hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 21:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
5de6da4ee4 Merge pull request #1697 from esben-semmle/js/fix-missing-this-in-method 
Approved by xiemaisi
 2019-08-06 11:38:11 +01:00
Matthew Gretton-Dann
0e50a143af C++: Improve ReturnStackAllocatedMemory query 
Update the ReturnStackAllocatedMmeory query to not give a false positive
for thread_local variables.
 2019-08-06 11:22:32 +01:00
Matthew Gretton-Dann
a733625646 C++: Add Variable.isThreadLocal() 2019-08-06 11:22:26 +01:00
Geoffrey White
de9b936d76 QLDoc tidy up Declaration.qll 
Mostly just adding backticks in QLDoc comments.  I'm trying out the edit-in-github workflow @jbj showed me, which seems like it will be a quicker way to do minor changes like these.
 2019-08-06 10:54:20 +01:00
Tom Hvitved
4774bc969a C#: Apply static CFG splitting limit 
The predicate `maxSplits()` was previously applied dynamically to ensure that
any control flow node would keep track of at most `maxSplits()` number of splits.
However, there was no guarantee that two different copies of the same AST element
wouldn't contain different splits, so in general the number of copies for a given
AST element `e` could be on the order `$\binom{n}{k}c^k$`, where `n` is the total
number of splits that apply to `e`, `k = maxSplits()`, and `c` is a constant.

With this change, the relevant splits for `e` are instead computed statically,
meaning that the order is instead `$c^k$`.
 2019-08-06 11:38:03 +02:00
james
f34fbd72c5 docs: hide nav bar in print view 2019-08-06 10:30:27 +01:00
Calum Grant
2df05090b5 Merge pull request #1685 from hvitved/csharp/dataflow/out-flow-fix 
C#: Fix data flow for `out`/`ref` parameters
 2019-08-06 09:31:17 +01:00
james
cded4a563f docs: a few slide updates 2019-08-06 09:29:52 +01:00
james
f3c0af19f6 docs: tweak css to improve reponsive behaviour 2019-08-06 09:29:52 +01:00
Felicity Chapman
3e987732c1 Merge pull request #1698 from jf205/links 
Docs: Update ql training homepage
 2019-08-06 08:56:43 +01:00
james
6a75d64f87 docs: link update 2019-08-06 08:48:31 +01:00
semmle-qlci
0089ad471b Merge pull request #1696 from xiemaisi/js/ql4ql-fixes 
Approved by asger-semmle
 2019-08-06 08:06:06 +01:00
yh-semmle
9e4405f385 Merge pull request #1688 from aschackmull/java-cookbook/int-literal-value 
Java Cookbook: Slight improvement to the IntegerLiteral pattern.
 2019-08-05 20:37:58 -04:00
Rebecca Valentine
5fdf6a8e11 Merge pull request #1640 from markshannon/python-update-all-taint-tracking-to-use-config 
Python: Update all remaining taint-tracking queries to use configurations
 2019-08-05 14:30:30 -07:00
Rebecca Valentine
9d2061b439 Merge pull request #1669 from markshannon/python-better-handling-unknown-decorators 
Python: Treat the result of calling a missing module member as 'unknown'.
 2019-08-05 14:30:00 -07:00
Ziemowit Laski
f734d7e281 [CPP-387] Incremental progress. 2019-08-05 13:22:20 -07:00
yh-semmle
7e90728c67 Merge pull request #1679 from aschackmull/java/reader-taint 
Java: Adjust taint steps for Reader::read.
