hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 20:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
67b38ed301 correctly weed out benign calls inside attributes 2019-11-11 15:30:33 +01:00
James Fletcher
c33d28542e Merge pull request #2294 from felicitymay/1.22-mergeback-master 
1.22 mergeback master
 2019-11-11 14:14:09 +00:00
Geoffrey White
e77fefaf9e Merge pull request #2295 from jbj/self-comparison-templates 
C++: Suppress PointlessSelfComparison.ql on templates
 2019-11-11 14:12:55 +00:00
Felicity Chapman
37c78bf1ea Fix poor conflict resolution in training slides 2019-11-11 13:11:28 +00:00
Jonas Jensen
97cc0ebc8c C++: Suppress PointlessSelfComparison on templates 
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
 2019-11-11 14:00:00 +01:00
Jonas Jensen
281d512178 C++: Add tests for self-comparison template FP 2019-11-11 13:52:22 +01:00
Felicity Chapman
b3c3677cbf Merge branch 'rc/1.22' into 1.22-mergeback-master 
Conflicts resolved in favour of master:
	docs/language/learn-ql/cpp/conversions-classes.rst
	docs/language/learn-ql/cpp/function-classes.rst
	docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
	docs/language/learn-ql/csharp/ql-for-csharp.rst
	docs/language/learn-ql/javascript/introduce-libraries-ts.rst
	docs/language/learn-ql/python/introduce-libraries-python.rst
	docs/language/ql-training/cpp/bad-overflow-guard.rst
	docs/language/ql-training/cpp/control-flow-cpp.rst
	docs/language/ql-training/cpp/global-data-flow-cpp.rst
	docs/language/ql-training/cpp/intro-ql-cpp.rst
	docs/language/ql-training/cpp/program-representation-cpp.rst
	docs/language/ql-training/cpp/snprintf.rst
	docs/language/ql-training/index.rst
	docs/language/ql-training/java/global-data-flow-java.rst
	docs/language/ql-training/java/intro-ql-java.rst
	docs/language/ql-training/java/program-representation-java.rst
	docs/language/ql-training/java/query-injection-java.rst
 2019-11-11 10:18:43 +00:00
Rasmus Wriedt Larsen
9151a7e433 Python: Always enable legacy taint tracking configuration 
If the legacy configuration is only enabled if there are no other
configurations, defining a configuration in an imported library can lead to
unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)`
would *stop* working, if it did not define its own configuration. (this actually
happened to us)

We performed a dist-compare to ensure there is not a performance deg ration by
doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e

Tests that were affected by this:

- RockPaperScissors + Simple: new edges because no configuration was defined for
  SqlInjectionTaint or CommandInjectionTaint
- CleartextLogging + CleartextStorage: new edges because no configuration was
  defined before, AND duplicate deges.
- TestNode: new edges because no configuration was defined before

- PathInjection: Duplicate edges
- TarSlip: Duplicate edges
- CommandInjection: Duplicate edges
- ReflectedXss: Duplicate edges
- SqlInjection: Duplicate edges
- CodeInjection: Duplicate edges
- StackTraceExposure: Duplicate edges
- UnsafeDeserialization: Duplicate edges
- UrlRedirect: Duplicate edges
 2019-11-11 11:17:21 +01:00
Anders Schack-Mulligen
b0fecbce28 Merge pull request #2230 from yh-semmle/java-move-cwe502-lib 
Java: move `UnsafeDeserialization.qll` to standard library location
 2019-11-11 10:44:52 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Calum Grant
bd925d2bee C#: Fix prefixing assembly IDs to type IDs. 2019-11-10 13:05:08 +00:00
Jonas Jensen
751263db91 C++: Use ConvertToBaseInstruction in IR data flow 
This should make virtual dispatch work also for virtual bases.
 2019-11-10 11:17:35 +01:00
Jonas Jensen
7758b43e34 C++: Add ConvertToBase{Opcode,Instruction} classes 
These should make it easy to match base-class conversions when it's not
important whether the base class is virtual.
 2019-11-10 11:09:54 +01:00
Jonas Jensen
279fc16b60 C++: ConvertToBase -> ConvertToNonVirtualBase 
This rename was done with

