hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 06:54:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
03c91a66c5 JS: Update expected output 2020-06-29 07:52:25 +01:00
ubuntu
bb06014f3d Add fancy-log 2020-06-28 22:02:02 +02:00
Alessio Della Libera
ce32d646dc Update javascript/ql/src/semmle/javascript/frameworks/Logging.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-06-28 21:58:45 +02:00
Mathias Vorreiter Pedersen
5fbf30590e C++: Accept test changes. 2020-06-28 20:21:51 +02:00
Taus Brock-Nannestad
5744356dbc Python: Add a bunch more toString docs. 2020-06-28 14:55:45 +02:00
Taus Brock-Nannestad
e72e662f68 Python: Autogenerate QLDoc for toString AST methods. 
Only adds these for the methods that do not `override` other
methods (as these presumably have their own `toString` documentation).
 2020-06-28 14:41:45 +02:00
Mathias Vorreiter Pedersen
9c0f877172 C++: Keep old instruction -> instruction flow in simpleInstructionLocalFlowStep. This means we don't have to add general operand -> instruction to the simpleLocalFlowStep relation, which seems to add a 10% performance regression. 2020-06-28 11:28:43 +02:00
Asger Feldthaus
9ca25d5bef JS: Support .hash extraction via a few more methods 2020-06-28 01:38:59 +01:00
Asger Feldthaus
19db418395 JS: Add missing store step in Xss query 2020-06-28 01:26:11 +01:00
luchua-bc
0f8dd7c328 text changes 2020-06-27 22:56:00 +00:00
Bt2018
87668bf075 Add method access qualifier as source 2020-06-27 18:00:52 -04:00
Asger Feldthaus
3e616e998e JS: Add test 2020-06-27 21:31:40 +01:00
Asger Feldthaus
84d21074e5 JS: Support Vue class components 2020-06-27 21:24:46 +01:00
Grzegorz Golawski
aff0e0eb25 Cleanup according to review comments. 2020-06-27 18:30:36 +02:00
Artem Smotrakov
f5f30ce25e Java: Simplified the query for disabled certificate revocation checking 
Removed a dataflow cofiguration for setting a revocation checker.
Instead, the query just checks if addCertPathChecker() or setCertPathCheckers()
methods are called.
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
a2fa03e4f5 Java: Improved the query for disabled certificate revocation checking 
- Added a taint propagation step for List.of() methods
- Added a testcase with one of the List.of() method
- Simplified conditions
- Fixed typos
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
06e3f101ce Java: Added a query for disabled certificate revocation checking 
- Added experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
  The query looks for PKIXParameters.setRevocationEnabled(false) calls.
- Added RevocationCheckingLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-299
 2020-06-27 11:37:20 +03:00
Asger Feldthaus
ac5b9cd168 JS: Autoformat 2020-06-26 23:15:04 +01:00
Dave Bartolomeo
4dcdd8a0ee C++: Add last remaining QLDoc to Opcode.qll 2020-06-26 17:25:30 -04:00
Dave Bartolomeo
bdf121f3b8 C++: Update opcode QLDoc script to handle abstract base classes 
This auto-generates even more QLDoc for `Opcode.qll`
 2020-06-26 16:04:33 -04:00
ubuntu
9135bbd5c8 JS: model fancy-log (and recognize the 'dir' log level) 2020-06-26 21:33:52 +02:00
Asger Feldthaus
6707e3424d JS: Prevent bad join ordering 2020-06-26 20:21:56 +01:00
Taus Brock-Nannestad
24daf2c4d1 Python: Document internal AST classes. 
We already document these in the classes that override them, so I
simply added a pointer to this information.
 2020-06-26 21:15:30 +02:00
Asger Feldthaus
06dd3ab2ca JS: Propagate into RegExp.$x 2020-06-26 18:58:43 +01:00
Asger Feldthaus
17af8f7650 JS: Add test for taint propagating into RegExp.$1 2020-06-26 18:58:43 +01:00
Dave Bartolomeo
e00a8f7670 Merge pull request #3815 from jbj/getAPrimaryQlClass 
C++: getCanonicalQLClass -> getAPrimaryQlClass
 2020-06-26 13:52:16 -04:00
Dave Bartolomeo
5f290520ab C++: Accept test diffs due to opcode rename 2020-06-26 13:45:41 -04:00
semmle-qlci
3aefb7fad9 Merge pull request #3613 from erik-krogh/Reassigned 
Approved by asgerf
 2020-06-26 17:05:45 +01:00
Dave Bartolomeo
281985b845 C++: Sync Opcode.qll QLDoc with Instruction.qll QLDoc 
For every concrete `Opcode`, there is a corresponding `Instruction` class. Rather than duplicate all of the QLDoc by hand, I wrote a quick Python script to copy the QLDoc from `Instruction.qll` to `Opcode.qll`. I don't expect that we will need to do this often, so I'm not hooking it up to a PR check or anything like that, but I did commit the script itself in case we need it again.