 2019-08-05 12:46:12 -04:00
james
62fb745eac docs: address review comments 2019-08-05 15:58:00 +01:00
Max Schaefer
5026a55c25 JavaScript: Fix a Cartesian product. 2019-08-05 15:42:20 +01:00
Max Schaefer
d230921b89 JavaScript: Remove two unused fields. 2019-08-05 15:41:55 +01:00
james
1f076efd5e docs: fix select clause section 2019-08-05 15:40:41 +01:00
james
7ec2c05796 docs: address review comments and fix a few other things 2019-08-05 15:40:41 +01:00
james
0ebc396ed1 docs: expand contributing a query information 2019-08-05 15:40:40 +01:00
Anders Schack-Mulligen
a80cb262fc Java/C++/C#: Elaborate qldoc. 2019-08-05 16:28:25 +02:00
Anders Schack-Mulligen
9ebb83497d Java/C++/C#: Fix small mistake. 2019-08-05 15:34:12 +02:00
Esben Sparre Andreasen
bc2785d143 JS: add missing binding for this in BuiltinServiceCall 2019-08-05 14:10:21 +02:00
Esben Sparre Andreasen
bc296e74a1 JS: generalize internal AngularJS::BuiltinServiceCall to handle calls 2019-08-05 13:59:48 +02:00
Esben Sparre Andreasen
a652f754ee JS: rename internal AngularJS::ServiceMethodCall 2019-08-05 13:56:49 +02:00
Anders Schack-Mulligen
2dc83c539c Java/C++/C#: Sync dataflow. 2019-08-05 12:07:32 +02:00
semmle-qlci
f60af2cfba Merge pull request #1683 from asger-semmle/type-tracking-non-exp 
Approved by xiemaisi
 2019-08-05 11:06:53 +01:00
semmle-qlci
77ae2bc8b7 Merge pull request #1684 from asger-semmle/protopollution-qhelp 
Approved by xiemaisi
 2019-08-05 11:06:34 +01:00
Anders Schack-Mulligen
f8804943ee Java: Change in/out barriers to be explicit in the configuration. 2019-08-05 12:05:12 +02:00
Asger F
8bec2fe7bf JS: Address comments 2019-08-05 10:44:39 +01:00
Calum Grant
3e143093f0 Merge pull request #1475 from hvitved/csharp/remove-file 
C#: Remove unused `PasswordInConfigurationFile.config`
 2019-08-05 10:29:50 +01:00
Anders Schack-Mulligen
15c61b57f7 Java Cookbook: Slight improvement to the IntegerLiteral pattern. 2019-08-05 11:03:30 +02:00
Jonas Jensen
73d8bf38a9 Merge pull request #1680 from aschackmull/cookbook/autoformat 
Cookbook examples: Autoformat
 2019-08-05 10:24:56 +02:00
Esben Sparre Andreasen
c4eb258f5b JS: lower precision of js/conflicting-html-attribute 2019-08-05 09:22:10 +02:00
Luke Cartey
54d01bdeff Merge pull request #1648 from hvitved/csharp/unchecked-return-lambda 
C#: Fix false positives in `cs/unchecked-return-value`
 2019-08-02 21:48:38 -07:00
Ziemowit Laski
0ca6d0c1b9 [CPP-387] Start on Declarations section. 2019-08-02 16:07:55 -07:00
Tom Hvitved
4d58154ff5 C#: Fix data flow for out/ref parameters 2019-08-02 14:25:38 -07:00
Tom Hvitved
04db1bf3f4 C#: Add data flow test for methods with multiple out/ref parameters 2019-08-02 13:46:18 -07:00
Asger F
5397da7579 JS: Handle implicit return in getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
8e1893d0ed JS: Update range analysis to use getImmediatePredecessor 2019-08-02 20:35:22 +01:00
Asger F
9e949d0f44 JS: Add taint step through destructuring for-of loop 2019-08-02 20:35:21 +01:00
Asger F
de3c8bf711 JS: Introduce DataFlow::lvalueNode 2019-08-02 20:35:21 +01:00
Tom Hvitved
b03cf6f34e Merge pull request #1678 from calumgrant/cs/remove-analyzer-NRE 
C#: Remove compilation warning
 2019-08-02 10:38:27 -07:00
semmle-qlci
d4e39a250d Merge pull request #1667 from xiemaisi/js/more-ranges 
Approved by esben-semmle
 2019-08-02 16:46:30 +01:00
Asger F
fcc51a8407 JS: Fix lodash version in proto pollution qhelp 2019-08-02 16:42:36 +01:00
yh-semmle
251d441f6a Merge pull request #1682 from aschackmull/java/hardcoded-credentials-precision 
Java: Improve the precision of java/hardcoded-credential-api-call.
 2019-08-02 11:37:06 -04:00
Asger F
eb543c1ceb JS: Remove experimental warning from type tracking 2019-08-02 16:30:44 +01:00