hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 20:02:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
82097f63ac Merge pull request #1903 from jf205/js-links 
Approved by asger-semmle
 2019-09-13 15:25:02 +01:00
Erik Krogh Kristensen
9dc9adda64 fix capitalization in test case 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen
3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:52:11 +01:00
Jonas Jensen
7cfbe88e7b C++: IR DataFlow::Node.toString consistency 
The `toString` for IR data-flow nodes are now similar to AST data-flow
nodes. This should make it easier to use the IR as a drop-in replacement
in the future. There are still differences because the IR data flow
library takes conversions into account.

I did not attempt to align the new nodes we use for field flow. That can
come later, when we add field flow to IR data flow.
 2019-09-13 14:33:31 +02:00
Jonas Jensen
562bffe710 C++: Simplify toString of ImplicitParameterNode 
This string looked out of place compared to `ExplicitParameterNode`,
whose string is simply the name of the parameter and therefore
indistinguishable from an access to the parameter without looking at the
location also. This has not been a problem so far, and if we want to
distinguish more clearly between initial values and accesses at some
point, we should do it for `ExplicitParameterNode` and
`UninitializedNode` too.
 2019-09-13 14:33:26 +02:00
Erik Krogh Kristensen
c4f27ed4cc rename TaintedLength to LoopBoundInjection 2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen
673e883c21 use superscript to denote the size of the tainted object 2019-09-13 11:00:11 +01:00
semmle-qlci
d0d3882121 Merge pull request #1919 from esben-semmle/js/fixup-1 
Approved by asger-semmle, xiemaisi
 2019-09-13 10:40:38 +01:00
semmle-qlci
1313821a25 Merge pull request #1904 from erik-semmle/passportModel 
Approved by asger-semmle, esben-semmle
 2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Tom Hvitved
f5cae9b6ea Merge pull request #1881 from aschackmull/java/pathgraph-nodes 
Java/C++/C#: Add nodes predicate to PathGraph.
 2019-09-13 10:32:47 +02:00
Dave Bartolomeo
e8cf3f876e Merge pull request #1660 from zlaski-semmle/zlaski/builtin-va-list 
Add a `__builtin_va_list` type, to complement `__builtin_va_*`
 2019-09-12 14:04:55 -07:00
Dave Bartolomeo
9072f6231f Merge pull request #1928 from jbj/autoformat-ssa 
C++: Autoformat IR SSA files
 2019-09-12 14:03:20 -07:00
zlaski-semmle
45640395a9 Merge pull request #1803 from geoffw0/qldoceg9 
CPP: Add syntax examples to QLDoc in Variable.qll
 2019-09-12 12:32:58 -07:00
Robert Marsh
7f6108259e Merge pull request #1927 from jbj/instructionNode 
C++: Add DataFlow::instructionNode
 2019-09-12 12:06:01 -07:00
Rebecca Valentine
f503e042fc Merge pull request #1877 from taus-semmle/python-modernise-non-iterator-query 
Python: Modernise the `py/non-iterable-in-for-loop` query.
 2019-09-12 11:14:40 -07:00
Calum Grant
b7db15646c Merge pull request #1858 from AndreiDiaconu1/ircsharp-continue 
C# IR: Add support for `ContinueStmt`
 2019-09-12 17:37:01 +01:00
Erik Krogh Kristensen
c2efb0afe7 two tiny qldoc changes 2019-09-12 16:58:07 +01:00
Erik Krogh Kristensen
119b1ffb80 changes based on review from max 2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen
dc891dc420 added js/loop-bound-injection to javascript security suite 2019-09-12 15:50:50 +01:00
Erik Krogh Kristensen
17a71a97c5 add loop-bound-injection to change-notes 2019-09-12 15:28:14 +01:00
Erik Krogh Kristensen
3d359bc8dc Merge remote-tracking branch 'upstream/master' into taintedLength 2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen
30f1bcf5bc updated query ID and expected output 2019-09-12 15:24:33 +01:00
Jonas Jensen
0c092e21b0 C++: Autoformat IR SSA files 
One autoformat omission had also slipped into
`DefaultTaintTracking.qll`.
