hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
b1b1ede6b0 Java: Improve the precision of java/hardcoded-credential-api-call. 2019-08-02 16:50:58 +02:00
Anders Schack-Mulligen
59fb59d109 JavaScript: Autoformat cookbook examples. 2019-08-02 15:33:40 +02:00
Anders Schack-Mulligen
40f2cec0de C#: Autoformat cookbook examples. 2019-08-02 15:30:32 +02:00
Anders Schack-Mulligen
d6e1ba6bed CPP: Autoformat cookbook examples. 2019-08-02 15:29:20 +02:00
Anders Schack-Mulligen
9b74e9c4a4 Java: Autoformat cookbook examples. 2019-08-02 15:27:28 +02:00
Max Schaefer
3daa974255 JavaScript: Rename a test. 
The old test name would cause a compiler warning, which we don't want to include in the expected output.
 2019-08-02 14:05:57 +01:00
semmle-qlci
34cdf7c96b Merge pull request #1677 from xiemaisi/js/flow-summary-fixes 
Approved by esben-semmle
 2019-08-02 14:02:47 +01:00
semmle-qlci
635a8edacc Merge pull request #1676 from xiemaisi/js/more-tests-classification 
Approved by esben-semmle
 2019-08-02 14:02:24 +01:00
Anders Schack-Mulligen
4ffc41277a Java: Adjust taint steps for Reader::read. 2019-08-02 14:21:06 +02:00
Calum Grant
169dbf1be3 C#: Remove rule CA1022, which caused the analyzer to crash, generating a compilation warning (and possibly, instability). 2019-08-02 12:14:03 +01:00
Max Schaefer
e06ed503ec JavaScript: Make flow summaries work for non-taint configurations. 
With flow labels it often makes more sense to use a `DataFlow::Configuration` rather than a `TaintTracking::Configuration`, so flow summaries should support both.
 2019-08-02 11:45:41 +01:00
Max Schaefer
97c0c97b28 JavaScript: Classify __mocks__ and __tests_ as tests. 
These are conventions used by jest: https://jestjs.io/docs/en/manual-mocks#mocking-user-modules.
 2019-08-02 11:15:02 +01:00
Mark Shannon
63f24dfe18 Python: Add some more utility predicates and classes to the new 'Value' API. 2019-08-02 10:50:51 +01:00
Mark Shannon
4a6f385feb Python objects: Add clarify comments on callResult predicates. 2019-08-02 10:10:47 +01:00
semmle-qlci
07b97dcc07 Merge pull request #1672 from asger-semmle/flowlabel-issers 
Approved by xiemaisi
 2019-08-02 10:05:41 +01:00
semmle-qlci
bb4f00d770 Merge pull request #1015 from esben-semmle/js/cli-cli 
Approved by xiemaisi
 2019-08-02 09:57:19 +01:00
semmle-qlci
1b30a25977 Merge pull request #1668 from esben-semmle/js/ignore-mocked-callee-argument-count 
Approved by xiemaisi
 2019-08-02 09:56:52 +01:00
semmle-qlci
108e5bc431 Merge pull request #1675 from hvitved/csharp/xss-path-problem 
Approved by lukecartey
 2019-08-02 04:17:03 +01:00
Ziemowit Laski
94ccc5fa73 [CPP-387] Fill in a few more types. Remove the Superclass column as it is redundant and may lead to documentation inconsistencies. 2019-08-01 16:27:06 -07:00
Tom Hvitved
b7d6165d42 C#: Convert cs/web/xss to a path-problem 2019-08-01 15:58:57 -07:00
Dave Bartolomeo
6370391dbd C++: Add sanity test for definitions that don't dominate their uses. 2019-08-01 15:01:42 -07:00
Ziemowit Laski
4aa9049c47 [CPP-387] Finished declarations, started on types. 2019-08-01 14:51:17 -07:00
Dave Bartolomeo
912679ef8c C++: Two IR fixes 
My original fix in https://github.com/Semmle/ql/pull/1661 fixed my minimal test case, but did not fix the original failure in a Linux snapshot. The real fix is to simply not create a `TranslatedDeclarationEntry` for an extern declaration, and have `TranslatedDeclStmt` skip any such declarations. I've added a regression test for that case (multiple extern declarations with same location in a macro expansion, with control flow between them). I did verify that it generates correct IR, and that it fixes all of the "use not dominated by definition" failures in Linux.

The underlying extractor bug, that caused the above issue also caused PrintAST to print garbage. I've worked around the bug in PrintAST.qll.

