hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 21:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,687 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
4e6216379d Merge pull request #1935 from AndreiDiaconu1/ircsharp-forinitfix 
C# IR: Fix for init
 2019-09-16 16:24:30 +01:00
AndreiDiaconu1
43accd37e1 Address PR comments 2019-09-16 15:42:45 +01:00
Max Schaefer
df739e0fca JavaScript: Fix performance regression in IncorrectSuffixCheck. 2019-09-16 15:25:17 +01:00
Calum Grant
8eeded5982 C#: Handle nameof(A.B) where A.B is a nested namespace. 2019-09-16 15:12:10 +01:00
AndreiDiaconu1
fcb3d99351 C# IR: Fix for init 2019-09-16 11:57:37 +01:00
semmle-qlci
e6b748a8e7 Merge pull request #1875 from esben-semmle/js/blacklist-more-hardcoded-passwords 
Approved by xiemaisi
 2019-09-16 10:57:35 +01:00
Tom Hvitved
4f897b2628 C#: Address review comments 2019-09-16 10:45:37 +02:00
Esben Sparre Andreasen
a5645e168a JS: exclude keys from whitelist 2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen
c9d31e90fe JS: add change notes 2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen
0e2d2f8662 JS: whitelist some hardcoded dummy-passwords in two queries 2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen
aa3f4a7048 JS: change passwords in tests 2019-09-16 10:09:59 +02:00
jf205
526c123016 Merge pull request #1931 from shati-patel/docs/ql-lexer 
Docs/QL lexer: Require whitespace character after annotation
 2019-09-14 07:00:31 +01:00
Dave Bartolomeo
553238a9e8 Merge pull request #1922 from jbj/qlcfg-const-pointer-to-member 
C++: Add PointerToFieldLiteral class
 2019-09-13 10:44:52 -07:00
Shati Patel
9187db585c QL lexer: Require whitespace character after annotation 2019-09-13 16:13:13 +01:00
shati-patel
fd4709d43a Merge pull request #1930 from jf205/js-links-122 
docs: update some links in a couple of javascript topics
 2019-09-13 15:58:23 +01:00
Asger F
a8e8ae868a JS: Update extractor version string 2019-09-13 15:48:31 +01:00
Asger F
173f32d2ba JS: Recognize 'require' calls in more cases 2019-09-13 15:48:31 +01:00
Asger F
3b7ecd5ccf JS: Add NumModules metric 2019-09-13 15:48:31 +01:00
Max Schaefer
fa4db5a841 JavaScript: Fix link to restify in library tutorial. 
(cherry picked from commit af24d125388ed89dcd364697d955026a1f46fd33)
 2019-09-13 15:28:21 +01:00
Max Schaefer
f1588b2622 JavaScript: Fix description of call graphs. 
(cherry picked from commit 2817cf060f6a506ee51a0296b3745e7406fc7cfc)
 2019-09-13 15:28:21 +01:00
james
ffa370a8ad docs: fix broken links in js topics 
(cherry picked from commit e8f867204d)
 2019-09-13 15:28:20 +01:00
semmle-qlci
82097f63ac Merge pull request #1903 from jf205/js-links 
Approved by asger-semmle
 2019-09-13 15:25:02 +01:00
Erik Krogh Kristensen
9dc9adda64 fix capitalization in test case 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen
3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:52:11 +01:00
Jonas Jensen
7cfbe88e7b C++: IR DataFlow::Node.toString consistency 
The `toString` for IR data-flow nodes are now similar to AST data-flow
nodes. This should make it easier to use the IR as a drop-in replacement
in the future. There are still differences because the IR data flow
library takes conversions into account.

I did not attempt to align the new nodes we use for field flow. That can
come later, when we add field flow to IR data flow.
 2019-09-13 14:33:31 +02:00
Jonas Jensen
562bffe710 C++: Simplify toString of ImplicitParameterNode 
This string looked out of place compared to `ExplicitParameterNode`,
whose string is simply the name of the parameter and therefore
indistinguishable from an access to the parameter without looking at the
location also. This has not been a problem so far, and if we want to
distinguish more clearly between initial values and accesses at some
point, we should do it for `ExplicitParameterNode` and
`UninitializedNode` too.
