hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
a19963e9b7 Merge pull request #3930 from erik-krogh/fastProp 
Approved by esbena
 2020-08-17 13:42:12 +01:00
Erik Krogh Kristensen
6f28ddf1f8 proper support for this inside a JSX-name 2020-08-17 14:23:42 +02:00
Rasmus Lerchedahl Petersen
8eacef3467 Python: Add QL doc 2020-08-17 12:01:36 +02:00
Rasmus Lerchedahl Petersen
676690acb2 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ParsimoniousFlowNodes 2020-08-17 11:42:45 +02:00
Remco Vermeulen
894b3f2cd4 Add or change qldocs 2020-08-17 11:40:08 +02:00
Rasmus Lerchedahl Petersen
bfdb580206 Python: Experiemntal cleanup strategy 2020-08-17 11:37:52 +02:00
Jonas Jensen
edc5e5fbcf C++: Simplify defDependsOnDef for AssignOperation 
These cases were unnecessarily transitive. There is no need for
`defDependsOnDef` to be transitive since that's handled in
`defDependsOnDefTransitively`.

The dependency information from the LHS of an `AssignmentOperation` is
now deduced the say way as the information from the RHS: by calling
`exprDependsOnDef`. This should effectively give us the same information
and recursion structure as if the operation (`x += e`) were desugared
(`x = x + e`).
 2020-08-17 11:06:39 +02:00
Remco Vermeulen
8db5c4f2e2 Abstract additional taint step 2020-08-17 10:41:27 +02:00
Tom Hvitved
8876dd51c7 Merge pull request #4079 from hvitved/csharp/xml-data-flow-config 
C#: Use `DataFlow3` instead of `DataFlow2` in `Xml.qll` to avoid overlap
 2020-08-17 10:36:56 +02:00
Remco Vermeulen
518459c0f7 Abstract Xss sanitizer 
Turn the Xss sanitizer into an abstract class to support customizations
and provide a default implementation.
 2020-08-17 10:31:44 +02:00
Tom Hvitved
28a7656813 Merge pull request #4073 from aschackmull/java/move-test 
Java: Temporarily move a qltest.
 2020-08-17 09:08:44 +02:00
ubuntu
8ec91ef0c6 Change polarity predicate isInsecure 2020-08-16 15:23:29 +02:00
ubuntu
5d6e6be4e4 Add query-tests 2020-08-16 15:02:52 +02:00
ubuntu
3e9142bf71 Remove examples 2020-08-16 14:58:37 +02:00
ubuntu
2a322976c6 Changed .qhelp 2020-08-16 14:57:04 +02:00
ubuntu
91d44854c0 Replace class and module name 2020-08-16 14:53:31 +02:00
ubuntu
d4b231b867 Replace regex 2020-08-16 14:48:26 +02:00
ubuntu
e2908026c5 Remove redundancy 2020-08-16 14:41:55 +02:00
Alessio Della Libera
1ba39e4130 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:34:19 +02:00
Alessio Della Libera
05ffd672d7 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:33:38 +02:00
Alessio Della Libera
ab20beba56 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:32:51 +02:00
Alessio Della Libera
bfef84e1b5 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:32:05 +02:00
Alessio Della Libera
a2e9456450 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:31:21 +02:00
Alessio Della Libera
14c8e4ce76 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:30:45 +02:00
Alessio Della Libera
275b8dfda2 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:29:36 +02:00
Alessio Della Libera
9292e3b80e Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:28:39 +02:00
Alessio Della Libera
ab128f7172 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:27:26 +02:00
Alessio Della Libera
40e101de5a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:26:15 +02:00
Alessio Della Libera
97f039af3a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:25:11 +02:00
Alessio Della Libera
fb3ffb895a Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:23:17 +02:00
Alessio Della Libera
e463014759 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:21:56 +02:00
Alessio Della Libera
5cae3005f3 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:20:22 +02:00
Alessio Della Libera
10bd745740 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:18:54 +02:00
Alessio Della Libera
8d26b810ee Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:17:16 +02:00
Alessio Della Libera
0c121062b6 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:54 +02:00
Alessio Della Libera
67fccac8a9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:03 +02:00
Jonas Jensen
768e5190a1 Merge pull request #4080 from geoffw0/split 
C++: Split test file stl.cpp
 2020-08-14 15:59:46 +02:00
Geoffrey White
89c2b6dc4b Merge remote-tracking branch 'upstream/master' into split 2020-08-14 14:03:34 +01:00
Rasmus Lerchedahl Petersen
7ea3fc04c8 Python: adjust test annotation (for after feature) 2020-08-14 14:46:39 +02:00
Rasmus Lerchedahl Petersen
4bc04486cb Python: Annotate tests (as before the new feature) 2020-08-14 14:41:35 +02:00
Tom Hvitved
357109a410 C#: Use DataFlow3 instead of DataFlow2 in Xml.qll to avoid overlap 
`semmle.code.csharp.frameworks.system.Xml` is imported in `LibraryTypeDataFlow.qll`,
and therefore part of the default namespace. This means that the use of `DataFlow2`
inside `Xml.qll` overlaps with some queries. Bumping to `DataFlow3` resolves the issue.
 2020-08-14 14:33:12 +02:00
Rasmus Lerchedahl Petersen
2817602a97 Merge branch 'master' of github.com:github/codeql into SharedDataflow_ParameterTests 2020-08-14 14:27:57 +02:00
Jonas Jensen
fe72b559d3 C++: Range analysis for unsigned AssignMulExpr 
This is essentially a copy-paste job of `AssignAddExpr`, together with
the math from the `UnsignedMulExpr` support.
 2020-08-14 14:19:54 +02:00
Rasmus Lerchedahl Petersen
e808d3033a Python: Add magic to DataFlowCall 2020-08-14 14:19:18 +02:00
CodeQL CI
e9a36b2524 Merge pull request #4062 from tausbn/python-fix-unknown-import-star 
Approved by yoff
 2020-08-14 13:17:45 +01:00
Jonas Jensen
f90d779122 C++: Fix SimpleRangeAnalysis for AssignOperation 
The range analysis wasn't producing useful bounds for `AssignOperation`s
(`+=`, `-=`) unless their RHS involved a variable. This is because a
shortcut was made in the `analyzableDef` predicate, which used to
specify that an analyzable definition was one for which we'd specified
the dependencies. But we can't distinguish between having _no
dependencies_ and having _no specification of the dependencies_.

The fix is to be more explicit about which definitions are analyzable.
To avoid too much repetition I'm still calling out to `analyzableExpr`
in the new code.
 2020-08-14 14:15:58 +02:00
Rasmus Lerchedahl Petersen
4211f7f346 Merge branch 'master' of github.com:github/codeql into MagicMethods 2020-08-14 13:26:27 +02:00
Rasmus Lerchedahl Petersen
360ddc6314 Python: better charPred 2020-08-14 13:25:17 +02:00
Shati Patel
b212af08a6 Docs: Rename default branch 2020-08-14 12:03:00 +01:00
Shati Patel
1d4978aa6e Merge pull request #4046 from jf205/link-quotes-learn-ql 
Learning CodeQL docs: update links to match GitHub docs style
 2020-08-14 11:57:09 +01:00