hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 22:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,684 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
6f6887993c JS: split Xxe.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9d670f7d39 JS: split CleartextStorage.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
013f471cf6 JS: split TaintedPath.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2bb702ceea JS: split SqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2972c28e58 JS: split NosqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
057b18c316 JS: split ServerSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
a89a073623 JS: split FileAccessToHttp.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
efe7ba4f3d JS: split InsecureRandomness.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
b85d3756b0 JS: split DifferentKindsComparisonBypass.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
56172317ed JS: split HardCodedDataInterpretedAsCode.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
d786f36120 JS: split CorsMisconfigurationForCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
1f54f3269d JS: split HttpToFileAccess.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ee6003655a JS: split UnsafeDynamicMethodAccess.qll 2019-07-04 22:42:55 +02:00
Jonas Jensen
2f8787379a Merge pull request #1535 from geoffw0/nospacezero 
CPP: Fix false positives from NoSpaceForZeroTerminator.ql
 2019-07-04 22:36:04 +02:00
Jonas Jensen
8c733fd58d Merge pull request #1537 from geoffw0/add-tests 
CPP: Add some tests
 2019-07-04 21:20:55 +02:00
Jonas Jensen
b51c78a92a Merge pull request #1546 from geoffw0/eraperf 
CPP: Speed up LeapYear.qll 'ChecksForLeapYearFunctionCall'.
 2019-07-04 21:19:34 +02:00
semmle-qlci
0290c79c54 Merge pull request #1486 from hvitved/csharp/inherited-completions 
Approved by calumgrant
 2019-07-04 19:45:25 +01:00
Geoffrey White
1fd08f4e47 CPP: Change note. 2019-07-04 17:27:40 +01:00
Geoffrey White
73c7bc1db9 CPP: Generalize a little. 2019-07-04 17:27:40 +01:00
Geoffrey White
7fc31f263a CPP: Basic fix. 2019-07-04 17:27:40 +01:00
Geoffrey White
34d307ecef CPP: Test a common false positive. 2019-07-04 17:27:40 +01:00
Geoffrey White
8ce6822d6f CPP: Fix format literal. 2019-07-04 16:31:35 +01:00
Taus Brock-Nannestad
d2113f1ced More performance stuff. (Possibly not all needed.) 2019-07-04 17:28:40 +02:00
Geoffrey White
70b996f721 CPP: Speed up LeapYear.qll 'ChecksForLeapYearFunctionCall'. 2019-07-04 15:59:32 +01:00
Tom Hvitved
349e0e8e62 C#: Address more review comments 2019-07-04 16:46:01 +02:00
semmle-qlci
298aa92814 Merge pull request #1543 from xiemaisi/js/reflective-call-flow 
Approved by asger-semmle
 2019-07-04 12:02:24 +01:00
Tom Hvitved
421e75d4c1 C#: Address review comments 2019-07-04 11:57:48 +02:00
Max Schaefer
91a718cfe5 JavaScript: Fix data flow out of reflective calls. 
We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.
 2019-07-04 08:29:04 +01:00
Esben Sparre Andreasen
bb452bea45 JS: split UnsafeDeserialization.qll 2019-07-04 08:39:10 +02:00
Esben Sparre Andreasen
626f3fa598 JS: split ConditionalBypass.qll 2019-07-04 08:33:39 +02:00
semmle-qlci
40f7e6f514 Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash 
Approved by xiemaisi
 2019-07-04 07:19:45 +01:00
semmle-qlci
6cda33c39e Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names 
Approved by xiemaisi
 2019-07-03 16:31:43 +01:00
semmle-qlci
b07a3e6725 Merge pull request #1439 from esben-semmle/js/configuration-node-separation 
Approved by asger-semmle, xiemaisi
 2019-07-03 16:31:10 +01:00
Taus Brock-Nannestad
11ceaf3e3c Fix bad join order in SsaDefinitionsImpl::reachesEndOfBlock. 2019-07-03 16:26:10 +02:00
Pavel Avgustinov
ba4812c4ed Merge pull request #1534 from hvitved/csharp/remove-vcs 
C#: Remove libraries and queries related to version history
 2019-07-03 13:25:15 +01:00
Taus Brock-Nannestad
315dcb8720 Fix performance of multi_assignment_points_to. 2019-07-03 13:17:07 +02:00
Jonas Jensen
2111bf5387 C++ IR: getAnyDef -> getDef in RangeAnalysis 2019-07-03 11:05:06 +02:00
Jonas Jensen
c62f73e2a2 C++ IR: getAnyDef -> getDef in SignAnalysis 
For signs that follow from guards, we want the guard and the guarded
access to overlap exactly.
 2019-07-03 11:05:06 +02:00
Jonas Jensen
a16ed7d613 C++ IR: getAnyDef -> getDef in ValueNumbering 
This change seems more in line with what users would expect.
 2019-07-03 11:05:06 +02:00
Jonas Jensen
2ce8612a05 C++ IR: allow inexact defs in taint tracking 2019-07-03 11:05:06 +02:00
Jonas Jensen
984405be2e C++ IR: Change many uses of getAnyDef to getDef 
This changes all the getters on `Instruction` to use `getDef` instead of
`getAnyDef`, with the result that these getters now only have a result
if the definition is exact.

This is a backwards-INCOMPATIBLE change.
 2019-07-03 11:04:57 +02:00
Jonas Jensen
e082451352 C++ IR: add getDef and deprecated predicates 
These are the hand-written changes that complete the automatic changes
from the previous commit.
- Add deprecated compatibility wrappers for the renamed predicates.
- Add a new `Operand.getDef` predicate.
- Clarify the QLDoc for all these predicates.
 2019-07-03 10:06:48 +02:00
Jonas Jensen
206a96df94 C++ IR: Rename getters for def/use on Operand 
This renames `getDefinitionInstruction` to `getAnyDef`, reflecting that
it includes definitions without exact overlap. It renames
`getUseInstruction` to `getUse` for consistency.

    perl -p -i -e 's/\bgetUseInstruction\b/getUse/g; s/\bgetDefinitionInstruction\b/getAnyDef/g' \
      cpp/ql/src/semmle/code/cpp/ir/**/*.ql* \
      cpp/ql/test/**/*.ql* \
      cpp/ql/src/semmle/code/cpp/rangeanalysis/**/*.ql*
 2019-07-03 10:06:48 +02:00
Jonas Jensen
f8722f978f Merge pull request #1533 from zlaski-semmle/zlaski/cpp370cl 
[CPP-370] Non-const format strings: Add change note for the 1.22 release.
 2019-07-03 09:47:58 +02:00
semmle-qlci
7fbc730b05 Merge pull request #1517 from asger-semmle/instance-type-tracking-final 
Approved by xiemaisi
 2019-07-03 08:26:16 +01:00
semmle-qlci
44823ca46d Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias 
Approved by xiemaisi
 2019-07-03 08:25:50 +01:00
semmle-qlci
02bded38da Merge pull request #1528 from asger-semmle/jsdoc-source-location-fix 
Approved by xiemaisi
 2019-07-03 08:25:19 +01:00
Esben Sparre Andreasen
051c6ca31f JS: split CodeInjection.qll into two parts 2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen
ecf367fa65 JS: bump vulnerable lodash version for prototype pollution 
See https://github.com/lodash/lodash/pull/4336
 2019-07-03 08:18:16 +02:00
Ziemowit Laski
1118601273 [CPP-370] Rework release note per Jonas' suggestions. 2019-07-02 17:37:17 -07:00