 2019-09-13 14:33:26 +02:00
Erik Krogh Kristensen
c4f27ed4cc rename TaintedLength to LoopBoundInjection 2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen
673e883c21 use superscript to denote the size of the tainted object 2019-09-13 11:00:11 +01:00
semmle-qlci
d0d3882121 Merge pull request #1919 from esben-semmle/js/fixup-1 
Approved by asger-semmle, xiemaisi
 2019-09-13 10:40:38 +01:00
semmle-qlci
1313821a25 Merge pull request #1904 from erik-semmle/passportModel 
Approved by asger-semmle, esben-semmle
 2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Tom Hvitved
f5cae9b6ea Merge pull request #1881 from aschackmull/java/pathgraph-nodes 
Java/C++/C#: Add nodes predicate to PathGraph.
 2019-09-13 10:32:47 +02:00
Dave Bartolomeo
e8cf3f876e Merge pull request #1660 from zlaski-semmle/zlaski/builtin-va-list 
Add a `__builtin_va_list` type, to complement `__builtin_va_*`
 2019-09-12 14:04:55 -07:00
Dave Bartolomeo
9072f6231f Merge pull request #1928 from jbj/autoformat-ssa 
C++: Autoformat IR SSA files
 2019-09-12 14:03:20 -07:00
zlaski-semmle
45640395a9 Merge pull request #1803 from geoffw0/qldoceg9 
CPP: Add syntax examples to QLDoc in Variable.qll
 2019-09-12 12:32:58 -07:00
Robert Marsh
7f6108259e Merge pull request #1927 from jbj/instructionNode 
C++: Add DataFlow::instructionNode
 2019-09-12 12:06:01 -07:00
Rebecca Valentine
f503e042fc Merge pull request #1877 from taus-semmle/python-modernise-non-iterator-query 
Python: Modernise the `py/non-iterable-in-for-loop` query.
 2019-09-12 11:14:40 -07:00
Calum Grant
b7db15646c Merge pull request #1858 from AndreiDiaconu1/ircsharp-continue 
C# IR: Add support for `ContinueStmt`
 2019-09-12 17:37:01 +01:00
Erik Krogh Kristensen
c2efb0afe7 two tiny qldoc changes 2019-09-12 16:58:07 +01:00
Erik Krogh Kristensen
119b1ffb80 changes based on review from max 2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen
dc891dc420 added js/loop-bound-injection to javascript security suite 2019-09-12 15:50:50 +01:00
Erik Krogh Kristensen
17a71a97c5 add loop-bound-injection to change-notes 2019-09-12 15:28:14 +01:00
Erik Krogh Kristensen
3d359bc8dc Merge remote-tracking branch 'upstream/master' into taintedLength 2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen
30f1bcf5bc updated query ID and expected output 2019-09-12 15:24:33 +01:00
Jonas Jensen
0c092e21b0 C++: Autoformat IR SSA files 
One autoformat omission had also slipped into
`DefaultTaintTracking.qll`.
 2019-09-12 15:45:08 +02:00
Jonas Jensen
10270cb36d C++: Turn a comment into QLDoc 2019-09-12 15:44:04 +02:00
AndreiDiaconu1
e55f16d990 Fix comment 2019-09-12 13:57:28 +01:00
AndreiDiaconu1
91fdfd48e5 Fixed CP problem 2019-09-12 13:09:49 +01:00
Jonas Jensen
c7e6081079 C++: Add DataFlow::instructionNode 
This is for symmetry with `exprNode` etc., and it should be handy for
the same reasons. I found one caller of `asInstruction` that got simpler
by using the new predicate instead.
 2019-09-12 11:44:17 +02:00
Tom Hvitved
5070270605 C#: Fix CFG for nested finally blocks 2019-09-12 11:44:04 +02:00