 2019-09-12 15:45:08 +02:00
Jonas Jensen
10270cb36d C++: Turn a comment into QLDoc 2019-09-12 15:44:04 +02:00
AndreiDiaconu1
e55f16d990 Fix comment 2019-09-12 13:57:28 +01:00
AndreiDiaconu1
91fdfd48e5 Fixed CP problem 2019-09-12 13:09:49 +01:00
Jonas Jensen
c7e6081079 C++: Add DataFlow::instructionNode 
This is for symmetry with `exprNode` etc., and it should be handy for
the same reasons. I found one caller of `asInstruction` that got simpler
by using the new predicate instead.
 2019-09-12 11:44:17 +02:00
Tom Hvitved
5070270605 C#: Fix CFG for nested finally blocks 2019-09-12 11:44:04 +02:00
Tom Hvitved
b9fa837963 C#: Add new CFG test for try/finally 2019-09-12 11:44:04 +02:00
Tom Hvitved
3d32f3d173 C#: Restructure existing CFG tests for try/finally 2019-09-12 11:44:04 +02:00
AndreiDiaconu1
47120bc923 PR fixes 2019-09-12 10:34:00 +01:00
Calum Grant
e330d5a6c6 Merge pull request #1549 from hvitved/csharp/cfg/loop-unrolling 
C#: Loop unrolling for `foreach` statements
 2019-09-12 10:24:26 +01:00
AndreiDiaconu1
420abbf3dc C# IR: Support for ContinueStmt 
Added support for continue stmt.
Minimal refactoring of the `TranslatedSpecificJump` classes.
Added a new test file, `jumps.cs` and updated the expected output.
 2019-09-12 10:01:48 +01:00
Anders Schack-Mulligen
6299625b3d C#: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
61e4e61087 C++: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
2d620698d8 Java: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
95e2f162d9 Java/C++/C#: Adjust toString of empty accesspath. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
0a4b15d40b Java/C++/C#: Add nodes predicate to PathGraph. 2019-09-12 11:00:49 +02:00
Erik Krogh Kristensen
2db0cdf4e2 two small qhelp fixes 2019-09-12 10:00:08 +01:00
semmle-qlci
10076a6b2b Merge pull request #1886 from jbj/ir-taint-shared 
Approved by rdmarsh2
 2019-09-12 06:48:24 +01:00
Robert Marsh
e71a39f6b6 Merge pull request #1912 from jbj/tainttracking-ir-1 
C++: Stub replacement for security.TaintTracking
 2019-09-11 13:44:39 -07:00
Tom Hvitved
8f3f9406e2 C#: Early identification of duplicate extraction 2019-09-11 20:47:20 +02:00
Geoffrey White
d1cc28e253 CPP: Address review comments. 2019-09-11 17:14:05 +01:00
Geoffrey White
ee07c705a4 CPP: More review suggestions. 2019-09-11 17:14:05 +01:00
Geoffrey White
8134d80c46 CPP: Review suggestions. 2019-09-11 17:14:05 +01:00
Geoffrey White
120b0c0c2c CPP: Modernize the TemplateVariables test and have the TemplateVariables actually included in the scope of the test. 2019-09-11 17:14:05 +01:00
Geoffrey White
68196df561 CPP: Examples Variable.qll. 2019-09-11 17:11:53 +01:00
semmle-qlci
72db219c13 Merge pull request #1910 from xiemaisi/js/unused-index-variable 
Approved by esben-semmle, shati-semmle
 2019-09-11 14:33:32 +01:00
Jonas Jensen
6912cafc54 C++: Use the RelationalOperation class 2019-09-11 15:21:49 +02:00