hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 23:44:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Mathias Vorreiter Pedersen
b48fe6ac32 Merge pull request #3123 from jbj/dataflow-indirect-args 
C++: Wire up param/arg indirections in data flow
 2020-06-04 09:38:57 +02:00
Dave Bartolomeo
cb2370cc7d C++/C#: Fix formatting 2020-06-04 02:36:51 -04:00
Jonas Jensen
df96f8e4e8 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 2020-06-04 08:20:00 +02:00
Dave Bartolomeo
a409b9d451 Merge remote-tracking branch 'github/master' into github/codeql-c-analysis-team/69_union 2020-06-03 16:10:22 -04:00
Dave Bartolomeo
15f41c0107 C++/C#: Remove dead QL code 2020-06-03 15:42:30 -04:00
yo-h
5cdc29e49a Merge pull request #3607 from aschackmull/java/array-instanceof-typeflow 
Java: Add instanceof type bounds for ArrayAccess.
 2020-06-03 15:29:37 -04:00
Dave Bartolomeo
a18eba2c4c Allow missing files in sync-files --latest 
When running `sync-files` (or `sync-identical-files`) with the `--latest` switch, if one or more of the files in a group does not exist, the script will crash. This happens all the time when I add a new group, or add a new file path in an existing group. This has bothered me for a long time, so I finally fixed it when I ran into it again today.

I've changed the script as follows:
- If _none_ of the paths in the group exist, print an error message listing the paths in the group. This happens with or without `--latest`.
- If `--latest` is specified, copy the master file to the paths of the missing files.
 2020-06-03 14:53:31 -04:00
Tom Hvitved
9e7ca25732 C#: Add call-sensitivity to data-flow call resolution 2020-06-03 20:43:49 +02:00
Dave Bartolomeo
bbadf4b4bb C#: Port TInstruction-sharing support from C++ 
This updates C#'s IR to share `TInstruction` across stages the same way C++ does. The only interesting part is that, since we have not yet ported full alias analysis to C#, I stubbed out the required parts of the aliased SSA interface in `AliasedSSAStub.qll`.
 2020-06-03 13:52:19 -04:00
Dave Bartolomeo
e65a5c921e C++: Add missing QLDoc 2020-06-03 13:49:14 -04:00
Alexander Eyers-Taylor
5dd1b1d1a9 QL Specification: Fix mistake in dispatch computation 2020-06-03 18:38:00 +01:00
Dave Bartolomeo
f93c2e4e64 C++: Remove resultType from the IPA constructors for TInstruction 
Making these part of the IPA object identity changes the failure mode for cases where we assign multiple result types to an instruction. Previously, we would just have one instruction with two result types, but now we'd have two instructions, which breaks things worse. This change goes back to how things were before, to avoid any new surprises on real-world code with invalid ASTs or IR.
 2020-06-03 10:11:27 -04:00
Jonas Jensen
e292eee3d1 C++: Autoformat fixup 2020-06-03 15:48:50 +02:00
Erik Krogh Kristensen
a90c8769ee update expected output 2020-06-03 15:24:04 +02:00
Erik Krogh Kristensen
7c26efbc12 case insensitive authorization header 2020-06-03 15:23:51 +02:00
Erik Krogh Kristensen
b508ad41c8 don't have a separate fetch module 2020-06-03 15:20:06 +02:00
Erik Krogh Kristensen
46cd0143d8 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-03 15:18:10 +02:00
Mathias Vorreiter Pedersen
d295e2139a C++: Accept tests after merge from master 2020-06-03 15:13:44 +02:00
Mathias Vorreiter Pedersen
43a0d4c97d Merge branch 'master' into flat-structs 2020-06-03 15:11:14 +02:00
Esben Sparre Andreasen
8316121a44 JS: formatting 2020-06-03 15:02:36 +02:00
Jonas Jensen
ad292d8fb6 C++: Accept one more test change from last commit 2020-06-03 14:51:05 +02:00
Tom Hvitved
86dd86848f C#: Update call-sensitivity data-flow tests 2020-06-03 14:21:23 +02:00
Erik Krogh Kristensen
baee47f3c6 remove mention of fetch from change-note 2020-06-03 13:56:32 +02:00
Erik Krogh Kristensen
28a1900612 treat all writes to Authorization as a CredentialsExpr 2020-06-03 13:55:49 +02:00
Erik Krogh Kristensen
6466ab19a0 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:51:04 +02:00
Erik Krogh Kristensen
f8caec76ab move the Fetch module to ClientRequests 2020-06-03 13:37:34 +02:00
Erik Krogh Kristensen
aa463d8298 mention fetch instead of node-fetch 2020-06-03 13:33:43 +02:00
Erik Krogh Kristensen
c80baf981a simplify change-note 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:33:31 +02:00
Erik Krogh Kristensen
1b53cd4bd9 update docstring of FetchAuthorization 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:31:16 +02:00
Jonas Jensen
8f702d4b49 C++: Override toString on argument indirections 
Without this override, end users would see the string
`BufferReadSideEffect` in path explanations.
