hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.2
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
56707fc79a JS: recognize more conditionals in useless-conditional 2018-11-06 10:28:05 +00:00
Jonas Jensen
786377d8dc Merge pull request #408 from dave-bartolomeo/dave/NonVirtualDestructorInBaseClass 
C++: Fork AV Rule 78 into NonVirtualDestructorInBaseClass
 2018-11-06 09:51:27 +01:00
Dave Bartolomeo
3133bf6675 C++: Fix test expectation 2018-11-05 14:19:59 -08:00
Dave Bartolomeo
0c796de831 C++: Fork AV Rule 78 into NonVirtualDestructorInBaseClass 
AV Rule 78 has proved too noisy for use on lgtm.com. However, if we make the rule less noisy by, say, allowing a protected destructor to be non-virtual, we're no longer actually enforcing AV Rule 78. Instead, I've copied AV Rule 78 into NonVirtualDestructorInBaseClass.ql, given the new query the `@id` that AV Rule 78 had, and given AV Rule 78 a new JSF-specific `@id`. The new rule allows non-public non-virtual destructors, which is the problem originally reported by an lgtm.com user.
 2018-11-05 14:16:35 -08:00
Jonas Jensen
ba91f3e77c Merge pull request #401 from geoffw0/loopdir 
CPP: Speed up inconsistentLoopDirection.ql.
 2018-11-05 18:22:19 +01:00
yh-semmle
64a50c522d Java: tweak a test 2018-11-05 12:10:08 -05:00
yh-semmle
c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
yh-semmle
f3fbc8a153 Java: move a few tests 2018-11-05 12:08:42 -05:00
Aditya Sharad
bfa4c30784 C++: Improve performance of ExprEvaluator::getFunctionValue. 
Changes the `forex` range to join on both `this` (the current `ExprEvaluator`) and `ret` (the expected function return value),
so that we look at the relevant return values rather than all interesting functions.
 2018-11-05 16:51:23 +00:00
Geoffrey White
5cd7103841 Merge pull request #403 from jbj/FlowVar-getAnAccess-perf 
C++: Performance fix for FlowVar.getAnAccess
 2018-11-05 16:46:49 +00:00
semmle-qlci
5c9939b8ef Merge pull request #390 from esben-semmle/js/improve-useless-conditional-message 
Approved by xiemaisi
 2018-11-05 16:34:59 +00:00
Tom Hvitved
2d25a04a2e C#: Add test for guard implications logic 2018-11-05 16:47:10 +01:00
Geoffrey White
a38fefe7ba CPP: Fix trailing space. 2018-11-05 15:21:27 +00:00
Tom Hvitved
f5e6b79add C#: Address review comments 2018-11-05 16:14:15 +01:00
Geoffrey White
27fe996269 CPP: Change note. 2018-11-05 15:11:17 +00:00
Geoffrey White
3cb4211c78 CPP: Exclude code in macro invocations. 2018-11-05 15:07:22 +00:00
Geoffrey White
b4adfec2ef CPP: Add test case. 2018-11-05 14:19:16 +00:00
Esben Sparre Andreasen
651f32514b JS: use 'Util::describeExpression' in js/trivial-conditional 2018-11-05 13:00:07 +01:00
Esben Sparre Andreasen
4e54af3b41 JS: introduce 'Util::describeExpression' 2018-11-05 12:58:12 +01:00
Asger F
e670919807 JS: mention @type tag in qhelp 2018-11-05 11:31:32 +00:00
Asger F
ad7ecc1df0 JavaScript: added change note 2018-11-05 11:31:32 +00:00
Asger F
e39b0c7a75 JavaScript: address comments 2018-11-05 11:31:02 +00:00
Asger F
4f4ad2b942 JavaScript: ignore self-assignments with a JSDoc comment 2018-11-05 11:31:02 +00:00
Tom Hvitved
2846d80f1c Merge pull request #359 from calumgrant/cs/with-stubs 
C#: Sources and sinks for ASP.NET Core
 2018-11-05 11:46:02 +01:00
Jonas Jensen
9a3907c97f C++: Performance fix for FlowVar.getAnAccess 
The previous formulation of this predicate caused a CP in snapshots
where a variable had a large number of definitions and also reached a
large number of sub-basic-blocks.

This should fix performance of https://github.com/FrodeSolheim/fs-uae
and https://github.com/libretro/libretro-uae.

The `FlowVar.getAnAccess` predicate is still at risk of CP'ing when a
large group of defs has a large group of uses, but that has not been
observed to happen in practice yet. We would need to make
`localFlowStep` expose phi definitions in order to avoid that risk.
 2018-11-05 10:52:17 +01:00
semmle-qlci
b743ee4179 Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic 
Approved by xiemaisi
 2018-11-05 07:37:36 +00:00
Arthur Baars
a525c181e2 Merge pull request #400 from adityasharad/merge/1.18-master-021118 
Merge rc/1.18 into master.
 2018-11-03 20:43:48 +01:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
13f0a401f3 C#: Update analysis change notes. 2018-11-02 16:46:48 +00:00
calum
aff47c9f38 C#: Tidy up whitespace. 2018-11-02 16:45:48 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Geoffrey White
1561363582 CPP: Speed up illDefined*ForStmt in inconsistentLoopDirection.ql. 2018-11-02 16:01:23 +00:00
Aditya Sharad
3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Arthur Baars
19f238a51a Merge pull request #399 from adityasharad/version/1.18.2-dev 
Version: Bump to 1.18.2 dev.
 2018-11-02 08:56:33 +01:00
Max Schaefer
e77ea62179 JavaScript: Tweak storeStep predicate. 2018-11-01 21:24:16 -04:00
Max Schaefer
94bba88080 JavaScript: Avoid unhelpful magic. 2018-11-01 21:22:51 -04:00
Max Schaefer
a72507a621 JavaScript: Remove a pragma[noopt]. 2018-11-01 21:22:03 -04:00
Aditya Sharad
3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
Geoffrey White
40ad2c9db9 Merge pull request #397 from pavgust/fix/suspicious-memset-perf 
SuspiciousCallToMemset: Simplify pointer indirection computation
 2018-11-01 18:46:30 +00:00
semmle-qlci
b130335adb Merge pull request #398 from aschackmull/java/autoformat 
Approved by yh-semmle
 2018-11-01 16:57:30 +00:00
Anders Schack-Mulligen
41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00