hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 09:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
771dfecf6d Python: Add sanitized edges for urlsplit test 2020-02-26 14:10:30 +01:00
Rasmus Wriedt Larsen
0b31cb1716 Python: Show that we have initial taint in urlsplit test 2020-02-26 14:09:02 +01:00
Rasmus Wriedt Larsen
400a8ffae5 Python: Use slightly better name than foobar 
I intended to rename before committing, but woops
 2020-02-26 14:08:10 +01:00
Anders Schack-Mulligen
508b6050a8 Java: Remove some irrelevant bounds from TypeFlow. 2020-02-26 13:51:25 +01:00
Taus
dce121b565 Merge pull request #2916 from BekaValentine/python-objectapi-to-valueapi-callargsandothers 
Python: ObjectAPI to ValueAPI: CallArgs and Others
 2020-02-26 12:51:18 +01:00
semmle-qlci
326522c250 Merge pull request #2846 from erik-krogh/CVE481 
Approved by asgerf, esbena
 2020-02-26 11:16:41 +00:00
Mathias Vorreiter Pedersen
1bee0ffe3b C++: Autoformat 2020-02-26 12:09:21 +01:00
Jonas Jensen
5f6d07dd57 C++: Fix performance of UnsignedGEZero.ql 
This query used two fastTC operations that were already somewhat
inefficient on their own but could send the evaluator into an OOM loop
when run in parallel without enough RAM.

The fix is to recurse manually, starting just from the expressions that
are potential candidates for alerts.
 2020-02-26 11:32:41 +01:00
Rasmus Wriedt Larsen
4330d4e289 Python: Remove unused import in test 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
5fae3a8d0a Python: Explain complexity of HTTPConnection.request 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
b213db03fd Python: Consolidate stdlib http client tests 
Move the stdlib tests from test/{2,3}/library-tests/ into /test/library-tests/,
and deal with version by using sys.version_info (results should be the same for
both versions).

six tests were moved from /library-tests/web/client/stdlib => /library-tests/web/client/six
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
be187bcc0a Python: Make Client::HttpRequest extend ControlFlowNode 
Taus poitned out that the reuqest being send off, doesn't *need* to happen on a
CallNode. Someone *could* use a __setattr__ or property :\
 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
e25079acc2 Python: Remove unnecessary cast 2020-02-26 10:26:30 +01:00
Rasmus Wriedt Larsen
cd5399d43e Python: Model outgoing http client requests 2020-02-26 10:26:30 +01:00
Mathias Vorreiter Pedersen
d942a3b54a C++: Change definition of isChiForAllAliasedMemory to recurse through inexact PhiInstructions 2020-02-26 10:21:27 +01:00
yo-h
21dd8757dd Update docs/experimental.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-02-25 23:11:29 -05:00
Rebecca Valentine
2fb722b04e Removes the general versions of the query. 2020-02-25 14:55:55 -08:00
Rebecca Valentine
15aeeb1e50 Removes erroneous expected result for py3 2020-02-25 14:54:52 -08:00
Rebecca Valentine
e07a003f75 Swaps overridden_call globally 2020-02-25 11:02:18 -08:00
Rebecca Valentine
50c91b99da Swaps correct_args_if_called_as_method globally 2020-02-25 11:01:51 -08:00
Rebecca Valentine
fb0cae76cf Swaps wrong_args globally 2020-02-25 11:00:39 -08:00
Rebecca Valentine
3a764ade8d Swaps too_many_args globally 2020-02-25 10:59:55 -08:00
Rebecca Valentine
3b0be46377 Swaps too_few_args globally 2020-02-25 10:59:16 -08:00
Rebecca Valentine
2c32a859cc Swaps illegally_named_parameter globally 2020-02-25 10:58:08 -08:00
Rebecca Valentine
4857a947ac Swaps get_function_or_initializer globally 2020-02-25 10:51:40 -08:00
Rebecca Valentine
cf4b7e1270 Swaps arg_count globally 2020-02-25 10:50:30 -08:00
Rebecca Valentine
c2a3af7e67 Adds objectapi suffix to private predicates 2020-02-25 10:48:29 -08:00
Rebecca Valentine
930228acc5 Un-autoformats 2020-02-25 09:52:46 -08:00
Rebecca Valentine
3e53e462d6 changes indents to 4 2020-02-25 09:46:21 -08:00
Rebecca Valentine
04951faf86 autoformat 2020-02-25 09:43:51 -08:00
Taus Brock-Nannestad
1526c86e6d Python: Update test results for ReturnTypes.ql for Python 2. 2020-02-25 17:30:46 +01:00
yo-h
d06caefd8e Address code review comments for experimental.md 2020-02-25 11:17:42 -05:00
Taus Brock-Nannestad
35ada17e2a Python: Use object as default return type for built-ins. 2020-02-25 16:31:40 +01:00
Taus Brock-Nannestad
5813209337 Python: Add tests for missing points-to for built-in methods. 2020-02-25 16:25:41 +01:00
Erik Krogh Kristensen
dc6bfad023 Merge remote-tracking branch 'upstream/master' into CVE481 2020-02-25 16:25:03 +01:00
Taus Brock-Nannestad
887f85cee2 Python: Add test for missing points-to information 
To ease the rollout of this test, currently we only report missing points-to
information for nodes that either

