hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Faten Healy
826fc0a630 Update BrokenCryptoAlgorithm - Blowfish to AES 2020-09-13 21:04:07 +10:00
Asger Feldthaus
1d92cbb655 JS: Bump extractor version string 2020-09-12 09:22:12 +01:00
Taus Brock-Nannestad
e0f5b208da Python: Fix broken test of global typetracker flow 
The missing `global g` annotation meant `g = x` was interpreted as a
local assignment.
 2020-09-11 18:17:25 +02:00
lcartey@github.com
eb5782d908 C++: Support customizable ranges for RangeSsaDefinitions. 2020-09-11 17:12:10 +01:00
Geoffrey White
b404a339a4 C++: Correct isQualifierObject -> isQualifierAddress. 2020-09-11 16:15:47 +01:00
Jonas Jensen
fee7ce6c7f Merge pull request #4221 from rajivshah3/fix/cpp-av-32-include 
C++: Allow .inc files to be included
 2020-09-11 16:53:43 +02:00
Geoffrey White
d3ca140eeb C++: Account for pointer / reference parameters to operator<<. 2020-09-11 15:20:54 +01:00
Rasmus Lerchedahl Petersen
0eb8b6c7b0 Python: Address review 2020-09-11 14:24:49 +02:00
Calum Grant
3414063f2e Update change-notes/1.25/analysis-python.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2020-09-11 13:16:26 +01:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Jonas Jensen
172becd67f Merge pull request #4250 from lcartey/cpp/expose-getdefbounds 
C++: Expose getDef(Upper|Lower)Bound as an internal predicate.
 2020-09-11 13:26:08 +02:00
Mathias Vorreiter Pedersen
2d57abdcbe Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-11 12:47:29 +02:00
Geoffrey White
d648150322 C++: Autoformat. 2020-09-11 11:14:58 +01:00
Geoffrey White
dd53e3fe65 C++: Fix data flow to return value. 2020-09-11 11:14:58 +01:00
Geoffrey White
597757d76f C++: Model std::stringstream put and write. 2020-09-11 11:14:57 +01:00
Geoffrey White
66a5c38eef C++: Model std::stringstream constructor. 2020-09-11 11:14:57 +01:00
Jonas Jensen
ad11f76ec6 C++: Always normalize bounds after a computation 
This stops some cases of `-0.0` from propagating through the range
analysis, fixing a false positive on arvidn/libtorrent.

There seems to be no need for a corresponding change in the caller of
`getDefLowerBoundsImpl` since that predicate only contains computations
that cannot introduce negative zero.
 2020-09-11 11:59:00 +02:00
Rasmus Lerchedahl Petersen
5dbb4af5b5 Python: Implement BarrierGuard 2020-09-11 11:55:51 +02:00
Jonas Jensen
0c8e06ba68 C++: Tests for -0.0 in range analysis 2020-09-11 11:52:39 +02:00
Tom Hvitved
6c5b30d2a4 C#: Update CIL consistency test 2020-09-11 11:49:07 +02:00
Tom Hvitved
f225a17639 C#: Even more reflection for retrieving meta data handle 2020-09-11 11:49:07 +02:00
lcartey@github.com
65d48a32b8 C++: Expose getDef(Upper|Lower)Bound as an internal predicate. 2020-09-11 09:49:18 +01:00
Tamas Vajk
d60b7c7297 C#: Improve empty collection check to not report on collections with property writes 2020-09-11 10:46:34 +02:00
Mathias Vorreiter Pedersen
ff09104089 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-11 09:25:50 +02:00
Mathias Vorreiter Pedersen
399da6837a Merge pull request #4227 from jbj/SimpleRangeAnalysis-NotExpr 
C++: Support `(bool)x` and `!x` in SimpleRangeAnalysis
 2020-09-11 08:59:03 +02:00
Bas van Schaik
31495b876e Python script to generate lists of code scanning queries in CSV format (#4177) 
* Create a PowerShell script that can be used to report on the set of queries inside of a particular QL Suite.
