hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
23a9d0764e Java: Fix range analysis false negative 2020-09-15 12:09:05 +02:00
Mathias Vorreiter Pedersen
1fbb0fbf54 Merge pull request #4266 from geoffw0/cwe190tests 
C++: CWE-190 Tests.
 2020-09-15 12:08:00 +02:00
Tamas Vajk
c66473cb8a Java: Add test for range analysis 2020-09-15 12:07:30 +02:00
Asger Feldthaus
d728c3948c JS: Log the amount of memory passed to TypeScript process 2020-09-15 09:17:42 +01:00
Tom Hvitved
d095d6b56b Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty 
C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty
 2020-09-15 09:30:29 +02:00
Robert Marsh
5f2cafc4f5 C++: Interprocedural iterator flow 2020-09-14 14:36:19 -07:00
Erik Krogh Kristensen
c5b5a4fd55 improve performance of NodeJS::NodeModule::exports 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
c1cb19abd7 add level PreCallGrapSteps to the callgraph 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
f2ecb63e5a add a direct Export step as a PreCallGraphStep 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
29457c52dc add reexported test to PackageExports test 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
61f6580d1e add API in PackageExports.qll for getting a value exported under a name 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
d3653b3030 add support for re-exports using the spread operator for NodeJS exports 2020-09-14 23:28:35 +02:00
Mathias Vorreiter Pedersen
0c14e2b69a C++: Fix annotations in taint.cpp 2020-09-14 23:08:50 +02:00
Mathias Vorreiter Pedersen
3e56db7f83 C++: Make fieldReadStep private 2020-09-14 20:52:55 +02:00
Mathias Vorreiter Pedersen
7cd6137b34 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-14 20:45:06 +02:00
Geoffrey White
6ca9c449af C++: Add a test demonstrating the recent regression. 2020-09-14 17:55:20 +01:00
Rasmus Lerchedahl Petersen
839cd829ce Python: Fix formatting 2020-09-14 18:48:55 +02:00
Taus Brock-Nannestad
3727c48227 Python: Record test changes 
Some of the places where flow has disappeared look a bit suspect, so I
don't consider this to be the final word on these tests.
 2020-09-14 18:12:20 +02:00
Taus Brock-Nannestad
0bb726f21c Python: Fix up merge weirdness 2020-09-14 17:57:45 +02:00
yoff
5efc06da2c Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 17:08:39 +02:00
Rasmus Lerchedahl Petersen
4c02852358 Python: add missing * (and a rename) 2020-09-14 16:56:46 +02:00
Erik Krogh Kristensen
03a3c4f4b2 update expected output 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
f4f96ce04d use new source in client-side-url-redirect test 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
cb7de2714a add onmessage handlers registered using global property as PostMessageEventHandler 2020-09-14 16:50:45 +02:00
Asger F
c106b6777c Merge pull request #4254 from asgerf/js/bump-extractor-version-string 
JS: Bump extractor version string
 2020-09-14 15:17:29 +01:00
Erik Krogh Kristensen
283be19201 add change-note for importScripts 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
6e84ac8e6c add test for importScripts 2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
2e3df74dce add importScripts as a sink for js/client-side-unvalidated-url-redirection 2020-09-14 16:02:34 +02:00
Geoffrey White
22097a9e13 C++: Add some CWE-190 tests I had lying around. 2020-09-14 14:39:02 +01:00
Rasmus Lerchedahl Petersen
ecc5a4a1f6 Python: testIsTrue -> branch 2020-09-14 15:32:03 +02:00
yoff
2a4e28db16 Apply suggestions from code review 
Will make the same renames in the changed code also..

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen
033529e85e Python: avoid creating big predicate 2020-09-14 15:24:46 +02:00
Taus Brock-Nannestad
e197f52b6d Merge branch 'main' into python-add-global-flow-steps 2020-09-14 15:13:07 +02:00
Taus Brock-Nannestad
0b641c5ce9 Python: Update type tracking and strange-essaflow tests 2020-09-14 15:05:16 +02:00
Taus Brock-Nannestad
5fb33c90bc Python: Add ModuleVariableNode to dataflow 2020-09-14 14:57:32 +02:00
Rasmus Lerchedahl Petersen
543876f980 Python: Fix getAGuardedNode 2020-09-14 14:46:15 +02:00
Ian Lynagh
826c40fcac C++: Deprecate Location subclasses 
The main Location class should always be used.
 2020-09-14 13:14:18 +01:00
Tamás Vajk
d21c101c0d Merge pull request #4041 from tamasvajk/feature/update-roslyn 
C#: upgrade Roslyn dependencies to version 3.7
 2020-09-14 13:57:36 +02:00
Tamás Vajk
f5f4b8e25b C#: Enable nullability of Semmle.Extraction.CSharp.Standalone (#4115) 2020-09-14 13:43:57 +02:00
Rasmus Wriedt Larsen
637ea4ad6f Merge pull request #4226 from RasmusWL/python-missing-1.25-change-notes 
Python: Add missing 1.25 change notes
 2020-09-14 13:18:24 +02:00
Tom Hvitved
0fb9dc5bac C#: Adjust caching of tuple types 2020-09-14 11:24:46 +02:00
Geoffrey White
6b035df660 C++: Repair taint flow from previous. 2020-09-14 10:21:43 +01:00
Tom Hvitved
e549377561 C#: Construct File::TransformedPathLazy lazily 
This avoids calling the path transformer for `GeneratedFile`s.
 2020-09-14 11:03:00 +02:00
Tom Hvitved
19746023d9 C#: Tidy code for constructing underlying tuple structs 2020-09-14 10:08:58 +02:00
Erik Krogh Kristensen
6fb534f178 fix catastrophic join order in UnsafeJQueryPlugin 2020-09-14 09:59:48 +02:00
Erik Krogh Kristensen
9502869e3c improve join-order for aliasPropertyPresenceStep 2020-09-14 09:59:22 +02:00
Jonas Jensen
021aa647c1 Merge pull request #4142 from MathiasVP/mathiasvp/read-step-without-memory-operands 
C++: Use IR alias analysis for field flow
 2020-09-14 09:37:27 +02:00
Mathias Vorreiter Pedersen
78b24b76a0 C++: Remove the problematic taint tracking rule. It seems like we get the flows from dataflow already now. 2020-09-14 09:26:41 +02:00
Mathias Vorreiter Pedersen
34a57e2bd4 Merge pull request #4252 from jbj/normalize-bounds 
C++: SimpleRangeAnalysis: Always normalize bounds after a computation
 2020-09-14 09:16:32 +02:00
Faten Healy
6f20516f84 Update broken_crypto.py to AES instead of Blowfish 2020-09-13 21:07:28 +10:00