hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 02:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
james
d56c02b1b7 docs: start work on debugging queries topic 2019-12-11 10:42:54 +00:00
Erik Krogh Kristensen
62512dd3e9 expand the js/exception-xss to handle more types of exceptional flow 2019-12-11 10:43:50 +01:00
Jonas Jensen
5a8407749f C#: autoformat fixup 2019-12-11 09:10:23 +01:00
yo-h
837b1e2f9b Merge pull request #2501 from hmakholm/test-extractors 
Prepare for `codeql test`:
 2019-12-10 16:49:14 -05:00
Calum Grant
3e0045f435 Merge pull request #2308 from hvitved/csharp/dataflow/types 
C#: Type-based pruning for data flow
 2019-12-10 20:16:20 +00:00
Geoffrey White
5ecfaed6b1 Merge pull request #2510 from jbj/getTempVariable-perf 
C++: Fix getTempVariable join order in IR
 2019-12-10 16:06:52 +00:00
Jonas Jensen
66876d0f63 C++: Compute isInCycle only for raw IR 
On wireshark/wireshark, `isInCycle` ran into a low-memory loop on the
`aliased_ssa` stage. It shouldn't be necessary to detect cycles after
the `raw` stage, so this commit moves cycle detection into the
`Construction` modules and makes it a no-op in `SSAConstruction.qll`.
 2019-12-10 16:03:39 +01:00
Erik Krogh Kristensen
267c4c07ed refactor EventEmitter model to use the ::Range pattern 2019-12-10 15:54:14 +01:00
Tom Hvitved
abcb6b8aab C#: Type-based pruning for data flow 2019-12-10 15:48:48 +01:00
Tom Hvitved
54088248a1 C#: Use source declarations in field flow 2019-12-10 15:46:31 +01:00
Tom Hvitved
a344707baa C#: Add more data flow tests 
Add tests that exhibit missing type pruning.
 2019-12-10 15:46:31 +01:00
Tom Hvitved
78ddb37a8c C#: Track type information in data flow 
This commit adds type information to data flow paths, by mapping node types onto
the smaller set of GVN types, and implementing `ppReprType()`.

The effect is a mere change in `DataFlow::PathNode::toString()`; no type-based
pruning is done yet.
 2019-12-10 15:46:28 +01:00
Erik Krogh Kristensen
c4fd80d12b some review feedback 2019-12-10 14:53:01 +01:00
Jonas Jensen
7c151644f5 C++: Fix getTempVariable join order in IR 
This join order seems to have broken so it took forever on
wireshark/wireshark.
 2019-12-10 13:43:36 +01:00
Erik Krogh Kristensen
e5d465da9a documentation fixes from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-10 12:01:51 +01:00
Erik Krogh Kristensen
59bafab6c3 update test to not use private class 2019-12-10 10:39:01 +01:00
Erik Krogh Kristensen
72cf14989a update expected output of test 2019-12-10 10:33:37 +01:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
Jonathan Leitschuh
f341234edb Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: yo-h <55373593+yo-h@users.noreply.github.com>
 2019-12-09 19:17:23 -05:00
Robert Marsh
18e7eff43c C++: autoformat 2019-12-09 13:47:38 -08:00
Robert Marsh
b9f8c39fe2 C++: respond to PR comments 2019-12-09 10:55:56 -08:00
Geoffrey White
1c2f36930d Merge pull request #2504 from jbj/1.23-legacy-suites 
C++: Add new queries in 1.23 to legacy suites
 2019-12-09 16:02:42 +00:00
Jonas Jensen
9bbebfc01f C++: Add new queries to C suite too 2019-12-09 17:00:33 +01:00
Erik Krogh Kristensen
60a825cf66 fix tabs and spaces 2019-12-09 16:06:17 +01:00
Jonas Jensen
ff7b6e2ce7 C++: Add new queries in 1.23 to legacy suites 
I didn't add `JapaneseEraDate.ql` since it's not displayed on LGTM by
default.
 2019-12-09 15:36:51 +01:00
Erik Krogh Kristensen
110302678c add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model 2019-12-09 14:27:35 +01:00
Calum Grant
3049bf2c85 Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest 
Adds CodeQL query to check for Pages with disabled built-in validation
 2019-12-09 13:05:03 +00:00
shati-patel
bc2e15c133 Merge pull request #2503 from jf205/support-notes 
CodeQL support docs: remove some full stops
 2019-12-09 12:32:16 +00:00
james
07f35e8b58 docs: remove some full stops 2019-12-09 12:26:53 +00:00
James Fletcher
61d4a87aa4 Merge pull request #2499 from felicitymay/1.23/update-supported-versions 
Update supported versions for 1.23 release
 2019-12-09 12:23:59 +00:00
Tom Hvitved
c562d6757c Merge pull request #2500 from shati-patel/typo 
Fix typos
 2019-12-09 13:06:39 +01:00
Tom Hvitved
25265bddc7 Merge pull request #2494 from calumgrant/cs/roslyn-3.4 
C#: Upgrade Roslyn to 3.4
 2019-12-09 12:21:30 +01:00
Henning Makholm
073563a19b Python tests: explicitly specify --lang2 for python2 tests 
This allows them to work with the `LegacyQltLanguage.PYTHON3` extraction recipe.
 2019-12-07 02:38:02 +01:00
Henning Makholm
baacc6f66b Java tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would  refuse to parse  a `qlpack.yml` that has
the new field in it.
 2019-12-07 02:38:02 +01:00
Henning Makholm
66b3c7cf07 JS tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would refuse to parse a `qlpack.yml` that has the new
field in it.

Adding a queries.xml file means that the normalization of file names in the test
output changes even with the old QLTest, so there are a number of consequential
updates of expected output files.
 2019-12-07 02:38:02 +01:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Shati Patel
f40b1b570c Fix typo 2019-12-06 15:56:01 +00:00
Felicity Chapman
e59d65e67f Update supported versions for 1.23 release 2019-12-06 15:41:18 +00:00
Jonas Jensen
0012fef504 Merge pull request #2497 from hvitved/csharp/remove-cp 
C#: Remove a Cartesian product
 2019-12-06 13:58:33 +00:00
Calum Grant
964f2f25dc Merge pull request #2462 from hvitved/csharp/localvars-refactor 
C#: Handle tuple patterns in `is` expressions
 2019-12-06 12:59:14 +00:00
Calum Grant
4b0a149704 C#: Update qltest output. 2019-12-06 12:41:20 +00:00
Calum Grant
5e6b7be5b8 C#: Update nullability tests. 2019-12-06 12:41:20 +00:00
Calum Grant
5f6527a183 C#: Compare symbols using SymbolEqualityComparer. 2019-12-06 12:41:20 +00:00
Calum Grant
ca195e9340 C#: Update project files to Roslyn 3.4 2019-12-06 12:41:20 +00:00
shati-patel
a5274ad5f2 Merge pull request #2496 from jf205/jf-mergeback-123 
Merge rc/1.23 into master
 2019-12-06 12:24:07 +00:00
Asger F
abec4badb5 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
344f0b4995 Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
c1da83bf6c Fix typo in qldoc 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-06 11:53:09 +00:00
Asger F
2acd616e6f JS: Review comments 2019-12-06 11:53:06 +00:00
Anders Schack-Mulligen
5a2ed9fd81 Java: Add change note. 2019-12-06 11:50:27 +00:00