hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 06:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,684 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
7bbe39ef01 Python: Don't report uninitialized locals in unreachable code. 2019-06-25 15:52:48 +01:00
Geoffrey White
bc5fb24371 CPP: Correct overuse of 'matches'. 2019-06-25 15:13:38 +01:00
Geoffrey White
ab543aa0eb CPP: QLDoc pass. 2019-06-25 15:12:27 +01:00
Geoffrey White
627fba81ce CPP: Improve wording of UnsafeArrayForDAysOfYear.ql. 2019-06-25 14:42:18 +01:00
Geoffrey White
db6e2904a8 CPP: Simplify to 'CrementOperation'. 2019-06-25 14:17:20 +01:00
Geoffrey White
51caee67b0 CPP: Update comment so that it no longer contains (incorrect) line numbers. 2019-06-25 14:15:09 +01:00
Asger F
aa4d28028e JS: Add test 2019-06-25 14:15:06 +01:00
Geoffrey White
fa1347f7ef CPP: Remove security tags that haven't been justified. 2019-06-25 14:11:56 +01:00
Asger F
71100bb68a JS: Do not require predecessor to be a SourceNode 2019-06-25 14:03:57 +01:00
Jonas Jensen
d2f8029625 Merge pull request #1492 from geoffw0/exprnoeffectweak 
CPP: Fix for 'Expression has no effect' on calls to weak functions
 2019-06-25 10:58:28 +02:00
Jonas Jensen
de65dc5501 Merge pull request #1490 from geoffw0/leapyeararith 
CPP: Improvements to LeapYear.qll
 2019-06-25 10:46:12 +02:00
Max Schaefer
0fa41f7a21 Merge pull request #1493 from chrisgavin/owasp-cheat-sheet 
JavaScript: Update link to the OWASP XSS prevetion cheat sheet.
 2019-06-24 16:09:02 -07:00
Chris Gavin
bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Geoffrey White
6800abdf23 CPP: Change note. 2019-06-24 22:07:55 +01:00
Geoffrey White
9a0645ac0b CPP: Calls to weak functions should be considered impure. 2019-06-24 22:04:12 +01:00
Geoffrey White
aee2af7ca1 CPP: Add a test of ExprHasNoEffect.ql with a call to a 'weak' function. 2019-06-24 22:01:46 +01:00
Taus
a254a84cca Merge pull request #1489 from markshannon/python-fix-nested-import-stars 
Python: fix nested import stars
 2019-06-24 17:37:20 +02:00
Geoffrey White
562141759a CPP: Autoformat LeapYear.qll. 2019-06-24 15:20:24 +01:00
Mark Shannon
9bf67e19c2 Python points-to: Fix up some oddities with nested from ... import *. 2019-06-24 15:20:15 +01:00
Geoffrey White
69533a7fd3 CPP: Clean up duplication in Adding365DaysPerYear.ql. 2019-06-24 15:18:29 +01:00
Mark Shannon
a917019915 Python: Add failing tests for undefined variable as value and nested 'from import *'. 2019-06-24 14:54:25 +01:00
Geoffrey White
7fca220eda CPP: Fix UncheckedLeapYearAfterYearModification FPs. 2019-06-24 11:21:48 +01:00
Esben Sparre Andreasen
4f9a7d0b71 JS: updated expected output for different SnakeYaml version 2019-06-24 09:24:12 +02:00
Asger F
207ed1e14a JS: Add query for measuring call graph quality 2019-06-24 01:01:13 +01:00
Max Schaefer
a417884173 JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-23 21:56:02 +02:00
Geoffrey White
cff3f9bdaf CPP: Add another test case based on a real world case. 2019-06-21 17:43:17 +01:00
Mark Shannon
9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Geoffrey White
b1f6294083 CPP: Add a test case where a date is created. 2019-06-21 14:32:44 +01:00
Esben Sparre Andreasen
6885b5cf1f JS: fix yaml StringIndexOutOfBoundsException 2019-06-21 15:18:56 +02:00
Taus
1c91b926a8 Merge pull request #1482 from markshannon/python-fix-odasa-7104 
Backport #1407 to rc/1.21
 2019-06-21 15:05:32 +02:00
Taus
927d72414b Merge pull request #1483 from markshannon/merge-121 
Merge rc/1.21 into master
 2019-06-21 14:11:07 +02:00
Mark Shannon
a5f741e504 Python: Use aggressive dead-code elimination when pruning. 2019-06-21 13:03:36 +01:00
Geoffrey White
09b33bc1a7 CPP: Adjust file name case for consistency. 2019-06-21 12:53:04 +01:00
Geoffrey White
1a7269b206 CPP: Rename the test subdirectories. 2019-06-21 12:51:25 +01:00
semmle-qlci
59dd3b2fb7 Merge pull request #1477 from asger-semmle/ts-debug-failure-in-tsconfig 
Approved by xiemaisi
 2019-06-21 12:45:13 +01:00
Taus
832abc7835 Merge pull request #1473 from markshannon/python-points-to-more-unknowns 
Python: Fix getOperand for 'not' node and make sure it can only point-to a boolean.
 2019-06-21 11:03:23 +02:00
Mark Shannon
26f870bc7f Merge branch 'rc/1.21' into master 2019-06-21 09:52:44 +01:00
Mark Shannon
bbf25f3a23 Python points-to. If __all__ is overly complex, treat all 'public' symbols as exported. 2019-06-21 09:47:50 +01:00
semmle-qlci
4d779026d2 Merge pull request #1479 from xiemaisi/js/remove-circularity 
Approved by asger-semmle
 2019-06-21 09:03:13 +01:00
semmle-qlci
eccf153d86 Merge pull request #1481 from xiemaisi/js/fix-yaml-extractor-npe 
Approved by asger-semmle
 2019-06-20 21:10:22 +01:00
Max Schaefer
4370f25b32 JavaScript: Remove dependency of module import on globalVarRef. 2019-06-20 21:08:34 +01:00
Max Schaefer
544a55dd0e JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-20 17:04:47 +01:00
Jonas Jensen
cace411974 C++: NonConstantFormat taint only for string types 
To speed up the taint analysis in `NonConstantFormat.ql` and to remove
FPs that were due to taint spreading from `i` to `a[i]`, this commit
stops the taint tracking in `NonConstantFormat.ql` at every node that
could not possibly contain a string.

I tested performance on Wireshark, and it's fine. Pulling out the
`isSanitizerNode` prevented `isSanitizer` from turning into four
half-slow RA predicates due to both CPE and `#antijoin_rhs`
transformations happening.
 2019-06-20 15:39:47 +02:00
Jonas Jensen
364100f043 Merge pull request #1480 from geoffw0/time 
CPP: Speed up StructWithExactEraDate.ql
 2019-06-20 15:27:52 +02:00
Taus
524a184fdb Merge pull request #1478 from markshannon/python-loop-unrolling-prepare 
Python : Prepare for loop unrolling in extractor
 2019-06-20 15:01:54 +02:00
Jonas Jensen
e99c68885c C++: Demonstrate ArrayExpr FP 2019-06-20 14:00:42 +02:00
Geoffrey White
0e69063e3c CPP: Restore the query precision. 2019-06-20 12:39:16 +01:00
Geoffrey White
936afadc43 CPP: Speed up StructWithExactEraDate.ql. 2019-06-20 12:21:06 +01:00
Ellen Arteca
99c32f08fb JavaScript: Recognize imports from TypeScript type annotations 2019-06-20 10:45:30 +01:00
Mark Shannon
eb23c11142 Python: Fix ForNode class to support loop unrolling. 2019-06-20 10:41:55 +01:00