hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
f177e348bd Merge pull request #471 from geoffw0/query-tags-2 
CPP: Query tags 2 (JSF queries)
 2018-11-21 11:43:29 +01:00
Pavel Avgustinov
5cd3a9c40d Merge pull request #500 from markshannon/python-python-security-queries-to-high 
Python: Set precision of security queries to 'high'
 2018-11-21 09:41:38 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
01ad9ed8bc JS: address review comments 2018-11-21 09:19:20 +01:00
Dave Bartolomeo
3715215b3f C++: Add IR support for ConditionalDeclExpr 
Also fixes several places in the library that weren't handling `ConditionalDeclExpr`  correctly.
 2018-11-21 00:14:44 -08:00
Esben Sparre Andreasen
41b45352aa JS(ql): support optional chaining 2018-11-21 08:57:10 +01:00
Esben Sparre Andreasen
00587ba7b4 JS(extractor): support optional chaining 2018-11-21 08:57:10 +01:00
Dave Bartolomeo
07f9fe6ee4 C++: Add Uninitialized instruction for list-initialized variables 
This commit inserts an `Uninitialized` instruction to "initialize" a local variable when that variable is initialized with an initializer list. This ensures that there is always a definition of the whole variable before any read or write to part of that variable.

This change appears in a different form in @rdmarsh2's Chi node PR, but I needed to refactor the initialization code anyway to handle ConditionDeclExpr.
 2018-11-20 16:12:44 -08:00
Tom Hvitved
8233e34ba2 C#: Fix Boolean splitting for variables defined in a loop 2018-11-20 21:22:00 +01:00
Tom Hvitved
89d5daa137 C#: Fix Boolean splitting negation bug 2018-11-20 21:22:00 +01:00
Tom Hvitved
841218540e C#: Add CFG test 
This test exhibits two issues with Boolean CFG splitting: incorrect handling of
negated variables and incorrect splitting for variables defined inside a loop.
 2018-11-20 21:22:00 +01:00
calumgrant
87072dfb0e Merge pull request #489 from hvitved/csharp/pre-ssa-extensions 
C#: Extensions to pre-SSA library
 2018-11-20 20:20:41 +00:00
Asger F
7d80847832 JS: add qhelp example to test suite 2018-11-20 18:44:18 +00:00
Asger F
4138f814d8 JS: expand example 2018-11-20 18:42:49 +00:00
Asger F
260ae36cf8 JS: document the shared module 2018-11-20 18:27:02 +00:00
Asger F
3902f752d0 JS: share detection of objects with unsafe methods 2018-11-20 18:26:20 +00:00
Asger F
b16072a7be JS: share ConcatSanitizer in common module 2018-11-20 18:24:52 +00:00
Asger F
49cd2876c9 JS: use StringConcatenation library in ConcatSanitizer 2018-11-20 18:12:07 +00:00
Asger F
1c06f45046 JS: address some comments 2018-11-20 18:11:46 +00:00
semmle-qlci
b21b066255 Merge pull request #499 from xiemaisi/js/target-blank-location 
Approved by esben-semmle
 2018-11-20 17:16:05 +00:00
Geoffrey White
3c7ed9b7ab CPP: Fix typo. 2018-11-20 17:13:23 +00:00
Geoffrey White
8aeaf0bc8e CPP: Add an external/jsf tag as well. 2018-11-20 17:13:23 +00:00
Geoffrey White
bb7da78c95 CPP: Tag the JSF queries. 2018-11-20 17:13:22 +00:00
Geoffrey White
9922e36590 CPP: Add missing file. 2018-11-20 16:55:10 +00:00
Geoffrey White
ae91581204 CPP: Change note. 2018-11-20 16:52:36 +00:00
Geoffrey White
0493b68b50 Merge pull request #497 from jbj/disable-no-virtual-destructor 
C++: Remove @precision from AV Rule 78
 2018-11-20 16:44:36 +00:00
Geoffrey White
d8381ef448 CPP: Add change notes for some more changes. 2018-11-20 16:42:17 +00:00
Geoffrey White
7df7d8dd9e CPP: Add change notes for new query contributions. 2018-11-20 16:14:22 +00:00
Geoffrey White
e8f967a477 CPP: Add change notes for my recent changes. 2018-11-20 16:14:22 +00:00
Asger F
8aff66616b JS: suppress similar alerts from RemotePropertyInjection 2018-11-20 15:57:18 +00:00
Asger F
a2e5003c09 JS: add to security suite 2018-11-20 15:57:18 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
Taus
7ba4d71ffb Merge pull request #494 from markshannon/python-tests 
QL tests for Python queries and libraries.
 2018-11-20 16:00:06 +01:00
Taus
6317546cdb Merge pull request #493 from markshannon/python-queries 
Initial commit of Python queries and QL libraries.
 2018-11-20 15:59:15 +01:00
Mark Shannon
a135e4665e Update lgtm.yml file to exclude Python source in query and test folders. 2018-11-20 14:57:36 +00:00
Asger F
bc3b983768 JS: move CodeInjection tests into subfolder 2018-11-20 14:24:37 +00:00
Tom Hvitved
3e78c2671f C#: Generalize pre-SSA library to include local-scope-like fields/properties 2018-11-20 15:07:44 +01:00
Tom Hvitved
25150265dc C#: Compute phi inputs in pre-SSA library 
Logic is copied directly from the ordinary SSA library.
 2018-11-20 15:07:43 +01:00
Jonas Jensen
33111b6b27 Merge pull request #498 from geoffw0/test-cleanup 
CPP: Clean up some test code.
 2018-11-20 14:44:52 +01:00
Tom Hvitved
252b756184 Merge pull request #472 from felicity-semmle/csharp/SD-2778-qhelp-update 
C#: Minor updates for consistency (SD-2778)
 2018-11-20 14:28:29 +01:00
semmle-qlci
4b5f24d99e Merge pull request #449 from hvitved/csharp/ssa/live-at-rank 
Approved by calumgrant
 2018-11-20 13:01:02 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030 Merge pull request #470 from esben-semmle/custom-abstract-values-only 
Approved by xiemaisi
 2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5 JavaScript: Make TargetBlank only highlight the first line of the link. 
Otherwise alerts for multi-line `<a>` elements end up looking very red.

I also took the opportunity to improve the tests slightly.
 2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Geoffrey White
342164ff71 CPP: Clean up / normalize some test code. 2018-11-20 09:50:59 +00:00
Jonas Jensen
6c0305cb80 Merge pull request #495 from geoffw0/returnvalue 
CPP: Fix 'Missing return statement'
 2018-11-20 10:16:30 +01:00
Jonas Jensen
d7c2f9d185 C++: Remove @precision from AV Rule 78 
This rule, named "No virtual destructor", was supposed to be superseded
by `cpp/virtual-destructor` in 0c796de83, but that commit didn't
actually disable this rule, so both rules are now active in the LGTM
suite.

This commit disables the rule by removing `@precision`. We're still
discussing the best way to disable rules that are precise and valid but
not universally applicable. For now, removing `@precision` is consistent
with how we're keeping most other JSF queries from appearing on LGTM.
 2018-11-20 09:43:54 +01:00
Jonas Jensen
cc28d04ba7 Merge pull request #405 from geoffw0/selfcompare 
CPP: Fix false positives in PointlessSelfComparison.ql
 2018-11-20 09:25:10 +01:00
Tom Hvitved
9f7eef02ec C#: Address review comments 2018-11-20 09:24:53 +01:00