    perl -p -i -e's/ConvertToBase/ConvertToNonVirtualBase/g' **/*.ql* **/*.expected

followed by re-running the affected tests.
 2019-11-10 10:35:53 +01:00
James Fletcher
aa05908d19 Merge pull request #2287 from felicitymay/1.22/support-codeql 
1.22: Update for support info for CodeQL term change
 2019-11-09 22:07:34 +00:00
Felicity Chapman
25eb1d0cc9 Update for CodeQL term change and port nav changes 2019-11-09 14:36:35 +00:00
Jonas Jensen
f3e691b5ec Merge pull request #2075 from zlaski-semmle/zlaski/cpp434 
[CPP-434] Detect signed overflow checks
 2019-11-09 09:57:23 +01:00
Ziemowit Laski
7a4c4b62f6 [zlaski/pointer-overflow-check] Rename PointerOverflowCheck -> PointerWrapAround. 2019-11-08 14:54:20 -08:00
Ziemowit Laski
f2105867a8 [zlaski/pointer-overflow-check] Enhance qhelp and test case. 2019-11-08 14:36:33 -08:00
Robert Marsh
64b34ad975 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-08 14:06:36 -08:00
Robert Marsh
1dc0cb89d0 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-08 12:47:27 -08:00
Robert Marsh
b812a0338d Merge pull request #2268 from dave-bartolomeo/dbartol/StringLiteralAlias 
C++/C#: Treat string literals like read-only global variables for alias purposes
 2019-11-08 12:43:57 -08:00
Robert Marsh
7e8a67a046 Merge branch 'master' into rdmarsh/cpp/hasGlobalOrStdName 2019-11-08 11:33:35 -08:00
Dave Bartolomeo
c365b2f2f0 Merge from master 
Resolve conflicts in test output
 2019-11-08 10:42:29 -07:00
Dave Bartolomeo
2b89139d5f Merge pull request #2269 from rdmarsh2/rdmarsh/cpp/uninit-string-initializers 
C++: uninit instr for string literal initializers
 2019-11-08 10:33:57 -07:00
Calum Grant
9715d8849a C#: Disable a CIL consistency check that seems to be invalid. 2019-11-08 16:50:51 +00:00
Calum Grant
4e2e64e949 C#: Fix up CallableReturns tests. 2019-11-08 16:42:22 +00:00
Asger F
a2ff4e9494 JS: member -> property 2019-11-08 16:23:59 +00:00
Calum Grant
e12a33d4e0 C#: Disposal tests do not depend on external DLLs. 2019-11-08 16:22:47 +00:00
Asger F
2a473fb9e7 Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:15:08 +00:00
Asger F
4ad03a9061 Update javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:14:53 +00:00
Geoffrey White
58b6fc6bbf CPP: Autoformat. 2019-11-08 16:06:23 +00:00
Taus
7527f13443 Merge pull request #2283 from RasmusWL/python-fix-python2-specific-tests 
Python: fix python2 specific tests
 2019-11-08 17:03:54 +01:00
Geoffrey White
983a970c36 CPP: Autoformat. 2019-11-08 15:59:04 +00:00
Asger F
53d470da2f JS: Add syntax examples to DataFlow classes 2019-11-08 15:51:26 +00:00
Calum Grant
d64c244257 C#: Fix test for AspLine. 2019-11-08 15:48:56 +00:00
Geoffrey White
d434f909a5 CPP: Correct change note. 2019-11-08 15:10:44 +00:00
Geoffrey White
b4fb98dc7c CPP: Fix comments. 2019-11-08 15:10:13 +00:00
Geoffrey White
821d5061a7 CPP: Correct the tests. 2019-11-08 15:10:13 +00:00
Geoffrey White
73b55f019d CPP: Autoformat. 2019-11-08 15:10:13 +00:00
Geoffrey White
0063fa2974 CPP: Change note. 2019-11-08 15:10:13 +00:00
Geoffrey White
cd3bccf73a CPP: Fix FPs. 2019-11-08 15:09:46 +00:00
Geoffrey White
1cf4449314 CPP: Test for NonConstantFormat with multiple definitons. 2019-11-08 15:09:45 +00:00
Geoffrey White
144cda7dd9 CPP: Test for WrongTypeFormatArguments with multiple definitions. 2019-11-08 15:09:45 +00:00
semmle-qlci
9986de87c4 Merge pull request #2284 from shati-patel/ql-codeql-1 
Approved by jf205
 2019-11-08 14:37:26 +00:00
semmle-qlci
d9c7549dbe Merge pull request #2279 from max-schaefer/js/touchstone-files 
Approved by asger-semmle
 2019-11-08 14:33:23 +00:00
shati-patel
fe654a9c99 update to match support page 2019-11-08 14:32:59 +00:00
shati-patel
3f51260fb4 Docs: Update sidebar 2019-11-08 14:04:44 +00:00
Esben Sparre Andreasen
9b346b1d52 Merge pull request #2260 from max-schaefer/js/_min 
JavaScript: Classify files with names ending in `_min` as minified.
 2019-11-08 13:52:33 +01:00
Rasmus Wriedt Larsen
358964b1e2 Python: Accept changes in Python 2 specific six tests 
We don't use a locked-down version of six, so some internal things probably
changed from the version used last time, and the versoin I have installed.

Long term fix would be to use a specific version of six for tests!
 2019-11-08 13:49:52 +01:00