hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 15:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
e2ccd57bdd .gitignore everything under .vs in repo root dir 
We have external users editing queries with Visual Studio, and it seems
to automatically add very specific files to `.gitignore`. These changes
cause conflicts between unrelated PRs.

This commit adds all of `/.vs` to `.gitignore`, which should hopfully
make Visual Studio stop adding more entries.
 2018-09-26 15:12:32 +02:00
Jonas Jensen
3b2512fa0d C++: pragma[nomagic] in Overflow.qll 
These two predicates were supposed to be fast but became slow after the
recent inlining of `unresolve`.
 2018-09-26 14:39:44 +02:00
Jonas Jensen
6ccd208d4e C++: Prevent incomplete classes from being Types 
Raw classes from the database that are incomplete and should be
represented by their complete twin are now allowed to be `Element`s for
performance reasons, but this commit prevents them from being `Type`s.
It was causing confusion in test results and might also cause confusion
in queries.
 2018-09-26 14:02:15 +02:00
Aditya Sharad
75680dbfef Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Nick Rolfe
57f3ac8a79 Merge pull request #226 from adityasharad/merge/1.18-master-250918 
Merge rc/1.18 into master.
 2018-09-26 10:47:03 +01:00
Nick Rolfe
314e1a1e8c Merge pull request #228 from adityasharad/merge/1.18-next-250918 
Merge rc/1.18 into next.
 2018-09-26 10:42:46 +01:00
Jonas Jensen
0e0ab1ea97 C++: make unresolve a member of ElementBase 
Also remove the charpred of ElementBase. This gets rid of many redundant
charpred checks. It means that incomplete classes from the db are now
`Element`s, which is maybe noisy but should not be harmful.

Together, these changes give a great reduction in DIL and should help
the optimiser. It brings the DIL of `UncontrolledFormatString.ql` down
from 43,908 lines to 35,400 lines.
 2018-09-26 11:12:40 +02:00
Asger F
057c3a92b4 JS: update other Express test outputs 2018-09-26 08:36:52 +01:00
Jonas Jensen
397c8b5750 Merge pull request #212 from raulgarciamsft/master 
Setting a SECURITY_DESCRIPTOR’s DACL to NULL
 2018-09-26 09:32:29 +02:00
Esben Sparre Andreasen
7c006d4530 Merge pull request #222 from xiemaisi/js/identity-replacement 
JavaScript: Add new query flagging identity replacements.
 2018-09-26 09:25:19 +02:00
Asger F
a47b1dc774 JS: recognize Express header access with dynamic name 2018-09-26 08:22:21 +01:00
Esben Sparre Andreasen
097a2811e1 JS: change notes for AdHocWhitelistCheckSanitizer 2018-09-26 09:20:40 +02:00
Esben Sparre Andreasen
52061b35d8 JS: address review comments: improve regex, limit sanitizer usage 2018-09-26 09:20:07 +02:00
Asger F
e78a4e9f10 JS: update output from other Express tests 2018-09-26 07:58:44 +01:00
Asger F
ce11b5330d JS: recognize Express headers as RequestInputAccess 2018-09-26 07:58:44 +01:00
Geoffrey White
9c219b958c Merge pull request #225 from sauyon/sizeofcheck 
Allow void* pointer arithmetic with sizeof
 2018-09-25 22:53:07 +01:00
Aditya Sharad
accacdc9a4 Merge rc/1.18 into next. 2018-09-25 21:59:47 +01:00
Raul Garcia
54493eb990 Merge branch 'master' into master 2018-09-25 10:58:51 -07:00
Raul Garcia
d6d27df27b Removing all usage of single quotes 2018-09-25 10:50:34 -07:00
Aditya Sharad
28329562a7 Merge rc/1.18 into master. 2018-09-25 14:31:45 +01:00
Max Schaefer
0e63ea1b51 JavaScript: Update tests. 2018-09-25 11:27:12 +01:00
Max Schaefer
659c67c715 JavaScript: Produce friendlier message for empty-string replacements. 2018-09-25 11:27:12 +01:00
Max Schaefer
5fb22ba021 JavaScript: Handle zero-width assertions and sequences. 2018-09-25 11:27:12 +01:00
Max Schaefer
ec9a3c87a7 JavaScript: Do not flag case-insensitive replace. 2018-09-25 11:27:11 +01:00
Max Schaefer
1ab11109f9 JavaScript: Add new query flagging identity replacements. 2018-09-25 11:27:11 +01:00
Asger F
0936cda0e9 JS: avoid expensive join_rhs in callInputStep 2018-09-25 10:16:40 +01:00
Asger F
52c913b325 JavaScript: cache AdditionalPartialInvokeNode 2018-09-25 10:16:40 +01:00
Asger F
3ca7d6b4bf JavaScript: address comments 2018-09-25 10:16:40 +01:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
Jonas Jensen
3470ebc583 Merge pull request #223 from pavgust/imp/no-instantiation-mentions 
C++ definitions: Ignore type mentions of class inatantiations.
