hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
a51da53013 CPP: Libraries: Split into interface and implementation. 2019-11-22 15:18:59 +00:00
Geoffrey White
356356f71b CPP: Libraries: Overridable classes. 2019-11-22 15:18:59 +00:00
Geoffrey White
0d01ea66c6 CPP: Libraries: Move interfaces into the models directory. 2019-11-22 15:18:59 +00:00
Geoffrey White
64ed97b584 CPP: Libraries: Add FreeFunction and DeallocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00
Geoffrey White
5dab91cb51 CPP: Libraries: Update uses of the Alloc.qll library. 2019-11-22 15:18:59 +00:00
Geoffrey White
376ef2fc8e CPP: Libraries: Add MallocFunction and AllocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00
Geoffrey White
5f798314d1 CPP: Tests: NoSpaceForZeroTerminator test cases for calloc and realloc. 2019-11-22 15:18:59 +00:00
Geoffrey White
a2c0532a84 CPP: Tests: CWE-120 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
d67ea4d768 CPP: Tests: AV Rule 79 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
7190dd2ef4 CPP: Tests: Rearrange a test prior to changes. 2019-11-22 15:16:32 +00:00
Geoffrey White
5014432472 CPP: Tests: Add a test of NewArrayExpr.getAllocatedType() and NewArrayExpr.getExtent(). 2019-11-22 15:16:32 +00:00
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
bbe6a1aa76 CPP: Additional test case. 2019-11-22 15:13:05 +00:00
Jonas Jensen
eb0b0d1e7f C++: Fix remaining FP on MAME 
This should fix a FP in libretro/mame2003-plus-libretro.
 2019-11-22 16:05:17 +01:00
Erik Krogh Kristensen
9fc20cd9b0 add change note 2019-11-22 15:58:00 +01:00
Erik Krogh Kristensen
7d825af9a3 Added an XSS sink for Handlebars.SafeString 2019-11-22 15:56:21 +01:00
semmle-qlci
5c3c8eb35d Merge pull request #2406 from erik-krogh/returnlessFp 
Approved by asgerf
 2019-11-22 13:06:03 +00:00
Erik Krogh Kristensen
f40d79271d cleanup module imports and update expected outputs 2019-11-22 13:55:47 +01:00
Erik Krogh Kristensen
85b22536d0 adjust formatting 2019-11-22 13:36:16 +01:00
Esben Sparre Andreasen
5d34806e50 Merge pull request #2379 from asger-semmle/typescript-fixes 
TS: A bunch of TypeScript fixes
 2019-11-22 13:31:30 +01:00
Max Schaefer
6fbaa7a5ea JavaScript: Make File not extend Locatable anymore. 
Files have strange `:0:0:0:0` locations for... reasons. This makes the predicates inherited from `Locatable` meaningless. A particularly bad case is `getNumLines()`, which will always return one. The right predicate to use is, of course, `getNumberOfLines()`, which is defined in `File` itself.
 2019-11-22 11:57:06 +00:00
Calum Grant
846600e855 Merge pull request #2410 from shati-patel/fix-heading 
C# change notes: Remove duplicated heading
 2019-11-22 11:52:53 +00:00
semmle-qlci
ec9b65ee61 Merge pull request #2369 from max-schaefer/js/odasa-8179 
Approved by esbena
 2019-11-22 11:26:54 +00:00
Cornelius Riemenschneider
0e7a08201f Address review by Anders. 2019-11-22 12:19:06 +01:00
Rasmus Wriedt Larsen
46b6e6d722 Merge pull request #2409 from tausbn/python-typing-forward-reference-fp 
Python: Support forward references inside return type annotations.
 2019-11-22 11:18:04 +01:00
Rasmus Wriedt Larsen
536c211a73 Merge pull request #2401 from tausbn/python-fix-non-iterable-class-confusion-fp 
Python: Fix false positive in `py/non-iterator-in-for-loop`
 2019-11-22 11:15:16 +01:00
Geoffrey White
9471134064 Merge pull request #2417 from jbj/enclosing-reeval 
C++: Prevent cached stages from being re-evaluated
 2019-11-22 09:55:01 +00:00
Max Schaefer
a3a46bfdc2 JavaScript: Add change note. 2019-11-22 09:27:14 +00:00
Max Schaefer
83f5b614e9 JavaScript: Switch detection of callback-based string replacement to data flow. 2019-11-22 09:24:34 +00:00
Max Schaefer
1951461f55 JavaScript: Simplify DoubleEscaping. 
Undo previous work on generalising the concept of a replacement, which did not work out.
 2019-11-22 09:24:34 +00:00
Max Schaefer
ff002a7af4 JavaScript: Whitelist more harmless incomplete escapes. 2019-11-22 09:24:34 +00:00
Max Schaefer
659cc812fe JavaScript: Rephrase two predicates to help the optimiser. 2019-11-22 09:24:34 +00:00
Max Schaefer
db3eaa23ef JavaScript: Introduce modelling of String.prototype.replace and use it in two queries. 2019-11-22 09:24:34 +00:00
Max Schaefer
f43e843b20 JavaScript: Introduce class RegExpLiteralNode. 2019-11-22 09:24:34 +00:00
Max Schaefer
12ea81af9c JavaScript: Move getAMatchedConstant(RegExpTerm) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
a5a5debdc7 JavaScript: Move getStringValue(RegExpLiteral) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00
Max Schaefer
5dcf55e113 JavaScript: Refactor DoubleEscaping.ql. 2019-11-22 09:24:34 +00:00
Jonas Jensen
bd4fa10ffb C++: Tie macro exclusion to <, not + 
This fixes a failing qltest and makes the exclusion similar to what's in
`PointerOverflow.ql`. It's possible we should exclude based on both `+`
and `<`, but we can revisit that if false positives show up.
 2019-11-22 09:20:00 +01:00
Jonas Jensen
ca1b91aab2 Merge pull request #2414 from dbartol/dbartol/FixWarnings 
C++/C#: Fix QL compilation warnings/errors
 2019-11-22 09:14:33 +01:00
Jonas Jensen
0e4ed1cbbf C++: Prevent cached stages from being re-evaluated 
Before this change, evaluating `cpp/constant-comparison` followed by
`cpp/signed-overflow-check` would result in re-evaluation of almost all
the cached stages they share: CFG, basic blocks, SSA, and range
analysis. The same effect could be seen on `cpp/bad-strncpy-size`, which
also uses the GVN library.
 2019-11-22 08:45:49 +01:00
semmle-qlci
62859d140d Merge pull request #2394 from esbena/js/support-getDerivedFromError 
Approved by max-schaefer
 2019-11-22 07:45:45 +00:00
semmle-qlci
2c623372b6 Merge pull request #2405 from esbena/js/another-bind-model 
Approved by asgerf
 2019-11-22 07:35:58 +00:00
Robert Marsh
a5e6b83dbd Merge pull request #2400 from jbj/1.23-changenote 
C++: Tweak 1.23 change note
 2019-11-21 13:53:28 -08:00
Robert Marsh
05aebeff79 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-21 13:45:31 -08:00
Dave Bartolomeo
fb67d3eae4 C++: Fix override errors in MagicDraw.qll 2019-11-21 13:18:45 -07:00
Dave Bartolomeo
27cc6b1e4f C++/C#: Fix compilation error in PrintSSA.qll 
We were privately importing `semmle.code.<lang>.ir.internal.Overlap`, but `PrintSSA.qll` was depending on it being public. This is made a little more complicated by the presence of cross-langage pyrameterized modules.
 2019-11-21 13:18:25 -07:00