esbena/js/support-getDerivedFromError 
Approved by max-schaefer
 2019-11-22 07:45:45 +00:00
semmle-qlci
2c623372b6 Merge pull request #2405 from esbena/js/another-bind-model 
Approved by asgerf
 2019-11-22 07:35:58 +00:00
Robert Marsh
a5e6b83dbd Merge pull request #2400 from jbj/1.23-changenote 
C++: Tweak 1.23 change note
 2019-11-21 13:53:28 -08:00
Robert Marsh
05aebeff79 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-21 13:45:31 -08:00
Dave Bartolomeo
fb67d3eae4 C++: Fix override errors in MagicDraw.qll 2019-11-21 13:18:45 -07:00
Dave Bartolomeo
27cc6b1e4f C++/C#: Fix compilation error in PrintSSA.qll 
We were privately importing `semmle.code.<lang>.ir.internal.Overlap`, but `PrintSSA.qll` was depending on it being public. This is made a little more complicated by the presence of cross-langage pyrameterized modules.
 2019-11-21 13:18:25 -07:00
Jonathan Leitschuh
21193bd780 Java: Use of HTTP/FTP to download/upload Maven artifacts 
This adds a security alert for the use of HTTP or FTP to download or upload
artifacts using Maven.
 2019-11-21 13:35:29 -05:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
92f32a12d8 Add tests for nullness tracking by comparing variables. 2019-11-21 19:23:39 +01:00
Robert Marsh
dbe885fd38 Merge pull request #1926 from jbj/ir-dataflow-toString 
C++: DataFlow::Node.toString consistency
 2019-11-21 10:20:35 -08:00
Geoffrey White
676e8a2c2e Merge pull request #2399 from jbj/ExprHasNoEffect-templates 
C++: Suppress ExprHasNoEffect on template code
 2019-11-21 18:01:41 +00:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00
Cornelius Riemenschneider
d8aae1c126 Add tests to track nullness by instanceof checks. 2019-11-21 18:38:27 +01:00
Erik Krogh Kristensen
94e9c0203d add test for exceptional taint-flow 2019-11-21 17:16:13 +01:00
shati-patel
b6a05399da C# change notes: Remove duplicated heading 2019-11-21 16:08:44 +00:00
semmle-qlci
8cca9b05ea Merge pull request #2393 from max-schaefer/js/improve-incomplete-sanitization-docs 
Approved by mchammer01
 2019-11-21 16:04:19 +00:00
Asger F
ec8ced7963 TS: Fix a typos and leftover todo 2019-11-21 15:39:37 +00:00
Asger F
01ab8f07eb TS: Fix a crash when allowJs: true was set 2019-11-21 15:39:37 +00:00
Asger F
7d558d165a JS: Update extractor version string 2019-11-21 15:39:37 +00:00
Asger F
33a44de47d TS: Add upgrade script 2019-11-21 15:39:37 +00:00
Asger F
2c916cb4f3 TS: Update stats 2019-11-21 15:39:37 +00:00
Asger F
dd50d29827 TS: Fix crash in case of missing type roots 2019-11-21 15:39:37 +00:00
Asger F
4a885cbf92 TS: Expose optional parameters at syntax level 2019-11-21 15:39:37 +00:00
Asger F
b6b8213e13 TS: Handle rest parameters in call signatures 2019-11-21 15:39:37 +00:00
Asger F
f2c3d734ea TS: Update some more tests 2019-11-21 15:39:37 +00:00
Asger F
0c41d6910f TS: Pass tsconfig options correctly 2019-11-21 15:39:37 +00:00
Asger F
23f8d27447 TS: Simplify debugging 2019-11-21 15:39:37 +00:00
Asger F
8205a59688 TS: Unfold aliases in Type.unfold() 2019-11-21 15:39:37 +00:00
Asger F
e25ee182a0 TS: Extract type alias relation 2019-11-21 15:39:37 +00:00
Asger F
f11dc11ade TS: Fix type of RHS of TypeAliasDeclaration 2019-11-21 15:39:37 +00:00
Asger F
a3aef1e4e0 TS: Update TypeAlias test 2019-11-21 15:39:37 +00:00
Taus Brock-Nannestad
033524ce63 Python: Support forward references inside return type annotations. 
Should fix #2407.

Also allows for the string containing the forward reference to appear inside a
subexpression of the type annotation.
 2019-11-21 15:37:32 +01:00
James Fletcher
0b274e5b23 Merge pull request #2386 from shati-patel/docs/demos 
QL docs: Update links to blog/demos
 2019-11-21 13:53:05 +00:00
Erik Krogh Kristensen
42a0a62e4c remove 3 FP sources from use-of-returnless-function 2019-11-21 14:27:04 +01:00
Jonas Jensen
f98cd673fd C++: Autoformat 2019-11-21 14:02:53 +01:00