hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 03:42:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
466f7fe6b2 C++: Use <ol> for recommendations 2019-11-19 12:57:02 +01:00
Erik Krogh Kristensen
2f08ee9faf fix typo 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-19 12:53:50 +01:00
James Fletcher
c73ae5399d Merge pull request #2380 from shati-patel/docs/blog-links 
Docs: Update links from blog to security lab
 2019-11-19 11:09:13 +00:00
Shati Patel
820a11294d Docs: Update links from blog to security lab 2019-11-19 10:54:19 +00:00
Jonas Jensen
0731309b1e C++: Change note for StackVariable 2019-11-19 11:44:03 +01:00
Jonas Jensen
4d97534308 C++: Deprecate LocalScopeVariableReachability 2019-11-19 11:43:41 +01:00
Jonas Jensen
1498499994 C++: Relax type in two tests 2019-11-19 11:31:34 +01:00
Jonas Jensen
f5b9837e19 C++: Use StackVariable in Nullness.qll 
This might cause fewer variables to be analysed because not every use of
`LocalScopeVariable` was constrained by the def-use library. Hopefully
this leads to an improved nullness analysis since it avoids treating
`static T *x = nullptr;` the same as `static T *x; x = nullptr;`.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
140575ee71 C++: Use StackVariable where SSA/def-use are used 
These changes should not affect semantics since these uses of
`LocalScopeVariable` were already constrained to stack variables by
their use of SSA or def-use.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
6f9ec0409e C++: Use StackVariable in code that uses RangeSSA 2019-11-19 11:31:33 +01:00
Jonas Jensen
29f66ff095 C++: Use StackVariable, remove not v.isStatic() 
In these files it was possible to remove calls to `isStatic` by
switching from `LocalScopeVariable` to `StackVariable`. This changes
semantics, hopefully for the better, to treat `thread_local` locals the
same as `static` locals.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
e57f98ca64 C++: Use StackVariable in def-use libraries 
Most of the implementation was already in terms of
`SemanticStackVariable`, so not much should have changed.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
95a333d28c C++: Use StackVariable in SSA libraries 
This means we'll no longer get SSA definitions for thread-local
local-scope variables.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
c1ed908834 C++: Use StackVariableReachability 
This library is a drop-in replacement for
`LocalScopeVariableReachability`, so no changes are expected.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
01ca63ae92 C++: Bring back StackVariableReachability.qll 
This is now a copy of `LocalScopeVariableReachability.qll`, just with
`s/LocalScopeVariable/StackVariable/g`. It can be used as a drop-in
replacement since the `LocalScopeVariableReachability.qll` library
implementation was already restricted to `SemanticStackVariable`.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
8110039e0a C++: Bring back the StackVariable QL class 
The new `StackVariable` class actually denotes what its name suggests.
 2019-11-19 11:23:34 +01:00
Erik Krogh Kristensen
d4f42d872a change change-note to target 1.24 instead of 1.23 2019-11-19 11:10:34 +01:00
Taus
4c700882b6 Merge pull request #2190 from RasmusWL/python-modernise-tornado-library 
Python: modernise tornado library
 2019-11-19 09:36:30 +01:00
Erik Krogh Kristensen
de8ed3f508 update test code 2019-11-19 09:04:30 +01:00
Erik Krogh Kristensen
91674f681b refactoring to remove duplicated code and simplify the ExceptionXss query 2019-11-19 08:54:51 +01:00
Robert Marsh
ae47eab727 C++: autoformat 2019-11-18 15:36:08 -08:00
yh-semmle
3d837542e8 Merge pull request #2373 from aschackmull/java/changenote-update 
Java: Update change note to cover #2304 and #2346.
 2019-11-18 12:14:07 -05:00
Taus Brock-Nannestad
3491d90b1e Python: Apply auto-format. 2019-11-18 16:50:32 +01:00
Taus Brock-Nannestad
1385f3c018 Python: Fix non-container FP relating to MappingProxyType. 
Fixes #2307.