I've also fixed a bug in the control flow for `try`/`catch`, where there was missing flow from the `CatchByType` of the last handler of a `try` to the enclosing handler (or `Unwind`). Hat tip to @AndreiDiaconu1 for spotting this bug.
 2019-08-01 14:38:19 -07:00
Rebecca Valentine
40d7f5a332 Merge pull request #1671 from markshannon/python-flask-escape 
Python: Add missing function to flask test stub.
 2019-08-01 11:47:09 -07:00
Asger F
e09c22e67d JS: Add FlowLabel.isData() and .isTaint() 2019-08-01 15:22:51 +01:00
Max Schaefer
3a240b39d9 JavaScript: Address further review comments. 2019-08-01 15:03:53 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Bas van Schaik
c7f45010c5 Remove reference to internal tooling from public repository 2019-08-01 11:02:03 +01:00
Esben Sparre Andreasen
90862fea99 JS: whitelist trivial throwers in js/superfluous-trailing-arguments 2019-08-01 11:49:43 +02:00
Mark Shannon
ebd5829bfb Python: Treat the result of calling a missing module member as 'unknown'. 2019-08-01 10:37:41 +01:00
semmle-qlci
691df0508e Merge pull request #1652 from xiemaisi/js/deprecate-isBarrier/2 
Approved by asger-semmle
 2019-08-01 09:47:04 +01:00
Max Schaefer
4141a98616 JavaScript: Replace Custom* with *::Range. 
The old names are kept as deprecated aliases.
 2019-08-01 09:45:44 +01:00
Anders Schack-Mulligen
1a779179e7 Merge pull request #1666 from yh-semmle/java-xxe-qhelp 
Java: update XXE qhelp with note on processing limits
 2019-08-01 10:01:53 +02:00
Ziemowit Laski
4afd6587e4 [CPP-387] Have almost all expressions done... 2019-07-31 19:57:46 -07:00
zlaski-semmle
2bc66ae553 Merge pull request #1661 from dave-bartolomeo/dave/ExternDeclarations 
C++: Stop generating `NoOp` instructions for declarations of externs
 2019-07-31 19:09:06 -07:00
yh-semmle
dc45ba5627 Java: update XXE qhelp with note on processing limits 2019-07-31 15:45:28 -04:00
Felicity Chapman
d61b5569c5 Merge pull request #1665 from jf205/update-support 
QL docs: update paths to change notes in support project
 2019-07-31 16:53:54 +01:00
james
735a2cbe06 docs: exclude readme from build 2019-07-31 15:42:46 +01:00
james
21e5d8c6b8 docs: update paths to change notes 2019-07-31 15:38:30 +01:00
semmle-qlci
1d806971ed Merge pull request #1634 from aibaars/cookbook 
Approved by aschackmull, dave-bartolomeo, hvitved, markshannon, xiemaisi, yh-semmle
 2019-07-31 14:31:28 +01:00
Felicity Chapman
7123067bd0 Merge pull request #1663 from jf205/vscode-readme 
docs: update readme to mention vscode extension
 2019-07-31 13:52:58 +01:00
james
862f716058 docs: update readme to mention vscode extension 2019-07-31 13:42:58 +01:00
Mark Shannon
5496fa41c8 Python: Add a way to easily specify constant values for in new Value API. 2019-07-31 12:41:51 +01:00
semmle-qlci
4722ec585d Merge pull request #1662 from jf205/add-gitignored 
Approved by asger-semmle
 2019-07-31 12:23:11 +01:00
Max Schaefer
33ea421841 JavaScript: Accept review suggestion. 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-07-31 11:16:18 +01:00
Max Schaefer
785ecafd47 JavaScript: Address review comments. 2019-07-31 11:03:06 +01:00
Nick Rolfe
d83faaf714 Merge pull request #1659 from ian-semmle/getValueText 
C++: Accept changes to getValueText
 2019-07-31 10:59:00 +01:00
jf205
b64ecfb711 Merge pull request #1654 from felicity-semmle/ql-handbook/SD-3691-vale-corrections 
Ql handbook: Corrections for issues found using Vale
 2019-07-31 10:54:42 +01:00
jf205
eec91807c4 Merge pull request #1657 from asger-semmle/js/cheat-sheet 
JS: Add data flow cheat sheet
 2019-07-31 10:44:07 +01:00
Max Schaefer
967a5788b2 JavaScript: Address review comments. 2019-07-31 10:24:33 +01:00