hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 00:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rebecca Valentine
d5c44d8513 Merge pull request #3315 from tausbn/python-finalise-1.24-change-notes 
Python: Finalise change notes for 1.24.
 2020-04-22 09:15:54 -07:00
Dave Bartolomeo
163ecd97de Merge pull request #3277 from geoffw0/rangeshift 
C++: Support for & and >> in SimpleRangeAnalysis
 2020-04-22 11:36:36 -04:00
Jonas Jensen
448bd2be87 C++: Make Declaration not abstract 
It looks like this change will stop `SignedOverflowCheck.ql` from
needlessly re-evaluating several cached stages.
 2020-04-22 17:34:18 +02:00
Rasmus Wriedt Larsen
22096c36b9 Python: Add standard HttpSources tests for BaseHTTPRequestHandler 2020-04-22 17:28:49 +02:00
Rasmus Wriedt Larsen
51a9094064 Python: Add sinks for http.server.BaseHTTPRequestHandler 2020-04-22 17:28:27 +02:00
Shati Patel
321eb44370 Highlight "unique" as a keyword 2020-04-22 15:54:50 +01:00
Felicity Chapman
e29468135d Editorial suggestions 
We don't hyphenate "QL-library" and there were a few typos. Feel free to further revise this if I've changed the meaning too much.

As discussed separately, I was unable to raise this as a PR in GitHub.com and had to resort to a direct commit.
 2020-04-22 15:48:01 +01:00
Tom Hvitved
8c0c283811 Revert "C#: Improve db consistency by removing assembly id" 2020-04-22 16:32:13 +02:00
Rasmus Wriedt Larsen
a27431e197 Python: Add module level QLDoc in web/stdlib/Request.qll 2020-04-22 16:22:03 +02:00
Taus
44b570f7b6 Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-04-22 16:03:20 +02:00
Jonas Jensen
7a3663976b C++: inline arithTypesMatch predicate 
This predicate is effectively a Cartesian product between all enum
types. It's infeasible to compute it in full, so luckily the optimizer
has been able to apply enough magic to make it feasible. That's not a
robust solution, and it has indeed broken on at least one version of the
1.24 release candidate.

On a Chromium snapshot where I ran the LGTM suite overnight, the
`m#MistypedFunctionArguments::arithTypesMatch#bb` predicate (magic for
`arithTypesMatch`) took 170m5s. That was commit b69fdf5 from the
internal repo. I tried to reproduce it in VSCode, this time with commit
646646, but it wasn't quite as bad: the predicate took only 38 seconds.
In any case, making the problematic predicate `pragma[inline]` removes
the slow magic and makes the `MistypedFunctionArguments.ql` query
faster.
 2020-04-22 15:14:07 +02:00
Taus Brock-Nannestad
e97d88c158 Python: Finalise change notes for 1.24. 2020-04-22 14:31:04 +02:00
Esben Sparre Andreasen
a0e6562208 JS: address review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2747e2a0c7 JS: formatting 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
2186ca7efc JS: address non-semantic review feedback 2020-04-22 14:24:35 +02:00
Esben Sparre Andreasen
27e5fce0ed JS: make the default PoIConfiguration/enabled inclusive 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
3b45bcd285 JS: remove the standard PoI configurations 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
dd6378f1d0 JS: address PoI review comments 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
b2ca3d2bdc JS: improve PoI::alertQuery docstring 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
a386d2dcee JS: add missing expected output 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
607d46e2f9 JS: improve PoI tests 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
c407cc072e JS: autoformat 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
e4ea089a0b JS: add experimental PoI module 2020-04-22 14:24:34 +02:00
Esben Sparre Andreasen
ec73c97422 JS: refactor ClassifyFiles.qll from ClassifyFiles.ql 2020-04-22 14:24:34 +02:00
Erik Krogh Kristensen
ac26741816 reuse existing SanitizerGuard from UnsafeJQueryPlugin 2020-04-22 14:16:15 +02:00
Dave Bartolomeo
66381e89ef C++: Add comment from PR feedback 2020-04-22 08:11:43 -04:00
Erik Krogh Kristensen
0a29d132d0 reuse existing logic in DomBasedXss 2020-04-22 13:50:43 +02:00
Rasmus Wriedt Larsen
6b84137a92 Python: Model cgi.FieldStorage (parsing of submitted forms) 2020-04-22 11:37:47 +02:00
Rasmus Wriedt Larsen
1ecfa2eb55 Merge pull request #3278 from tausbn/python-fix-warnings 
Python: Fix remaining deprecation warnings.