 2018-09-25 09:31:10 +02:00
Jonas Jensen
8f19efe2e8 Merge pull request #211 from raulgarciamsft/users/raulga/HESULT 
Cast between semantically different integer types: HRESULT to/from bool
 2018-09-25 09:01:35 +02:00
Sauyon Lee
614a8ef091 Allow void* pointer arithmetic with sizeof 
Technically this isn't allowed by the C spec, but it's been seen in the wild:
see 3763c7b338/files/src/csp_buffer.c\#x1d04047d2bb68c21:1
 2018-09-24 11:05:40 -07:00
Denis Levin
1438cae362 Correction to the test's expected file as the test was modified. 2018-09-24 10:45:54 -07:00
Geoffrey White
473252632c Merge pull request #221 from jbj/IntMultToLong-char 
C++: Suppress IntMultToLong alert on char-typed numbers
 2018-09-24 18:42:41 +01:00
Raul Garcia
a566ffae4a Fixed the test .expected file 2018-09-24 10:18:39 -07:00
Pavel Avgustinov
fa698380e2 C++ definitions: Ignore type mentions of class inatantiations. 
We currently erroneously keep mentions of class instantiations, which
can lead to bad performance on template-heavy code bases. We never
want to link those anyway, so we can simply suppress them.
 2018-09-24 18:18:30 +01:00
Raul Garcia
c75019726c Removing tabs & reformatting 2018-09-24 10:10:58 -07:00
Raul Garcia
c3b523cdc4 Fixing a missed reference to renamed file. 2018-09-24 10:02:52 -07:00
Geoffrey White
d975c09012 CPP: Change note. 2018-09-24 17:25:34 +01:00
Geoffrey White
4edc54df0c CPP: Use unspecified types everywhere (for simplicity and robustness). 2018-09-24 17:17:41 +01:00
Geoffrey White
b15db5d1e5 CPP: Add a test case that we handle poorly. 2018-09-24 17:17:41 +01:00
Jonas Jensen
a56376a2df C++: rename effectivelyConstant to likelySmall 
This reflects the existing QLDoc better and makes it more clear why it
includes char-typed expressions.
 2018-09-24 14:37:11 +02:00
Jonas Jensen
4d2e4c53f1 C++: Suppress IntMultToLong alert on char 2018-09-24 14:37:09 +02:00
Jonas Jensen
2b5d150829 C++: Test for IntMultToLong on char-typed numbers 2018-09-24 14:36:36 +02:00
semmle-qlci
7f56be6fe2 Merge pull request #216 from asger-semmle/lusca-csrf 
Approved by esben-semmle
 2018-09-24 11:34:24 +01:00
semmle-qlci
46178271d1 Merge pull request #213 from asger-semmle/sendfile 
Approved by xiemaisi
 2018-09-24 11:32:46 +01:00
Esben Sparre Andreasen
42fc28bc55 JS: add ad hoc whitelist checks as sanitizers 2018-09-24 11:17:35 +02:00
Jonas Jensen
d2f11dc18c Merge pull request #209 from dave-bartolomeo/dave/CNewLines 
LF all the things
 2018-09-24 09:02:54 +02:00
Dave Bartolomeo
396d7ea928 Mark several known binary extensions as -text 2018-09-23 16:24:32 -07:00
Dave Bartolomeo
1f36f5552f Normalize all text files to LF 
Use `* text=auto eol=lf`
 2018-09-23 16:24:31 -07:00