hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 17:34:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,683 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Mathias Vorreiter Pedersen
246ef694f6 Merge branch 'master' into gvn-use-impl 2020-02-19 10:29:46 +01:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer
4346691cdc JavaScript: Distinguish {lo} and {lo,} in the regular expression parser. 2020-02-19 08:26:14 +00:00
james
d3eb5334b8 docs: update titles, some links, add intros 2020-02-19 07:37:35 +00:00
james
2245d64c52 docs: tidy up ql-for-cpp 2020-02-19 07:09:01 +00:00
Rebecca Valentine
2fa20eb805 Fixes bug introduced by merge of foresight additions. 2020-02-18 21:37:52 -08:00
Rebecca Valentine
7997e1dc98 Merge branch 'master' into objectapi-to-valueapi-expectedmappingforformatstring 2020-02-18 21:33:12 -08:00
Rebecca Valentine
9e3ed214d0 Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Rebecca Valentine
810efef9de Adds python3 test 2020-02-18 15:02:47 -08:00
Rebecca Valentine
e55f01d905 Adds new UseofApply test case and results to the Python2 tests dir 2020-02-18 12:12:25 -08:00
Rebecca Valentine
9338d21aaf Removes unnecessary explanation 2020-02-18 11:43:43 -08:00
Rebecca Valentine
4059a99da6 Autoformats the query 2020-02-18 11:43:31 -08:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Robert Marsh
ff876aaedf C++: Accept test output with IR enabled 2020-02-18 09:48:21 -08:00
Rebecca Valentine
d0617ef7bc Autoformat 2020-02-18 09:00:31 -08:00
Felicity Chapman
2a5ac2e829 Fix failing Sphinx tests 2020-02-18 16:50:48 +00:00
Robert Marsh
adfe5f30a1 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-18 08:42:27 -08:00
Mathias Vorreiter Pedersen
cc4c780573 Merge pull request #2860 from jbj/isInCycle-neighbors 
C++: Manual magic for `isInCycle`
 2020-02-18 17:41:19 +01:00
Robert Marsh
aaf6926c34 Merge pull request #2851 from jbj/ir-enable-only 
C++: Use IR for security.TaintTracking and GVN
 2020-02-18 11:37:34 -05:00
Alistair Christie
fdbc74825e Java topics - change titles & add intros 2020-02-18 16:34:55 +00:00
Felicity Chapman
74d93ba704 Tidy up some references 2020-02-18 16:05:01 +00:00
semmle-qlci
ba67faf461 Merge pull request #2863 from shati-patel/master 
Approved by felicitymay
 2020-02-18 15:56:10 +00:00
Taus
ffbb5d0529 Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Felicity Chapman
8a44f51fc5 Bring headings more into line with content models 2020-02-18 13:18:02 +00:00
Felicity Chapman
8ab4cebc9b Add reusable for other resources and make 'Further reading' section 2020-02-18 12:16:33 +00:00
Felicity Chapman
38e40622f1 Update topic titles and update map topic as discussed with JF and SP 2020-02-18 12:03:51 +00:00
Calum Grant
c3b88210aa C#: Add runtime idenfitiers to project files. 2020-02-18 11:52:41 +00:00
Mathias Vorreiter Pedersen
4cad5549ee C++: Directly import AST GVN module in tests 2020-02-18 12:21:14 +01:00
Rasmus Wriedt Larsen
1826abcdda Python: Autoformat django/General.qll 
Should get into the habbit of doing this, but this time it slipped :P
 2020-02-18 11:26:16 +01:00
Rasmus Wriedt Larsen
48c1c598bc Python: Write DjangoRegexRoute in more modern way 
That is, assigning to fields instead of repeatedly using helper predicate
 2020-02-18 11:25:27 +01:00
Rasmus Wriedt Larsen
ed9aa7dced Python: Write DjangoPathRoute in modern way 
That is, assigning to fields instead of repeatedly using helper predicate
 2020-02-18 11:24:24 +01:00
Rasmus Wriedt Larsen
5a0babe88b Python: Add support for Django 2.x and 3.x 
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
 2020-02-18 11:22:35 +01:00
Erik Krogh Kristensen
e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Jonas Jensen
0d239e8bd2 C++: Manual magic for isInCycle 
The `isInCycle` predicate would take a long time on Wireshark with 6GB
RAM, sometimes OOMing in the fastTC HOP. Analyzing wireshark with 6GB is
important because that's the standard configuration on our Jenkins
workers. With this commit, I can analyze Wireshark with 6GB on my
laptop.

The `getNonPhiOperandDef` predicate on Wireshark is 34M tuples, while
`getDefIfHasNeighbors` is 11M tuples, and the TC of
`getDefIfHasNeighbors` is 23M tuples (487 MB).
 2020-02-18 08:33:43 +01:00
Rebecca Valentine
4178002d59 Merge branch 'master' into python-objectapi-to-valueapi-useofapply 2020-02-17 17:20:00 -08:00
Esben Sparre Andreasen
e8938fb466 JS: introduce RegExpSequence::nextElement and previousElement 2020-02-17 23:20:25 +01:00
Rebecca Valentine
c36c0aeb88 Fixes renaming bug 2020-02-17 12:09:01 -08:00
Rebecca Valentine
13cd8d2435 Fixes expected results bug 2020-02-17 11:47:03 -08:00
Rebecca Valentine
a2c1d5ff45 Moves to higher level API 2020-02-17 11:46:53 -08:00
Rebecca Valentine
c5986c52d3 Renames typeErrorType to typeError 2020-02-17 11:28:39 -08:00
Tom Hvitved
a695b567ec Data flow: Sync files 2020-02-17 19:39:52 +01:00
Tom Hvitved
3a4f52315c Data flow: Track simple call contexts in nodeCand[Fwd]1 2020-02-17 19:37:35 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
yo-h
d3b1729864 Merge pull request #2793 from aschackmull/java/format-taint-step 
Java: Add String.format as default taint step.
 2020-02-17 12:50:12 -05:00
Alexander Eyers-Taylor
c685b348c3 Merge pull request #2837 from jf205/monotonic-aggregates 
docs: expand QL book entry on monotonic aggregates
 2020-02-17 17:05:54 +00:00
james
d5ff8f2b8e docs: technical feedback 2020-02-17 16:20:31 +00:00
Rasmus Wriedt Larsen
adec76d041 Python: Follow conventions of getASomething 
When multiple results are available, we usually name the function
`getAnArgument` or `getASomething`. The support for django copied the way bottle
did things, so this commits cleans up both
 2020-02-17 16:55:55 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00