hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-26 21:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,687 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Jonas Jensen
745e321e3b Merge pull request #1901 from jf205/cpp-links 
docs: fix broken `Expr` links
 2019-09-09 10:38:02 +02:00
Jonas Jensen
10b69358ae C++: Fix flow from this by ref. 2019-09-09 10:36:58 +02:00
Jonas Jensen
08b63d4342 C++: Test to show lack of flow from this by ref. 
The `test_nonMemberSetA` also shows how the lack of flow through `&` is
a problem for non-member getters, but that's addressed on a separate
branch.
 2019-09-09 10:36:11 +02:00
Jonas Jensen
ef96288303 C++: Make PartialDefinitionNode private 
This class is undocumented and exposes implementation details through
its `getPartialDefinition` member. It does not need to be public.
 2019-09-09 10:34:51 +02:00
Esben Sparre Andreasen
2a22471975 JS: address review comments 2019-09-09 10:31:40 +02:00
Tom Hvitved
ef4f954b58 Merge pull request #1797 from jbj/dataflow-TTwo 
C++/C#/Java: data flow AccessPath up to length 2
 2019-09-09 10:28:48 +02:00
james
9437c2d007 docs: fix broken Expr links 2019-09-09 09:25:19 +01:00
Esben Sparre Andreasen
ec58ccc0ec JS: fixup dbscheme in upgrade directory 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
5d6997c1c9 JS: additional extraction metrics cleanup 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
03d38ca54b JS: simplify cache interaction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
6dbe827dd3 JS: add QL classes for the extraction metrics 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
5665cf9328 JS: record metrics during extraction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
7fcde4c130 JS: add extraction metrics to the dbscheme 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
27e36cfe05 JS: apply google-java-format to extractor source code 2019-09-09 09:05:12 +02:00
Jonas Jensen
d51e5212fb Merge remote-tracking branch 'upstream/master' into dataflow-TTwo 
Conflicts:
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/test/library-tests/dataflow/fields/flow.expected
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
 2019-09-08 21:08:43 +02:00
Rebecca Valentine
9eebe00b33 Merge pull request #1869 from taus-semmle/python-fix-typehint-divergence 
Python: Prevent divergence in type-hint analysis. (ODASA-8075)
 2019-09-06 14:33:20 -07:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
AndreiDiaconu1
320cd6b96c More PR fixes 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
765414430d More PR fixes 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
9ecbb4a3f3 More fixes for the PR comments 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
fe3645f26d Fix some PR comments 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
db213bbf80 Fixed sanity checks 
The foreach was erroneously labelling the `True` and `False` edges as backedges.
Added a case for the compiler generated while in the predicate `getInstructionBackEdgeSuccessor/2`
from the file `IRConstruction.qll` so that only the edges from inside the body are labeled as back edges.
 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
46d7b9e3bf Lock stmt 
Added support for the lock stmt
Added a test case and updated the expected output
 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
4dd548bfa2 Foreach stmt 
Addded support for the foreach stmt (for now only the "canonical" desugaring).
Added a test and updated the expected output.
 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
a5ec763035 Delegate creation and call 
Added support for delegate creation and call.
Added a test case and updated the expected output.
 2019-09-06 18:08:03 +01:00
AndreiDiaconu1
331707f3a3 Framework for the translation of compiler elements 
Added a framework for the translation of compiler generated elements, so that the process of adding a new desugaring process is almost mechanical.
The files in `internal` serve as the superclasses for all the compiler generated elements.
The file `Common.qll` captures common patterns for the compiler generated code to improve code sharing (by pattern I mean an element that appears in multiple desugarings). For example the `try...finally` pattern appears in the desugaring process of both the `lock` and the `foreach` stmts, so a class the provides a blueprint for this pattern is exposed. Several other patterns are present.
The expected output has also been updated (after a rebase) and it should be ignored.
 2019-09-06 18:08:03 +01:00
AndreiDiaconu1
80b7512fe2 Initial restructure 
The `raw/internal` folder has been restructured to better enhance code sharing between compiler generated elements and AST generated elements.
The translated calls classes have been refactored to better fit the C# library.
A new folder has been added, `common` that provides blueprints for the classes that deal with translations of calls, declarations, exprs and conditions.
Several `TranslatedX.qll` files have been modified so that they use those blueprint classes.
 2019-09-06 18:08:03 +01:00
Ian Lynagh
4190a53574 C++: Update test output 2019-09-06 17:31:08 +01:00
Ian Lynagh
a32214d41e C++: Resolve all classes 
We used to only resolve top-level classes.
 2019-09-06 17:31:08 +01:00
Felicity Chapman
4952ad5cff Merge pull request #1896 from shati-semmle/vale-typo 
Vale linter: fix typo
 2019-09-06 16:56:22 +01:00
shati-semmle
4d98b4c3a1 Vale linter: fix typo 2019-09-06 16:47:20 +01:00
Calum Grant
3734552081 C#: Add change note for datetime queries. 2019-09-06 16:45:02 +01:00
Calum Grant
f9b99ae245 C#: Adjust date query severity and add precisions. Tidy up tags. 2019-09-06 16:44:29 +01:00
Nick Rolfe
09036a3bdf Merge pull request #1760 from ian-semmle/mangling 
C++: Use mangled names to resolve classes
 2019-09-06 16:38:47 +01:00
Asger F
dfd18a51ee JS: Change note 2019-09-06 16:03:16 +01:00
shati-semmle
486707c90e Merge pull request #1891 from jf205/slide-fixes 
docs: improve slide layout for printing
 2019-09-06 15:52:32 +01:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Asger F
ebd7875cae JS: Add regression test 2019-09-06 15:38:55 +01:00
yh-semmle
79a0a56adf Merge pull request #1890 from aschackmull/java/best-bound-rangeanalysis 
Java: Restrict the output of Range Analysis to the best bounds.
 2019-09-06 10:35:11 -04:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Asger F
f7654d6f1c JS: Add test 2019-09-06 14:42:07 +01:00
james
f78ce146f1 docs: improve slide layout for printing 2019-09-06 14:42:06 +01:00
Anders Schack-Mulligen
6b85fe087a Java: Restrict the output of Range Analysis to the best bounds. 2019-09-06 15:39:46 +02:00
AlexTereshenkov
523d055194 Add a new issue template for false positive in LGTM.com 
Add a new issue template for false positive in LGTM.com
 2019-09-06 14:39:06 +01:00
Calum Grant
d2336dc8cf Merge pull request #1882 from aschackmull/lang/autoformat 
Java/C#/JavaScript: Autoformat
 2019-09-06 14:37:40 +01:00
Asger F
fa95871f46 JS: Add event handler sink to code injection 2019-09-06 14:33:00 +01:00
Jonas Jensen
e4c9dd79ca C++: Hide that IR DataFlow::Node is Instruction 
We haven't come to a conclusion on whether these two types will remain
identical forever. To make sure we're able to change it in the future,
this change makes it impossible to cast between the two types. Callers
must use the `asInstruction` member predicate to convert.
 2019-09-06 15:31:41 +02:00
shati-semmle
434c20f294 Merge pull request #1887 from jf205/slide-fixes 
docs: a couple of slide fixes
 2019-09-06 14:28:14 +01:00
james
ecc2449c1c docs: updated slide background 2019-09-06 14:00:57 +01:00