 2020-06-03 13:04:10 +02:00
Erik Krogh Kristensen
19dd472ee5 change note 2020-06-03 12:19:48 +02:00
Erik Krogh Kristensen
a1940979ba support credentials in a Buffer 2020-06-03 12:02:00 +02:00
Erik Krogh Kristensen
ba44ebe8a8 better support for browser based fetch API 2020-06-03 11:51:24 +02:00
Erik Krogh Kristensen
3622fb8716 support more variants of the Headers API 2020-06-03 11:50:10 +02:00
Anders Schack-Mulligen
a969dbc6ca Java: Fix missing CFG edge for switch expressions. 2020-06-03 10:49:08 +02:00
Anders Schack-Mulligen
8d6e39eb18 Java: Add instanceof type bounds for ArrayAccess. 2020-06-03 09:42:37 +02:00
Mathias Vorreiter Pedersen
b890b162f4 C++: Restrict the side effect of StoreChainEndInstructionSideEffect to be WriteSideEffectInstructions 2020-06-03 09:28:06 +02:00
Esben Sparre Andreasen
afee864295 JS: make use of the colletions type tracking steps 2020-06-03 08:19:34 +02:00
Esben Sparre Andreasen
36b7574ac1 JS: add additional route handler registration tests 2020-06-03 08:18:11 +02:00
Esben Sparre Andreasen
117f009d17 JS: use HTTP::RouteHandlerCandidateContainer in Express 2020-06-03 08:18:11 +02:00
Esben Sparre Andreasen
9964902c10 JS: introduce HTTP::RouteHandlerCandidateContainer 2020-06-03 08:16:58 +02:00
Esben Sparre Andreasen
606f8274c7 JS: add tests for various route handler registration patterns 2020-06-03 08:16:58 +02:00
Robert Marsh
f7752b0a01 C++/C#: add IRParameter subclass of IRVariable 2020-06-02 17:22:10 -07:00
Erik Krogh Kristensen
3c802007a3 add support for string concatenations and base64-encoding of hardcoded credentials 2020-06-02 23:15:13 +02:00
Erik Krogh Kristensen
b6dc94fccb add fetch.Headers.Authorization as a CredentialsExpr 2020-06-02 23:02:16 +02:00
Erik Krogh Kristensen
14f0d1687a factor fetch import into NodeJSLib 2020-06-02 22:45:47 +02:00
Asger Feldthaus
8342981799 JS: Make isCoercedToBoolean private 2020-06-02 17:16:55 +01:00
Jonas Jensen
10dfa497a5 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Fixed a semantic merge conflict by accepting test changes in
`cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected`.
 2020-06-02 18:03:34 +02:00
Jonas Jensen
9c50acc0f9 Merge pull request #3602 from MathiasVP/path-problem-for-dataflow-tests 
C++: Make path-problem versions of ir-flow.ql and flow.ql
 2020-06-02 17:59:26 +02:00