* Translate PowerShell script into Python
* support running this script from anywhere within the CodeQL git repo
* print non-fatal error if metadata is not available
* make sure warning about missing pack is printed to stderr
* only run on pushes against main and rcs
* detect repo by checking remote, rather than first SHA
* specify full sha of dsaltares/fetch-gh-release-asset
* trigger workflow on PR that modifies paths of interest

Co-authored-by: Justin Hutchings <jhutchings1@users.noreply.github.com>
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2020-09-10 12:25:02 -07:00
Rasmus Wriedt Larsen
52d8f7d395 Merge pull request #4235 from yoff/SharedDataflow_UseUseFlow 
Python: Port use-use implementation from Java
 2020-09-10 16:12:28 +02:00
Rasmus Lerchedahl Petersen
92e7a5676d Python: Address review comments 2020-09-10 15:17:30 +02:00
yoff
3a19b1e7fd Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-10 15:06:06 +02:00
Tom Hvitved
2cc635f7e0 C#: Add DB upgrade script 2020-09-10 14:09:40 +02:00
Tom Hvitved
01e766c745 C#: Disable uniqueness constraint from explicitly_implements 
The documentation on `ExplicitInterfaceImplementations` says "Properties
imported from metadata can explicitly implement more than one property", so
the constraint appears to be invalid.
 2020-09-10 14:05:37 +02:00
Tamas Vajk
643a8b57c3 C#: Explicitly handle underlying tuple types 2020-09-10 14:05:37 +02:00
Tamas Vajk
221b92de04 C#: upgrade Roslyn dependencies to version 3.7 2020-09-10 13:53:39 +02:00
Rasmus Wriedt Larsen
fb3060dc3d Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches 
This should not change anything in regards to correctness overall -- what we
really care about is `varBlockStep`, and that checks `varOccursInBlock(v, b2)`.
However, the comment is a bit easier to read together with the code
now (and probably also gives slightly smaller predicate result size).
 2020-09-10 13:47:36 +02:00
Rasmus Wriedt Larsen
949b81b07c Python: Add dataflow tests for dynamic tuple creation 
Inspired by the FP-report in https://github.com/github/codeql/issues/4239
 2020-09-10 13:44:48 +02:00
Rasmus Wriedt Larsen
f716f9690b Merge pull request #4132 from yoff/SharedDataflow_NestedComprehensions 
Python: Shared dataflow, nested comprehensions
 2020-09-10 13:28:04 +02:00
Tom Hvitved
a9f322e6c3 Merge pull request #4241 from hvitved/csharp/autobuild-cmd-exit-code 
C#: Correctly propagate exit code in `autobuild.cmd`
 2020-09-10 12:43:43 +02:00
Tom Hvitved
2a3d0072d2 Merge pull request #4242 from hvitved/csharp/fix-failing-windows-tests 
C#: Fix broken auto-builder tests on Windows
 2020-09-10 12:39:01 +02:00
Geoffrey White
fed973f9c4 Merge pull request #4229 from MathiasVP/mathiasvp/make_shared_make_unique-models 
C++: Add taint models for std::make_unique and std::make_shared
 2020-09-10 10:46:30 +01:00
Geoffrey White
34a03ec523 Merge pull request #4213 from rdmarsh2/rdmarsh2/cpp/explicit-conversion-perf 
C++: Improve performance of getExplicitlyConverted
 2020-09-10 10:33:16 +01:00
Tom Hvitved
9629f1c2f4 C#: Also propagate exit code in pre-finalize.cmd 2020-09-10 11:09:38 +02:00
Rasmus Lerchedahl Petersen
2eb8ea85fb Python: update test expectations 2020-09-10 10:59:26 +02:00
Rasmus Lerchedahl Petersen
deb1a4ceb9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_UseUseFlow 2020-09-10 10:55:34 +02:00
Tom Hvitved
fcf39eaac1 C#: Fix broken auto-builder tests on Windows 2020-09-10 10:46:39 +02:00
Erik Krogh Kristensen
88bbc2f1f4 add change note 2020-09-10 10:39:04 +02:00
Tom Hvitved
a32db3de4b Simplify exit code logic 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2020-09-10 10:22:02 +02:00
Rasmus Lerchedahl Petersen
50cc5d58e9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-09-10 10:20:55 +02:00
Tom Hvitved
4cc1e4d1f1 C#: Correctly propagate exit code in autobuild.cmd 2020-09-10 10:01:43 +02:00
Max Schaefer
b71a8e2ad0 JavaScript: Expose an API-graph predicate that is useful for flow summaries. 2020-09-10 08:44:06 +01:00
Tom Hvitved
c45743588c Merge pull request #4237 from hvitved/csharp/autobuilder/nuget 
C#: Download nuget.exe in auto-builder if it does not exist
 2020-09-10 08:43:39 +02:00