hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 16:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
59b94b3d1b revert back to having 2 separate cases in JQuery::MethodCall 2020-04-21 13:08:06 +02:00
Asger Feldthaus
18188b659c JS: Add 1.25 change note 2020-04-21 10:53:37 +01:00
Asger Feldthaus
c04ba91a90 JS: Autoformat 2020-04-21 10:51:42 +01:00
Asger Feldthaus
39920c1b08 JS: Add forwarding libraries in old locations 2020-04-21 10:51:42 +01:00
Asger Feldthaus
9e4709148b JS: Move Forward/Backward exploration to explore folder 2020-04-21 10:51:41 +01:00
Asger Feldthaus
647a3d3a60 JS: Add note and debugging and exploration 2020-04-21 10:51:41 +01:00
Asger Feldthaus
ffeda7f45a JS: Expand on doc a bit 2020-04-21 10:51:41 +01:00
Asger Feldthaus
066549f682 JS: Fix typo in qldoc 2020-04-21 10:51:41 +01:00
Asger F
291ebccfef Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger F
4c9ef8c570 Update javascript/ql/src/semmle/javascript/explore/CallGraph.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-04-21 10:51:41 +01:00
Asger Feldthaus
759e1dfe45 JS: Add helper library for call graph exploration 2020-04-21 10:51:40 +01:00
Rasmus Wriedt Larsen
32a97266cf Python: Fix deprecation warnings in test output 2020-04-21 11:39:44 +02:00
semmle-qlci
53abf83229 Merge pull request #3304 from asger-semmle/js/typescript-unary-type-expr 
Approved by erik-krogh
 2020-04-21 10:38:59 +01:00
Asger Feldthaus
1703ffe6a1 JS: Cache some SourceNode getter methods differently 2020-04-21 10:33:07 +01:00
Asger Feldthaus
997b44928e JS: Autoformat 2020-04-21 10:14:28 +01:00
semmle-qlci
2ecef33c9d Merge pull request #3299 from asger-semmle/js/flows-to-redundant-check 
Approved by esbena
 2020-04-21 10:00:34 +01:00
semmle-qlci
80c20cb66e Merge pull request #3297 from asger-semmle/js/isambient-refactor 
Approved by esbena
 2020-04-21 09:36:14 +01:00
semmle-qlci
d75d520f35 Merge pull request #3232 from RasmusWL/python-more-deprecated-annotations 
Approved by BekaValentine
 2020-04-21 09:30:27 +01:00
Tom Hvitved
29e690e159 Merge remote-tracking branch 'upstream/master' into csharp/vsvars-unset-platform 2020-04-21 09:00:26 +02:00
Tom Hvitved
7d86cce658 Merge pull request #2814 from calumgrant/cs/unqualify-trap-ids 
C#: Improve db consistency by removing assembly id
 2020-04-21 08:58:34 +02:00
Dave Bartolomeo
1428811f75 C++: IR translation for binary conditional operator 
IR generation was not handling the special two-operand flavor of the `?:` operator that GCC supports as an extension. The extractor doesn't quite give us enough information to do this correctly (see github/codeql-c-extractor-team#67), but we can get pretty close.

About half of the code could be shared between the two-operand and three-operand flavors. The main differences for the two-operand flavor are:
1. The "then" operand isn't a child of the `ConditionalExpr`. Instead, we just reuse the original value of the "condition" operand, skipping any implicit cast to `bool` (see comment for rationale).
2. For the three-operand flavor, we generate the condition as control flow rather than the computation of a `bool` value, to avoid creating unnecessarily complicated branching. For the two-operand version, we just compute the value, since we have to reuse that value in the "then" branch anyway.

I've added IR tests for these new cases. I've also updated the expectations for `SignAnalysis.ql` based on the fix. @rdmarsh2, can you please double-check that these diffs look correct? I believe they do, but you're the range/sign analysis expert.
