hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
3c9fe91581 CPP: Add proof of zero-termination to tests. 2019-11-20 14:27:19 +00:00
Jonas Jensen
b325427d29 C++: Suppress ExprHasNoEffect on template code 2019-11-20 15:12:25 +01:00
Taus Brock-Nannestad
c525ab325f Python: Add toString information for all classes without such. 
Having `toString()` defined to be `none()` is a major headache when debugging,
as `toString`-less results are silently elided. This PR puts dummy `toString`s
in place of the `none()`s.

(I am mostly creating this to see if it impacts our tests and/or the
performance. If not, we may as well merge it.)
 2019-11-20 14:47:20 +01:00
semmle-qlci
77c869f528 Merge pull request #2220 from erik-krogh/processEnvTaint 
Approved by esbena, max-schaefer
 2019-11-20 13:16:43 +00:00
Tom Hvitved
acc7d5298d Data flow: Sync files 2019-11-20 14:10:02 +01:00
Tom Hvitved
6c0dbcfca2 Java/C++: Add DataFlowErasedType aliases 2019-11-20 14:09:53 +01:00
Tom Hvitved
d0b4653e32 C#: Introduce DataFlowErasedType 2019-11-20 14:09:46 +01:00
Max Schaefer
cb20de8070 JavaScript: Add a warning to IncompleteSanitization help. 
Sanitizing away multi-character strings using regular expressions is tricky business, and we should probably warn about it.
 2019-11-20 11:57:50 +00:00
Jonas Jensen
4dafa16572 C++: Fix FP on unevaluated code 
This fixes false positives on tenzir/vast.
 2019-11-20 10:42:36 +01:00
Geoffrey White
9cf819929d Merge pull request #2383 from jbj/field-isStatic 
C++: Don't check if a Field is static
 2019-11-20 09:05:03 +00:00
Robert Marsh
53709deb9d Merge pull request #2342 from jbj/overflow-doc-fixes 
C++: Signed Overflow Check qhelp improvements
 2019-11-19 15:37:52 -08:00
Paulino Calderon
63884c1a86 Mixed spaces and tabs 2019-11-19 13:06:55 -05:00
Paulino Calderon
85eda8c978 Brings security tests from other PRs 2019-11-19 13:04:19 -05:00
Paulino Calderon
96a02aba3f Adds quotes on name and additional info tags 2019-11-19 12:39:10 -05:00
semmle-qlci
51a51d7e0c Merge pull request #2387 from max-schaefer/js/incomplete-dotdot-sanitization 
Approved by asger-semmle
 2019-11-19 16:39:35 +00:00
Jonas Jensen
a1af96e521 C++: Reproduce a reported FP 2019-11-19 16:17:49 +01:00
Shati Patel
49c2398bda QL docs: Update links to blog/demos 2019-11-19 15:06:26 +00:00
Max Schaefer
5565be14fc JavaScript: Teach IncompleteSanitization to flag incomplete path sanitizers. 2019-11-19 15:06:16 +00:00
Erik Krogh Kristensen
1ba777a45d remove deep taint of objects 2019-11-19 15:50:50 +01:00
Erik Krogh Kristensen
c2b48eb546 rename getExceptionalNode to getExceptionTarget 2019-11-19 15:32:17 +01:00
Jonas Jensen
c41114334f Merge remote-tracking branch 'upstream/master' into ir-dataflow-toString 
Solved conflicts in `*.expected` by re-running the tests.
 2019-11-19 14:27:27 +01:00
Erik Krogh Kristensen
d8a5554666 update doc on getExceptionalNode 2019-11-19 14:10:35 +01:00
Erik Krogh Kristensen
abd58ba905 rename 'getThrowsToNode' to 'getExceptionalNode' 2019-11-19 14:08:36 +01:00
Erik Krogh Kristensen
9fa7393d56 add support for try-statements with no catch block 2019-11-19 13:37:35 +01:00
Rasmus Wriedt Larsen
b39bcde31c Merge pull request #2375 from tausbn/python-fix-mutable-value-type-coercion-fp 
Python: Don't report mutable parameters that are in fact immutable.
 2019-11-19 13:26:23 +01:00
Jonas Jensen
fbf2ef8625 C++: Don't check if a Field is static 
A `Field` in the C++ QL libraries can't be static, but I'd for some
reason written two checks for `Field`s being static in the data-flow
library.
