hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 22:02:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,684 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
zlaski-semmle
bc98a80efe Merge pull request #1 from jbj/NonConstantFormat-ArrayExpr 
C++: NonConstantFormat taint only for string types
 2019-06-28 12:03:31 -07:00
yh-semmle
a0dc84010a Merge pull request #1518 from Semmle/rc/1.21 
Merge rc/1.21 into master
 2019-06-28 13:52:18 -04:00
Arthur Baars
af68fd4904 Merge pull request #1408 from calumgrant/cs/suppress-null-expr 
C#: C#8 Nullable expressions and type annotations
 2019-06-28 19:21:46 +02:00
yh-semmle
01028812a9 Merge pull request #1524 from aschackmull/java/dead-lambda 
Java: Don't report lambdas (or other anonymous classes) as dead.
 2019-06-28 10:48:17 -04:00
Arthur Baars
9197c186e1 Drop: ImportAdditionalLibraries.ql 2019-06-28 15:53:07 +02:00
Tom Hvitved
f91e460869 C#: Introduce inherited CFG completions 
When completions are inherited by elements inside `finally` blocks, we previously
threw away the underlying completion. For example, in

```
try
{
    if (b)
        throw new Exception();
}
finally
{
    if (b)
        ...
}
```

the completions for `b` inside the `finally` block are `true` and `throw(Exception)`,
where the latter is inherited from the `try` block, with an underlying `false`
completion. Throwing away the `false` completion meant that we were unable to prune
the `false` edge (Boolean CFG splitting).
 2019-06-28 15:41:49 +02:00
Tom Hvitved
8d7ea2f49f C#: Add CFG test that mixes Boolean/finally/catch splitting 2019-06-28 15:41:49 +02:00
Taus
61a196d2d4 Merge pull request #1523 from markshannon/python-speed-up-get-a-child 
Python speed up calculation of ControlFlowNode.getAChild()
 2019-06-28 15:23:08 +02:00
Calum Grant
8130342062 Merge pull request #1520 from hvitved/csharp/mono-tracing 
C#: Generalize `mono` pattern in tracer config
 2019-06-28 14:21:35 +01:00
Calum Grant
4d383001ac C#: Address review comment 2019-06-28 14:17:16 +01:00
Calum Grant
a5543699b2 Merge pull request #1460 from hvitved/csharp/cfg-last 
C#: Refactor `last` predicate
 2019-06-28 14:13:43 +01:00
Taus
fbe7615258 Merge pull request #1512 from markshannon/python-better-handling-decorators 
Python: Add opaque 'decorated object' object.
 2019-06-28 14:10:49 +02:00
Mark Shannon
8570b4117f Python: Add opaque 'decorated function' for complex decorated functions. Allows finding calls in taint-tracking without contaminating points-to results. 2019-06-28 12:14:10 +01:00
Tom Hvitved
3d4316da1c C#: Address review comments 2019-06-28 13:00:18 +02:00
Anders Schack-Mulligen
a93ecae1ae Java: Don't report lambdas (or other anon classes) as dead. 2019-06-28 12:59:54 +02:00
Taus
8251553771 Merge pull request #1494 from markshannon/python-better-handling-calls-on-edge-of-context 
Python: better handling calls on edge of context
 2019-06-28 12:39:09 +02:00
Mark Shannon
775214e467 Python speed up calculation of ControlFlowNode.getAChild() 2019-06-28 11:19:25 +01:00
Asger F
aff90b1082 TS: Add a missing semicolon 2019-06-28 10:53:33 +01:00
Asger F
f5569b8b58 TS: Avoid infinite recursion in stringifyType 2019-06-28 10:53:33 +01:00
Tom Hvitved
db565c5a88 C#: Remove false positives in cs/constant-condition 2019-06-28 11:50:53 +02:00
Taus
1b98f248e5 Merge branch 'master' into python-better-handling-calls-on-edge-of-context 2019-06-28 11:27:42 +02:00
Max Schaefer
3c3422e221 JavaScript: Refactor unpromoted-candidate queries to no longer rely on tracked nodes. 2019-06-28 10:25:23 +01:00
Tom Hvitved
4da7a17f4b C#: Add more tests for cs/constant-condition 2019-06-28 11:25:18 +02:00
Taus
fad37bd6c9 Merge pull request #1487 from markshannon/python-tuple-assignment-points-to 
Python ESSA dataflow: better handling of tuple unpacking.