- appear as an argument in a call to a function named `check`, or
- appear inside a scope where the first line is annotated with a comment ending
  in "check".

The idea behind the second version is that once we have points-to running at a
level where no node inside a scope that _ought_ to have points-to is missing
this information, we can simply remove all uses of `check(...)` from inside this
scope, and annotate the entire scope with `# check`. Once this has been done for
the entire file, we can then remove all the comments and just require
_everything_ to be checked.

Note that I don't expect all nodes to have the need for points-to information.
For instance, there are nodes representing scope entry and exit, and for these
it doesn't make sense to require that they "point-to" anything. Similarly,
`NameNode` appearing in a "store" (i.e. as the left hand side of an assignment)
do not strictly need to have points-to information, although it might be more
intuitive if they did.

Thus, the `relevant_node` predicate will almost certainly need to be extended to
exclude these kinds of nodes.
 2020-02-25 16:07:50 +01:00
Rasmus Wriedt Larsen
f10a86d3ac Python: Remove --optimize: true from options files 
Tests will be run with optimizations on by default now.
 2020-02-25 15:52:00 +01:00
Rasmus Wriedt Larsen
8f70101572 Python: docs: Use <code> tag consistently in UseofInput.qhelp 2020-02-25 15:40:08 +01:00
mchammer01
0c5216570c pre-migration work: fix typos 2020-02-25 04:50:14 -08:00
Jonas Jensen
db33c360bc Merge pull request #2910 from aschackmull/dataflow/cleanup 
Java/C++: Minor dataflow cleanup.
 2020-02-25 12:47:10 +01:00
semmle-qlci
03b882381a Merge pull request #2723 from esbena/js/support-path-is-inside 
Approved by asgerf
 2020-02-25 11:21:24 +00:00
Taus
b453cf8f60 Merge pull request #2906 from RasmusWL/python-add-3-imports-tests 
Python: Add Python 3 Imports tests from internal repo
 2020-02-25 12:04:16 +01:00
Erik Krogh Kristensen
c83c27cbc4 add extra sanity-check that the output looks good 2020-02-25 11:11:58 +01:00
Erik Krogh Kristensen
8d26f32199 arg -> param 2020-02-25 10:53:07 +01:00
Erik Krogh Kristensen
87d283aa6c add tests for third party command execution libraries (and two small fixes) 2020-02-25 10:50:59 +01:00
Matthew Gretton-Dann
3465d5a0c7 docs: Correct AC5 version 2020-02-25 09:29:18 +00:00
Matthew Gretton-Dann
a48e36e2e1 docs: Update clang/gcc versions supported 2020-02-25 09:28:39 +00:00
Matthew Gretton-Dann
28e9cd7e38 docs: Detail support for C18. 2020-02-25 09:27:42 +00:00
Mathias Vorreiter Pedersen
b9bb2ec0ac Merge pull request #2864 from jbj/DefaultTaintTracking-cached 
C++: Cache DefaultTaintTracking
 2020-02-25 10:15:43 +01:00
Erik Krogh Kristensen
d540caecdd Apply suggestions from code review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-25 10:04:51 +01:00