hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
d3c6d83786 CPP: Change note. 2018-12-07 18:43:27 +00:00
Geoffrey White
0f268cac40 CPP: Fix the issue. 2018-12-07 18:43:27 +00:00
Geoffrey White
02a060fbfa CPP: Add a test. 2018-12-07 18:21:48 +00:00
Ian Lynagh
4f51257e56 C++: Update stats 2018-12-07 16:13:07 +00:00
calumgrant
67d4099e3f Merge pull request #593 from hvitved/csharp/nullness 
C#: Rewrite nullness queries
 2018-12-07 15:57:27 +00:00
Geoffrey White
91578258f7 Merge pull request #595 from jf205/qhelp-guide 
Query help style-guide
 2018-12-07 15:38:58 +00:00
Anders Schack-Mulligen
f09eb67af0 Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard. 2018-12-07 16:18:32 +01:00
Tom Hvitved
6411d1c7dd C#: Refactor operator call logic 
Refactored to make it clear when `@operator.Symbol as IMethodSymbol` can be `null`.
 2018-12-07 15:47:20 +01:00
Tom Hvitved
e05bbb0f10 C#: Fix always-null bug in TRAP writer 2018-12-07 15:46:27 +01:00
Geoffrey White
e7390f3ea5 CPP: Add simple tests of CommaExpr. 2018-12-07 14:29:09 +00:00
semmle-qlci
3b383e3aaf Merge pull request #635 from Semmle/xiemaisi-patch-3 
Approved by esben-semmle
 2018-12-07 14:02:48 +00:00
Max Schaefer
74e70615ed JavaScript: Fix performance regression in MixedStaticInstanceThisAccess. 2018-12-07 13:17:36 +00:00
Aditya Sharad
fcfab26267 Merge rc/1.19 into next. 2018-12-07 12:31:51 +00:00
Tom Hvitved
664453707a C#: Speedup Assertions::strictlyDominates() and ControlFlowElement::controlsBlock() 
Only calculate dominance by explicit recursion for split nodes; all other nodes
can use regular CFG dominance.
 2018-12-07 12:03:12 +01:00
Anders Schack-Mulligen
6beb396d93 Merge pull request #634 from yh-semmle/java/field-annotations 
Java: account for change to field annotation extraction
 2018-12-07 11:29:46 +01:00
Tom Hvitved
2a30dee8df Merge pull request #621 from calumgrant/cs/invalid-key 
C#: Fix [INVALID_KEY] error
 2018-12-07 11:24:45 +01:00
Tom Hvitved
c887dc89dc C#: Fix a bug in ThrowingCallable 
A method such as

```
void M()
{
    throw new Exception();
}
```

was incorrectly not categorized as a `ThrowingCallable`, that is, a callable
that always throws an exception upon invocation.
 2018-12-07 10:56:11 +01:00
Geoffrey White
b1e7649d02 CPP: Add functions containing errors to the sideEffects tests. 2018-12-07 09:54:36 +00:00
Tom Hvitved
243af36167 C#: Add more CFG tests with throwing methods 2018-12-07 10:43:45 +01:00
Tom Hvitved
fce805834e C#: Address review comments 2018-12-07 09:40:49 +01:00
Max Schaefer
74e3709de1 JavaScript: Add missing query id in change notes. 2018-12-07 08:25:28 +00:00
Jonas Jensen
00e52df371 C++: Rename "Incorrect 'not' operator usage" 
This makes the casing consistent with our other queries.
 2018-12-07 09:24:35 +01:00
yh-semmle
bc78219653 Java: account for change to field annotation extraction 2018-12-06 23:06:14 -05:00
yh-semmle
a709783fe5 Merge pull request #622 from ian-semmle/range_for 
C++: Follow range for statement test output changes
 2018-12-06 23:05:08 -05:00
semmle-qlci
9e73ed71b9 Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization 
Approved by mc-semmle
 2018-12-06 20:46:37 +00:00
Dave Bartolomeo
ebbd701188 C++: Fix PR feedback 2018-12-06 12:35:43 -08:00
Dave Bartolomeo
84b39bf999 C++: Simplify models for side effects and alias info. 2018-12-06 12:35:33 -08:00
yh-semmle
c2116f0d91 Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
Esben Sparre Andreasen
4f53411397 JS: recognize HTTP URLs in js/incomplete-url-sanitization 2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen
56fb63adbc JS: change notes for js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen
229eea00dc JS: add query js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
semmle-qlci
3397533045 Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen
bf048e7e49 JS: change notes for persistent storage taint step and cookie models 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
45b207c21b JS: introduce models of three cookie libraries 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Jonas Jensen
0a496c1d3d Merge pull request #617 from geoffw0/unusedstatic 
CPP: Fix false positives in UnusedStaticVariables.ql
 2018-12-06 14:09:52 +01:00
Taus
cb93017d98 Merge pull request #606 from markshannon/python-fix-regex-fp 
Python: Fix off-by-one error in regex parsing.
 2018-12-06 12:59:44 +01:00
Ian Lynagh
8d655c74ae C++: Follow range for statement test output changes 2018-12-06 11:12:46 +00:00
Esben Sparre Andreasen
7fb752784a JS: introduce persistent read/write pairs as a taint step 2018-12-06 10:36:10 +01:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Felicity Chapman
6a7b528280 1.19: Finalize change notes for JavaScript 2018-12-06 08:44:35 +00:00
semmle-qlci
bc91e0f53b Merge pull request #624 from Semmle/xiemaisi-patch-2 
Approved by esben-semmle
 2018-12-06 08:04:37 +00:00
Max Schaefer
305b8a6723 Merge pull request #620 from xiemaisi/js/qhelp-for-ms-queries 
JavaScript: Add query help for two externally contributed queries.
 2018-12-06 08:04:13 +00:00
Max Schaefer
75842fec1c Merge pull request #627 from samlanning/inconsistentStateExample 
JS: Fix syntax error in js/react/inconsistent-state-update example
 2018-12-06 08:03:32 +00:00
Sam Lanning
2ea148016c JS: Fix syntax error in js/react/inconsistent-state-update example 2018-12-05 16:44:40 -08:00
Dave Bartolomeo
2b80aee557 C++: Use getConvertedResultExpr in IR-based dataflow 
This sort of fixes one FP and causes a new FN, but for the wrong reasons. The IR dataflow is tracking the reference itself, rather than the referred-to object. Once we can better model indirections, we can make this work correctly.

This change is still the right thing to do, because it ensures that the dataflow is looking at actual expression being computed by the instruction.
 2018-12-05 12:34:44 -08:00
Dave Bartolomeo
e8efb32156 C++: Remove StoreDestinationAsPostUpdateNode 2018-12-05 11:33:48 -08:00
Dave Bartolomeo
65360b23f9 C++: Change model API based on feedback 
I've separated the model interface for memory side effects from the model for escaped addresses. It will be fairly common for a given model to extend both interfaces, but they are used for two different purposes.

I've also put each model interface and the non-member predicates that query it into a named module, which seemed cleaner than having predicates named `functionModelReadsMemory()` and `getFunctionModelParameterAliasBehavior()`.
 2018-12-05 10:58:46 -08:00
Taus
a8354b98d9 Merge pull request #626 from felicity-semmle/1.19/python-change-notes 
Update logging information based on 'extractor-python.md'
 2018-12-05 17:42:56 +01:00
Felicity Chapman
c735043772 Update for feedback 2018-12-05 16:36:34 +00:00