 2019-11-19 13:20:21 +01:00
Rasmus Wriedt Larsen
231414ceaf Merge pull request #2374 from tausbn/python-fix-mappingproxytype-fp 
Python: Fix non-container FP relating to `MappingProxyType`.
 2019-11-19 13:13:26 +01:00
Jonas Jensen
b43cbeb17f Merge pull request #2372 from geoffw0/qhelpms 
CPP: Improve TlsSettingsMisconfiguration qhelp
 2019-11-19 13:05:52 +01:00
Erik Krogh Kristensen
0a428a8f44 typo 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-19 13:05:13 +01:00
Jonas Jensen
466f7fe6b2 C++: Use <ol> for recommendations 2019-11-19 12:57:02 +01:00
Erik Krogh Kristensen
2f08ee9faf fix typo 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-19 12:53:50 +01:00
James Fletcher
c73ae5399d Merge pull request #2380 from shati-patel/docs/blog-links 
Docs: Update links from blog to security lab
 2019-11-19 11:09:13 +00:00
Shati Patel
820a11294d Docs: Update links from blog to security lab 2019-11-19 10:54:19 +00:00
Jonas Jensen
0731309b1e C++: Change note for StackVariable 2019-11-19 11:44:03 +01:00
Jonas Jensen
4d97534308 C++: Deprecate LocalScopeVariableReachability 2019-11-19 11:43:41 +01:00
Jonas Jensen
1498499994 C++: Relax type in two tests 2019-11-19 11:31:34 +01:00
Jonas Jensen
f5b9837e19 C++: Use StackVariable in Nullness.qll 
This might cause fewer variables to be analysed because not every use of
`LocalScopeVariable` was constrained by the def-use library. Hopefully
this leads to an improved nullness analysis since it avoids treating
`static T *x = nullptr;` the same as `static T *x; x = nullptr;`.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
140575ee71 C++: Use StackVariable where SSA/def-use are used 
These changes should not affect semantics since these uses of
`LocalScopeVariable` were already constrained to stack variables by
their use of SSA or def-use.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
6f9ec0409e C++: Use StackVariable in code that uses RangeSSA 2019-11-19 11:31:33 +01:00
Jonas Jensen
29f66ff095 C++: Use StackVariable, remove not v.isStatic() 
In these files it was possible to remove calls to `isStatic` by
switching from `LocalScopeVariable` to `StackVariable`. This changes
semantics, hopefully for the better, to treat `thread_local` locals the
same as `static` locals.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
e57f98ca64 C++: Use StackVariable in def-use libraries 
Most of the implementation was already in terms of
`SemanticStackVariable`, so not much should have changed.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
95a333d28c C++: Use StackVariable in SSA libraries 
This means we'll no longer get SSA definitions for thread-local
local-scope variables.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
c1ed908834 C++: Use StackVariableReachability 
This library is a drop-in replacement for
`LocalScopeVariableReachability`, so no changes are expected.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
01ca63ae92 C++: Bring back StackVariableReachability.qll 
This is now a copy of `LocalScopeVariableReachability.qll`, just with
`s/LocalScopeVariable/StackVariable/g`. It can be used as a drop-in
replacement since the `LocalScopeVariableReachability.qll` library
implementation was already restricted to `SemanticStackVariable`.
 2019-11-19 11:30:59 +01:00
Jonas Jensen
8110039e0a C++: Bring back the StackVariable QL class 
The new `StackVariable` class actually denotes what its name suggests.
 2019-11-19 11:23:34 +01:00
Erik Krogh Kristensen
d4f42d872a change change-note to target 1.24 instead of 1.23 2019-11-19 11:10:34 +01:00
Taus
4c700882b6 Merge pull request #2190 from RasmusWL/python-modernise-tornado-library 
Python: modernise tornado library
 2019-11-19 09:36:30 +01:00
Erik Krogh Kristensen
de8ed3f508 update test code 2019-11-19 09:04:30 +01:00
Erik Krogh Kristensen
91674f681b refactoring to remove duplicated code and simplify the ExceptionXss query 2019-11-19 08:54:51 +01:00
Robert Marsh
ae47eab727 C++: autoformat 2019-11-18 15:36:08 -08:00