hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
james
4e4388d688 docs: address review comments 
(cherry picked from commit 8c88cbba3a)
 2019-09-10 16:02:59 +01:00
Mark Shannon
541706ed53 Python docs: Fix typos and rst formatting issue. 
(cherry picked from commit d096644773)
 2019-09-10 15:57:52 +01:00
james
d592af1c22 docs: fix speaker note bug 
(cherry picked from commit 0b31ca46b1)
 2019-09-10 15:57:52 +01:00
james
9eefeb770a docs: fix include in data flow slides 
(cherry picked from commit 387147ede2)
 2019-09-10 15:57:52 +01:00
james
6dcf9997e9 docs: make use of includes for local and global data flow slides 
(cherry picked from commit b89f0161aa)
 2019-09-10 15:57:52 +01:00
james
dfeab086db docs: add template slide deck 
(cherry picked from commit ec9ca6852b)
 2019-09-10 15:57:52 +01:00
james
6b9566a6e4 docs: add rst versions of java slide decks and improve a few c++ slides 
(cherry picked from commit 7fa7f2dd65)
 2019-09-10 15:57:51 +01:00
Mark Shannon
63a391a654 Python docs: remove confusing reference to SSA as 'dataflow' and add a reference to the taint-tracking library from the library overview page. 
(cherry picked from commit dafed6b93e)
 2019-09-10 15:57:51 +01:00
Mark Shannon
1fe5d0cb97 Python docs: Remove all references to ClassExpr and FunctionExpr; we want to remove them eventually. 
(cherry picked from commit 562f4ef604)
 2019-09-10 15:57:51 +01:00
Mark Shannon
ff64aedc0a Python docs: Replace remaining references to old 'Object' API are replaced by new 'Value' API. 
(cherry picked from commit 6edf9efe1b)
 2019-09-10 15:57:51 +01:00
Jonas Jensen
bd59029e2b C++: Add pointer-to-member test to syntax-zoo 
This test was inspired by problems observed in a MySQL snapshot. The
results show there are problems with both the QL CFG and the IR.
 2019-09-10 16:23:23 +02:00
Erik Krogh Kristensen
97fc10e669 Add query for detecting potential DOS form a tainted .length property 2019-09-10 14:59:48 +01:00
Max Schaefer
ea81531a7b C#: Update a .qlref. 
This currently relies on the fact that qltest includes `ql/csharp/ql/src/Metrics` in addition to `ql/csharp/ql/src` on its search path when run internally, which is inconsistent with the other languages. Since this is the only test that relies on it, I'd like to update it and get rid of the extra search root eventually.
 2019-09-10 13:01:04 +01:00
Jonas Jensen
de4e2a259e C++: Stub replacement for security.TaintTracking 
This commit adds a `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`
library that's API-compatible with the
`semmle.code.cpp.security.TaintTracking` library. The new library is
implemented on top of the IR data flow library.

The idea is to evolve this library until it can replace
`semmle.code.cpp.security.TaintTracking` without decreasing our SAMATE
score. Then we'll have the IR in production use, and we will have one
less taint-tracking library in production.
 2019-09-10 13:40:45 +02:00
semmle-qlci
df1bf4a95b Merge pull request #1907 from asger-semmle/mongoose-types 
Approved by xiemaisi
 2019-09-10 12:05:57 +01:00
Sam Lanning
2f54437c10 Merge pull request #1889 from AlexTereshenkov/master 
Add a new issue template for false positive in LGTM.com
 2019-09-10 11:33:09 +01:00
AlexTereshenkov
49ee205b46 Update issue templates 2019-09-10 11:02:02 +01:00
AlexTereshenkov
77871f6d51 Update .github/ISSUE_TEMPLATE/lgtm-com---false-positive.md 
Co-Authored-By: Sam Lanning <sam@lanni.ng>
 2019-09-10 10:25:03 +01:00
AndreiDiaconu1
442c9f2cc8 Delete useless file 2019-09-10 09:52:35 +01:00
AndreiDiaconu1
241a40c145 C# IR: Initializers 
Add support for collection initializers.
Instead of using `AssignExpr` for the translation of object initializers, `MemberInitializer` is now used.
 2019-09-10 09:32:00 +01:00
AndreiDiaconu1
0528d8ef39 C# IR: Object creation refactoring 
The way object creation was translated has been changed: now creations are treated as expressions.
The main motivation for this was the inability to have creation expressions as arguments to
function calls (a test case has been added to showcase this).
