hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lcartey@github.com
65d48a32b8 C++: Expose getDef(Upper|Lower)Bound as an internal predicate. 2020-09-11 09:49:18 +01:00
Tamas Vajk
d60b7c7297 C#: Improve empty collection check to not report on collections with property writes 2020-09-11 10:46:34 +02:00
Mathias Vorreiter Pedersen
ff09104089 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-11 09:25:50 +02:00
Mathias Vorreiter Pedersen
399da6837a Merge pull request #4227 from jbj/SimpleRangeAnalysis-NotExpr 
C++: Support `(bool)x` and `!x` in SimpleRangeAnalysis
 2020-09-11 08:59:03 +02:00
Bas van Schaik
31495b876e Python script to generate lists of code scanning queries in CSV format (#4177) 
* Create a PowerShell script that can be used to report on the set of queries inside of a particular QL Suite.
* Translate PowerShell script into Python
* support running this script from anywhere within the CodeQL git repo
* print non-fatal error if metadata is not available
* make sure warning about missing pack is printed to stderr
* only run on pushes against main and rcs
* detect repo by checking remote, rather than first SHA
* specify full sha of dsaltares/fetch-gh-release-asset
* trigger workflow on PR that modifies paths of interest

Co-authored-by: Justin Hutchings <jhutchings1@users.noreply.github.com>
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2020-09-10 12:25:02 -07:00
Rasmus Wriedt Larsen
52d8f7d395 Merge pull request #4235 from yoff/SharedDataflow_UseUseFlow 
Python: Port use-use implementation from Java
 2020-09-10 16:12:28 +02:00
Rasmus Lerchedahl Petersen
92e7a5676d Python: Address review comments 2020-09-10 15:17:30 +02:00
yoff
3a19b1e7fd Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-09-10 15:06:06 +02:00
Tom Hvitved
2cc635f7e0 C#: Add DB upgrade script 2020-09-10 14:09:40 +02:00
Tom Hvitved
01e766c745 C#: Disable uniqueness constraint from explicitly_implements 
The documentation on `ExplicitInterfaceImplementations` says "Properties
imported from metadata can explicitly implement more than one property", so
the constraint appears to be invalid.
 2020-09-10 14:05:37 +02:00
Tamas Vajk
643a8b57c3 C#: Explicitly handle underlying tuple types 2020-09-10 14:05:37 +02:00
Tamas Vajk
221b92de04 C#: upgrade Roslyn dependencies to version 3.7 2020-09-10 13:53:39 +02:00
Rasmus Wriedt Larsen
fb3060dc3d Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches 
This should not change anything in regards to correctness overall -- what we
really care about is `varBlockStep`, and that checks `varOccursInBlock(v, b2)`.
However, the comment is a bit easier to read together with the code
now (and probably also gives slightly smaller predicate result size).
 2020-09-10 13:47:36 +02:00
Rasmus Wriedt Larsen
949b81b07c Python: Add dataflow tests for dynamic tuple creation 
Inspired by the FP-report in https://github.com/github/codeql/issues/4239
 2020-09-10 13:44:48 +02:00
Rasmus Wriedt Larsen
f716f9690b Merge pull request #4132 from yoff/SharedDataflow_NestedComprehensions 
Python: Shared dataflow, nested comprehensions
 2020-09-10 13:28:04 +02:00
Tom Hvitved
a9f322e6c3 Merge pull request #4241 from hvitved/csharp/autobuild-cmd-exit-code 
C#: Correctly propagate exit code in `autobuild.cmd`
 2020-09-10 12:43:43 +02:00
Tom Hvitved
2a3d0072d2 Merge pull request #4242 from hvitved/csharp/fix-failing-windows-tests 
C#: Fix broken auto-builder tests on Windows
 2020-09-10 12:39:01 +02:00
Geoffrey White
fed973f9c4 Merge pull request #4229 from MathiasVP/mathiasvp/make_shared_make_unique-models 
C++: Add taint models for std::make_unique and std::make_shared
 2020-09-10 10:46:30 +01:00
Geoffrey White
34a03ec523 Merge pull request #4213 from rdmarsh2/rdmarsh2/cpp/explicit-conversion-perf 
C++: Improve performance of getExplicitlyConverted
 2020-09-10 10:33:16 +01:00
Tom Hvitved