 2020-04-22 11:33:16 +02:00
Rasmus Wriedt Larsen
6eb24011eb Python: Add docs to web/stdlib/Request.qll 2020-04-22 11:26:50 +02:00
Erik Krogh Kristensen
ac44cb425e Merge branch 'master' into js/call-graph-exploration 2020-04-22 10:49:26 +02:00
Robert Marsh
9e0d6e8aa0 C++: move taint step cases to TaintTrackingUtil 2020-04-22 01:38:00 -07:00
Taus Brock-Nannestad
2fad5e8e32 Python: Remove deprecated TaintFlow and additionalFlowStepVar. 2020-04-22 10:34:00 +02:00
Erik Krogh Kristensen
a5bbfa30d1 add change note 2020-04-22 10:23:07 +02:00
Erik Krogh Kristensen
7bfea946fd update links in xss-through-dom qhelp 2020-04-22 10:23:03 +02:00
Erik Krogh Kristensen
8811455d49 Merge remote-tracking branch 'upstream/master' into XssDom 2020-04-22 10:20:40 +02:00
Calum Grant
1b88c97688 Merge pull request #3199 from hvitved/csharp/vsvars-unset-platform 
C#: Unset `Platform` env variable when invoking `vcvarsall.bat`
 2020-04-22 09:18:20 +01:00
Geoffrey White
2e392516c2 Apply suggestions from code review 
Co-Authored-By: Dave Bartolomeo <dbartol@github.com>
 2020-04-22 09:09:16 +01:00
Erik Krogh Kristensen
76503d3536 user controlled -> user-controlled 2020-04-22 10:08:01 +02:00
Erik Krogh Kristensen
947e9828da Update javascript/ql/src/Security/CWE-079/XssThroughDom.qhelp 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-04-22 10:07:50 +02:00
Rasmus Wriedt Larsen
26ed911bb2 Python: Add modeling of http.server.BaseHTTPRequestHandler 2020-04-22 09:52:10 +02:00
Rasmus Wriedt Larsen
30e2592701 Python: Propagate taint through parse_qs 2020-04-22 08:55:35 +02:00
Robert Marsh
52b1fb703d C++: use models in TaintTrackingUtil 2020-04-21 17:18:14 -07:00
Robert Marsh
11683fa9cb C++: add mapping between models and instructions 2020-04-21 17:10:45 -07:00
Taus
5af351eacd Merge pull request #3275 from RasmusWL/python-fix-points-to-deprecations 
Python: Remove deprecated annotation for old PointsTo::points_to
 2020-04-21 18:18:07 +02:00
semmle-qlci
9fae953969 Merge pull request #3262 from asger-semmle/js/api-deprecation-and-renaming 
Approved by erik-krogh
 2020-04-21 15:45:13 +01:00
Dave Bartolomeo
4b44afef90 C++: Accept syntax-zoo test output 2020-04-21 09:42:24 -04:00
Dave Bartolomeo
fee557001e C++: Update SignAnalysis test results 2020-04-21 09:34:44 -04:00
Mathias Vorreiter Pedersen
a49d22e6e4 C++: Fix join ordering 2020-04-21 13:25:06 +02:00
semmle-qlci
2fb711e460 Merge pull request #3169 from erik-krogh/Maps 
Approved by asgerf, esbena
 2020-04-21 12:12:06 +01:00