 2020-06-26 11:42:32 -04:00
Dave Bartolomeo
023e1dc0a2 Instruction and opcode cleanup 
- Renamed `DynamicCastToVoid` to the more descriptive `CompleteObjectAddress`
- Split verbose description from summary in a few Instruction QLDoc comments.
- Added `Instruction` classes for the few remaining `Opcode`s that didn't have one.
- Removed a use of "e.g."
 2020-06-26 11:39:10 -04:00
Jonas Jensen
a22fb7662e C++: Autoformat fixup 2020-06-26 16:57:06 +02:00
Marcono1234
7443c9c5ad Fix outdated query console link 
#3546 changed the query but did not adjust the query link.
Additionally the old query could not be re-run because some of the projects it
targeted (gradle/gradle and eclipse-cdt/cdt) cannot be queried currently.
It now queries all available demo projects of the query console instead.
 2020-06-26 16:40:19 +02:00
Nick Rolfe
0ae5fb0357 C++: auto-format test query 2020-06-26 15:35:55 +01:00
Nick Rolfe
309a8e60c8 C++: add more test cases for the type of this 2020-06-26 14:20:46 +01:00
Nick Rolfe
e79625ed14 Accept suggested qldoc change 
Co-authored-by: Dave Bartolomeo <dbartol@github.com>
 2020-06-26 14:20:46 +01:00
Nick Rolfe
9e9d69238a C++: add test for MemberFunction::getTypeOfThis() 2020-06-26 14:20:46 +01:00
Nick Rolfe
8bd3be6e7b C++: add MemberFunction::getTypeOfThis() 2020-06-26 14:20:46 +01:00
Nick Rolfe
ca25971955 C++: upgrade script for member_function_this_type 2020-06-26 14:20:45 +01:00
Nick Rolfe
3b15d39ec6 C++: update stats for new member_function_this_type table 2020-06-26 14:20:45 +01:00
Nick Rolfe
133838dbf3 C++: update tests to expect type of this 2020-06-26 14:20:45 +01:00
Nick Rolfe
d1d7fac4ca C++: add member_function_this_type to dbscheme 2020-06-26 14:20:45 +01:00
semmle-qlci
b015c735d0 Merge pull request #3809 from max-schaefer/util-deprecate 
Approved by asgerf
 2020-06-26 14:20:14 +01:00
semmle-qlci
1b4df57426 Merge pull request #3731 from asger-semmle/js/monorepo-bugfixes 
Approved by erik-krogh
 2020-06-26 14:18:35 +01:00
Erik Krogh Kristensen
0b050204ad add missing dot in qldoc 2020-06-26 15:07:12 +02:00
Dave Bartolomeo
f48948c604 C++: Opcode cleanup 
- Remove unused `MemoryAccessOpcode`
- Make `OpcodeWithCondition` private
- Add QLDoc for `Opcode` module
 2020-06-26 09:04:37 -04:00
Mathias Vorreiter Pedersen
beb66299e9 Merge pull request #3796 from dbartol/codeql-c-analysis-team/40/2 
C++: QLDoc for all of `Instruction.qll`
 2020-06-26 14:04:48 +02:00
Erik Krogh Kristensen
e4fe236d37 autoformat 2020-06-26 13:59:06 +02:00
Tom Hvitved
795c5784b0 C#: Precise data flow for collections 2020-06-26 13:40:05 +02:00
Dave Bartolomeo
11c702331a Merge pull request #3795 from rdmarsh2/rdmarsh/cpp/add-qldoc-3 
C++: QLDoc for PrintAST and AST-based range analysis
 2020-06-26 07:38:10 -04:00
Rasmus Wriedt Larsen
3f0975f5a1 Merge pull request #3770 from tausbn/python-add-a-bunch-of-documentation 
Python: Add a bunch of documentation.
 2020-06-26 13:30:45 +02:00