All code that dealt with creation expressions has been moved from `TranslatedInitialization.qll` to `TranslatedExpr.qll`.
Some light refactoring has also been done, mainly removing code that was useless after the changes mentioned above.
 2019-09-10 09:20:21 +01:00
AndreiDiaconu1
d9f3c14c9c C# IR: Add support for multiple decls and updates 
Added support for multiple declarations and updates in a for stmt.
Added test cases and updated the expected output.
 2019-09-10 09:17:41 +01:00
Jonas Jensen
d6fba0ef46 C++: Don't create partial defs for calls to const 
These partial defs don't do any harm, but they could hurt performance.
In typical C++ snapshots, between 5% and 20% of all calls are to `const`
functions.
 2019-09-10 09:49:16 +02:00
Jonas Jensen
fd3615d120 C++: Show that there are too many partial defs 2019-09-10 09:44:07 +02:00
jf205
ad4715fd52 Merge pull request #1908 from shati-semmle/ql-hb/fixes 
QL handbook: Add examples and fix typos
 2019-09-10 08:42:14 +01:00
Jonas Jensen
7b09e4177e C++: Add localExprTaint for IR 
This is for ODASA-8053.
 2019-09-10 09:40:31 +02:00
Jonas Jensen
80a0027808 C++: Shared TaintTrackingImpl for IR TaintTracking 2019-09-10 09:40:27 +02:00
Jonas Jensen
770212567f C++: Fix up IR data flow QLDoc 2019-09-10 09:34:54 +02:00
Tom Hvitved
41cd13a637 C#: Update expected test output 2019-09-10 09:17:50 +02:00
Robert Marsh
2806a52ec5 Merge pull request #1888 from jbj/ir-dataflow-node-ipa 
C++: Hide that IR DataFlow::Node is Instruction
 2019-09-09 11:00:37 -07:00
Geoffrey White
4283a1508d Merge pull request #1870 from jbj/autoformat-all 
C++: Autoformat everything
 2019-09-09 16:05:32 +01:00
Shati Patel
cfa51a0e8b QL HB: Add predicate call example [SD-3864] 2019-09-09 16:01:42 +01:00
Shati Patel
f5de1dc999 QL HB: Explain use of cast [SD-3865] 2019-09-09 16:01:41 +01:00
Shati Patel
4f2c9fa3cb QL HB: Expand bindingset example [SD-3863] 2019-09-09 16:01:14 +01:00
Shati Patel
acca48bd8f QL HB: Fix typo [SD-3862] 2019-09-09 16:01:07 +01:00
Max Schaefer
bdba647bf5 Merge pull request #1893 from erik-semmle/addXLinkHref 
JS: add xlink:href as xss target when using setAttribute
 2019-09-09 15:56:47 +01:00
Jonas Jensen
79f456e8bd Merge pull request #1905 from ian-semmle/mangling_more 
C++: Resolve all classes
 2019-09-09 16:48:30 +02:00
Asger F
194a1c3530 JS: Change note 2019-09-09 15:42:43 +01:00
Calum Grant
79a750dfaf Merge pull request #1845 from AndreiDiaconu1/ircsharp-compiler-generated 
C# IR: Framework for translating compiler generated elements
 2019-09-09 15:42:07 +01:00
Asger F
ad5abc61cc JS: Move typed test into separate test 2019-09-09 15:35:26 +01:00
Asger F
ea446f2aa1 JS: Use type info in mongodb/mongoose model 2019-09-09 15:35:26 +01:00
Asger F
8e397ad203 JS: Use type tracking in mongodb/mongoose model 2019-09-09 15:35:23 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
semmle-qlci
89cba089b4 Merge pull request #1892 from asger-semmle/event-handler-sink 
Approved by esben-semmle
 2019-09-09 15:33:21 +01:00
Erik Krogh Kristensen
03b210a8e1 made the two Passport classes in the Express model private 2019-09-09 13:04:47 +01:00
Erik Krogh Kristensen
3ebe6608c2 updated expected values for the Express test 2019-09-09 13:02:35 +01:00
erik-semmle
d01f84f015 fix comment in passport test 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-09-09 12:59:38 +01:00
Asger F
b6690bb644 JS: Add change note 2019-09-09 12:45:03 +01:00
Tom Hvitved
170621d1cc C#: Address review comments 2019-09-09 13:38:23 +02:00
AndreiDiaconu1
53ebe23db6 Better retrieval for the GetEnumerator call 2019-09-09 12:33:19 +01:00