 2019-06-28 11:05:03 +02:00
Max Schaefer
ff62c56df1 JavaScript: Replace remaining uses of TrackedExpr with type tracking. 2019-06-28 09:21:41 +01:00
Max Schaefer
b3e8103dce JavaScript: Track flow through property getter functions. 2019-06-28 08:51:27 +01:00
Max Schaefer
1c175cbe71 JavaScript: Rename loadStep to basicLoadStep. 2019-06-28 08:51:27 +01:00
Tom Hvitved
051ec83ae0 C#: Generalize mono pattern in tracer config 2019-06-28 09:16:38 +02:00
yh-semmle
0d4ff2d7fe Merge pull request #1513 from aschackmull/java/whitelist-sha512 
Java: Add SHA512 to the crypto whitelist.
 2019-06-27 19:48:13 -04:00
yh-semmle
0bbc0d966e Merge pull request #1516 from aschackmull/java/http-response-splitting-fp-fix 
Java: Add simple sanitizer for java/http-response-splitting.
 2019-06-27 19:47:48 -04:00
Pavel Avgustinov
da7591d1f6 Merge pull request #1519 from geoffw0/depkind 
CPP: Deprecate Expr.getKind() and Stmt.getKind().
 2019-06-27 19:22:57 +01:00
Jonas Jensen
c29ef904e0 Merge pull request #1498 from rdmarsh2/rdmarsh/exprHasNoEffect-defaulted-functions 
C++: fix FP with ExprHasNoEffect in defaulted func
 2019-06-27 20:10:37 +02:00
Geoffrey White
95ab8cc706 CPP: Add a test of More64BitWaste.ql. 2019-06-27 17:14:46 +01:00
Geoffrey White
5e328908a0 CPP: Modify violation message of NonPortablePrintf.ql for consistency with WrongTypeFormatArguments.ql. 2019-06-27 17:11:37 +01:00
Geoffrey White
5cef0e21c6 CPP: Add a test of NonPortablePrintf.ql. 2019-06-27 16:51:07 +01:00
Taus
2576884667 Merge pull request #1499 from markshannon/python-fix-regex-parsing 
Python regex: Fix handling of character sets.
 2019-06-27 17:49:21 +02:00
Geoffrey White
65bf778b3a CPP: Deprecate Expr.getKind() and Stmt.getKind(). 2019-06-27 16:15:22 +01:00
Mark Shannon
9c2b506f2d Python points-to: Add clarifying comment on internal object predicate. 2019-06-27 16:13:33 +01:00
Calum Grant
2504754e8e C#: Remove use of deprecated predicates. 2019-06-27 15:35:37 +01:00
semmle-qlci
7ff6d8262d Merge pull request #1514 from hvitved/cil/consistency 
Approved by calumgrant
 2019-06-27 15:15:43 +01:00
Taus
c0ff67beb7 Merge pull request #1496 from markshannon/python-uninitial-local-fix 
Python: Don't report uninitialized locals in unreachable code.
 2019-06-27 16:00:07 +02:00
Mark Shannon
fbe20a96dc Python: Add change note for tarslip query. 2019-06-27 14:48:37 +01:00
semmle-qlci
c4cb75eff5 Merge pull request #1508 from xiemaisi/js/fix-MessageEvent-externs 
Approved by asger-semmle
 2019-06-27 14:32:21 +01:00
semmle-qlci
74ad6e87c1 Merge pull request #1509 from hvitved/csharp/rename-queries 
Approved by aibaars, felicity-semmle
v1.21.0 		2019-06-27 13:37:05 +01:00
Anders Schack-Mulligen
85eac80be9 Java: Add simple sanitizer for java/http-response-splitting. 2019-06-27 14:03:48 +02:00
Tom Hvitved
481bf77d5f CIL: Speedup consistency tests 
- Make `InstructionViolation` abstract to avoid computing `getInstructionsUpTo()`
  for all instructions in the database.
- Enable `consistency.ql`, which reports all consistency violations, and remove
  all other specialized tests.
 2019-06-27 13:40:07 +02:00
Anders Schack-Mulligen
93646974a6 Java: Add SHA512 to the crypto whitelist. 2019-06-27 13:38:04 +02:00
Asger F
8f4228b7c3 JS: Ignore RemoteFlowSource case due to bad join ordering 2019-06-27 12:23:07 +01:00
Anders Schack-Mulligen
a583f000c1 Java: Fix tests. 2019-06-27 13:20:03 +02:00
semmle-qlci
44bd540c44 Merge pull request #1495 from asger-semmle/array-taint-step 
Approved by xiemaisi
 2019-06-27 12:16:17 +01:00