9629f1c2f4 C#: Also propagate exit code in pre-finalize.cmd 2020-09-10 11:09:38 +02:00
Rasmus Lerchedahl Petersen
2eb8ea85fb Python: update test expectations 2020-09-10 10:59:26 +02:00
Rasmus Lerchedahl Petersen
deb1a4ceb9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_UseUseFlow 2020-09-10 10:55:34 +02:00
Tom Hvitved
fcf39eaac1 C#: Fix broken auto-builder tests on Windows 2020-09-10 10:46:39 +02:00
Erik Krogh Kristensen
88bbc2f1f4 add change note 2020-09-10 10:39:04 +02:00
Tom Hvitved
a32db3de4b Simplify exit code logic 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2020-09-10 10:22:02 +02:00
Rasmus Lerchedahl Petersen
50cc5d58e9 Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions 2020-09-10 10:20:55 +02:00
Tom Hvitved
4cc1e4d1f1 C#: Correctly propagate exit code in autobuild.cmd 2020-09-10 10:01:43 +02:00
Max Schaefer
b71a8e2ad0 JavaScript: Expose an API-graph predicate that is useful for flow summaries. 2020-09-10 08:44:06 +01:00
Tom Hvitved
c45743588c Merge pull request #4237 from hvitved/csharp/autobuilder/nuget 
C#: Download nuget.exe in auto-builder if it does not exist
 2020-09-10 08:43:39 +02:00
Rasmus Lerchedahl Petersen
7b10a3a546 Python: fix comment and source uses 2020-09-10 08:36:00 +02:00
Robert Marsh
10633019a6 C++: autoformat 2020-09-09 12:45:17 -07:00
Robert Marsh
2e187a51ae C++: test for interprocedurl iterator flow 2020-09-09 12:45:06 -07:00
Mathias Vorreiter Pedersen
bb9cf72a31 Merge branch 'main' into mathiasvp/make_shared_make_unique-models 2020-09-09 20:51:56 +02:00
Robert Marsh
2c0157553f C++: accept test improvement from conversions 
Duplicate results were due to a mishandling of implicit array-to-pointer
conversions.
 2020-09-09 11:49:37 -07:00
Geoffrey White
46a07fa9b2 C++: Model std::stringstream::str. 2020-09-09 18:22:06 +01:00
Taus
f4f47bd5ed Merge pull request #4236 from RasmusWL/python-experimental-taint-sanitizers 
Python: Expand on taint sanitizer tests
 2020-09-09 17:51:24 +02:00
Tom Hvitved
1ce3ac74a1 Address review comments 2020-09-09 16:35:37 +02:00
Taus
17ccc137ae Merge pull request #4238 from RasmusWL/dataflow-small-fix-for-naming 
Dataflow: small fixes for naming in taint tracking
 2020-09-09 16:26:36 +02:00
Mathias Vorreiter Pedersen
ad602b892b Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-09 16:17:23 +02:00
Tamás Vajk
dfb8761bdc C#: Add flag to Standalone extractor to use the self contained .Net framework (#4233) 2020-09-09 16:12:48 +02:00
Rasmus Wriedt Larsen
b8e057f7ad Python: isSanitizerGuard test is future work 2020-09-09 15:57:53 +02:00
Rasmus Lerchedahl Petersen
b1567827a0 Python: Repair flow out of post-update nodes 2020-09-09 15:52:07 +02:00
Mathias Vorreiter Pedersen
e91d321d28 Merge pull request #4234 from geoffw0/stringstream 
C++: Tests and initial models for taint through std::stringstream / std::ostream.
 2020-09-09 15:31:46 +02:00
Mathias Vorreiter Pedersen
17867f25a7 C++: Accept more test changes 2020-09-09 15:27:56 +02:00
Jonas Jensen
ceb198f65d Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-NotExpr 2020-09-09 14:50:00 +02:00
Rasmus Wriedt Larsen
2172fb6e65 Dataflow: s/data flow/taint propagation/ in QLDoc for sanitizers 2020-09-09 14:30:33 +02:00
Geoffrey White
d8bb49b9a0 C++: We get a few additional results for DefaultTaintTracking as well. 2020-09-09 13:18:07 +01:00
Rasmus Wriedt Larsen
d90f0be2c4 Dataflow: defaultTaintBarrier => defaultTaintSanitizer 
Just keeping things a bit more consistent :)
 2020-09-09 14:11:56 +02:00
Tom Hvitved
947040aafe C#: Download nuget.exe in auto-builder if it does not exist 2020-09-09 14:09:41 +02:00
Rasmus Wriedt Larsen
ab8cc23ce7 Python: Expand on taint sanitizer tests 
Most interesting to look at the custom sanitizers. Once we have use-use flow, we
should handle this case:

```
s = TAINTED_STRING
emulated_authentication_check(s)
ensure_not_tainted(s)
```
 2020-09-09 13:57:25 +02:00