Also modernises the query to use the `Value` API.
 2019-11-18 16:50:32 +01:00
Taus Brock-Nannestad
3c47394b7a Python: Apply auto-format. 2019-11-18 16:28:54 +01:00
Taus Brock-Nannestad
cac261858c Python: Don't report mutable parameters that are in fact immutable. 
Fixes #1832.

In the taint sink, we add an additional check that the given control-flow node
can indeed point to a value that is mutable. This takes care of the guard on the
type.

If and when we get around to adding configurations for all of the taint
analyses, we may want to implement this as a barrier instead, pruning any steps
that go through a type test where the type is not mutable.
 2019-11-18 16:18:44 +01:00
Calum Grant
b9d1c38753 Merge pull request #2371 from max-schaefer/rc/1.23 
Merge rc/1.23 into master
 2019-11-18 14:15:31 +00:00
semmle-qlci
ed4657c201 Merge pull request #2340 from hvitved/csharp/nunit-assertions 
Approved by calumgrant
 2019-11-18 13:02:49 +00:00
Nick Rolfe
9828315b6e Merge pull request #2033 from ian-semmle/edg 
C++: Changes following EDG upgrade
 2019-11-18 12:46:11 +00:00
Erik Krogh Kristensen
853c86685b remove some false positives 2019-11-18 13:32:47 +01:00
James Fletcher
e6574cc259 Merge pull request #2370 from shati-patel/docs/readme 
Docs: Update readme in docs folder (cherry-pick from master)
 2019-11-18 12:29:41 +00:00
Anders Schack-Mulligen
645cc99383 Java: Update change note to cover #2304 and #2346. 2019-11-18 13:26:50 +01:00
Geoffrey White
ff15c01ab9 CPP: Comma. 2019-11-18 11:51:54 +00:00
semmle-qlci
34f4b11416 Merge pull request #2368 from asger-semmle/regexp-max-length 
Approved by max-schaefer
 2019-11-18 11:49:46 +00:00
Geoffrey White
9a53706e87 CPP: Reword TlsSettingsMisconfiguration.qhelp. 2019-11-18 11:49:28 +00:00
Geoffrey White
2789c2dbac CPP: Fix typos. 2019-11-18 11:48:13 +00:00
James Fletcher
21832a8550 Merge pull request #2350 from shati-patel/docs/vscode 
Docs: Update links to new products
 2019-11-18 11:14:53 +00:00
Tom Hvitved
3d1ce55642 C#: Address review comments 2019-11-18 10:53:02 +01:00
shati-patel
08c91b05ac Docs: Update readme in docs folder 2019-11-18 09:38:53 +00:00
Shati Patel
d6a673c91a Docs: Update links to new products 2019-11-18 09:34:00 +00:00
Asger F
c02863842c JS: Raise limit to 1000 2019-11-18 08:33:26 +00:00
Jonas Jensen
74ca0e428d Merge pull request #2334 from rdmarsh2/rdmarsh/cpp/reword-pointeroverflow-qhelp 
C++: simplify PointerOverflow.qhelp
 2019-11-18 08:37:19 +01:00
Asger F
6f15eff954 JS: Cap length of extracted string 2019-11-17 23:06:47 +00:00
Erik Krogh Kristensen
5a6958a1cd add promise aggregators 2019-11-17 11:22:29 +01:00
Erik Krogh Kristensen
b3e88cdf31 refactored multiple implementations of getEnclosingTryStmt into a single predicate 2019-11-17 09:50:41 +01:00
Erik Krogh Kristensen
1b81526691 Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-17 09:29:54 +01:00
Erik Krogh Kristensen
525da97dd4 changes based on review feedback 2019-11-17 09:24:00 +01:00
Erik Krogh Kristensen
3b9847e075 apply suggestions from max 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-17 09:01:48 +01:00
Paulino Calderon
56c12adab7 Adds check for insecure MaxLengthRequest values 2019-11-16 14:21:39 -05:00
Erik Krogh Kristensen
a59a414e0b update expected output 2019-11-16 15:20:42 +01:00