 2020-04-21 02:05:21 -04:00
Robert Marsh
d0bb5ad4e2 C++: rename and add description to hasFlowSource 2020-04-20 13:25:31 -07:00
Robert Marsh
e6630a8fba Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-04-20 10:14:13 -07:00
Jonas Jensen
4259904c5e Merge pull request #3301 from Semmle/felicitymay-124-fix-typo 
Fix error in 3287
 2020-04-20 17:36:45 +02:00
Asger Feldthaus
883846dfb6 JS: Fix extraction of negative number literal types 2020-04-20 16:17:15 +01:00
Jonas Jensen
875daae84b Merge pull request #3151 from dbartol/dbartol/floats 
C++: Better support for complex numbers in IR and AST
 2020-04-20 16:27:20 +02:00
Asger Feldthaus
4fc79e38ec JS: Also fix typo in test case 2020-04-20 15:24:51 +01:00
Felicity Chapman
dc83ac61b5 Fix error in 3287 
@jbj - apologies for the over-eager merge of #3287. This should fix the error you highlighted.
 2020-04-20 15:12:43 +01:00
Asger Feldthaus
d4978905f8 JS: Use SendCallback/ReceiveCallback in getAck 2020-04-20 15:12:04 +01:00
Rasmus Wriedt Larsen
43bc7c6619 Python: Autoformat 
I'm not particularly happy about this one, but I don't care to fight about it today.
 2020-04-20 16:08:53 +02:00
Rasmus Wriedt Larsen
b7145af447 Python: Handle all methods in StringKind.getTaintOfMethodResult 2020-04-20 16:07:30 +02:00
Calum Grant
41d8d32764 C#: Address review comment: Make dictionary type more specific. 2020-04-20 15:06:42 +01:00
Asger Feldthaus
ca60e8264e JS: Autoformat 2020-04-20 14:42:41 +01:00
Jonas Jensen
9b61650cba Merge pull request #3298 from MathiasVP/no-inline-std-string-constructor 
C++: Add pragma[noinline] to StdStringConstructor
 2020-04-20 15:10:05 +02:00
Rasmus Wriedt Larsen
a5d3966cb3 Python: Refactor StringKind.getTaintOfMethodResult 
no need to match on ControlFlowNodes manually anymore 🎉
 2020-04-20 15:01:40 +02:00
Rasmus Wriedt Larsen
10b36bb7a8 Python: Taint of string method reference isn't handled 2020-04-20 15:01:40 +02:00
Rasmus Wriedt Larsen
1631787336 Python: Fix points-to regressions Test.ql 
Only being able to debug missing pointsTo for NameNode was quite limiting ...
 2020-04-20 14:41:55 +02:00
Rasmus Wriedt Larsen
8746876377 Python: Add points-to regression for uncalled function 2020-04-20 14:41:45 +02:00
Mathias Vorreiter Pedersen
8be1bfe8d0 C++: Add comments and accept expected dataflow sanity failures 2020-04-20 14:13:12 +02:00
Mathias Vorreiter Pedersen
7ba4526f50 C++: Add noinline to StdString constructor 2020-04-20 13:36:41 +02:00
Erik Krogh Kristensen
9fc29ee0f8 update qhelp 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
73b0aa4004 add more attributes potentially vulnerable to xss-through-dom 2020-04-20 13:29:00 +02:00
Erik Krogh Kristensen
12f4ce8111 merge two cases of jQuery method calls 2020-04-20 13:28:55 +02:00
Erik Krogh Kristensen
aee7cc117d add change-note 2020-04-20 13:08:51 +02:00
Erik Krogh Kristensen
8b254f7b49 Merge remote-tracking branch 'upstream/master' into Maps 2020-04-20 13:00:39 +02:00
semmle-qlci
e965e5c73e Merge pull request #3094 from erik-krogh/Mispelled 
Approved by esbena
 2020-04-20 11:41:23 +01:00
Calum Grant
eb1474acee Merge pull request #3276 from hvitved/csharp/dataflow/array-tests 
C#: Add data-flow test for collections
 2020-04-20 11:36:17 +01:00
Calum Grant
ead916702a C#: Take nullability into account when creating symbol entities. Otherwise, an entity with the wrong (cached) nullability could be created. 2020-04-20 11:29:31 +01:00
Asger Feldthaus
bccc27f1e7 JS: Rephrase flowsTo to avoid redundant SourceNode::Range check 2020-04-20 10:57:52 +01:00
Erik Krogh Kristensen
2d3e42e6d6 update qhelp for xss-through-dom 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-04-20 11:50:46 +02:00