hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felicity Chapman
28fece0f75 Merge pull request #1906 from jf205/readme-updates 
docs: update readme following recent project changes
 2019-09-09 12:27:24 +01:00
semmle-qlci
2283195ebd Merge pull request #1871 from asger-semmle/type-tracking-through-imports 
Approved by xiemaisi
 2019-09-09 12:25:06 +01:00
Erik Krogh Kristensen
26f6b1d186 add model for passport.use in the Express model 2019-09-09 12:01:11 +01:00
james
54342a6daa docs: update readme 2019-09-09 11:57:08 +01:00
Geoffrey White
22e1715368 Merge pull request #1900 from jbj/dataflow-this-by-ref 
C++: Fix flow out of `this` by reference
 2019-09-09 11:15:32 +01:00
james
e8f867204d docs: fix broken links in js topics 2019-09-09 11:15:18 +01:00
Geoffrey White
26490bd97f Merge pull request #1885 from jbj/dataflow-D.cpp 
C++: Add D.cpp, ported from D.java
 2019-09-09 10:55:33 +01:00
Asger F
65862c922c JS: Update tests 2019-09-09 10:53:13 +01:00
Asger F
631ff27d31 JS: Use ValueNode for all ImportSpecifiers 2019-09-09 10:53:13 +01:00
Asger F
61e1d793df JS: Fixes in DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
5573279580 JS: regression test for DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
3b962dce22 JS: Add explicit type tracking test 2019-09-09 10:51:21 +01:00
Asger F
afcdc12e7b JS: Use ValueNode, not SSA node, to model NamedImportSpecifier 2019-09-09 10:51:17 +01:00
semmle-qlci
57afde0240 Merge pull request #1872 from esben-semmle/js/extraction_metrics 
Approved by xiemaisi
 2019-09-09 10:45:33 +01:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Tom Hvitved
77d7db323d Merge pull request #1895 from calumgrant/cs/date-queries 
C#: Tidy up cs/unsafe-year-construction and cs/mishandling-japanese-era
 2019-09-09 11:24:49 +02:00
Jonas Jensen
1784122929 C++: Fixes from Geoffrey's review round 4 2019-09-09 11:21:55 +02:00
Jonas Jensen
969d76671e C++: Tidy up long comments that attach to items 2019-09-09 11:04:05 +02:00
Jonas Jensen
4769d00c50 C++: Fix autoformat of //-comments after + 
The autoformatter would associate these comments to the following term
instead of the preceding term.
 2019-09-09 11:04:05 +02:00
Jonas Jensen
3324bfb198 C++: Fix long comments without * on each line 
Comments like these will make the autoformatter produce bad indentation.

For the record (not for explainability), these issues were found with

    git grep -P -A1 '^( */\*| +\*( |$))(.(?!\*/))*$' cpp/ql/src/'**/*.ql*' |grep -B10 'qll\?- [^*]*$'
 2019-09-09 11:04:04 +02:00
Jonas Jensen
44aca8a0f4 C++: Prepare BufferWrite.qll for autoformat 
The autoformatter cannot process these long end-of-line comments
properly when the line starts with `or`.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
29c83537b4 C++: Fixes from Geoffrey's review round 3 2019-09-09 11:04:04 +02:00
Jonas Jensen
c8725766bd C++: Fixes from Geoffrey's review round 2 2019-09-09 11:04:04 +02:00
Jonas Jensen
64e2277904 C++: Don't use @param in QLDoc 
It superficially looks like `@param` is supported in QLDoc, but this is
mostly an accident of how its parser works. Attributes starting with `@`
are only intended to be used in the top-level QLDoc of a query, and
there can only be one of each attribute. If there are multiple `@param`
entries, the QLDoc parser will only keep the first one.

Even though `parseConvSpec` in `Scanf.qll` documented multiple
parameters, only the first one would be shown in an IDE. The
corresponding predicate in `Print.qll` documented only its first
parameter, perhaps because of an autoformatting accident earlier in
time. I've attempted to reconstruct documentation for its other
parameters based on its sibling in `Scanf.qll`.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
8524b95baa C++: Simplify has{Copy,Move}Signature 
These functions were overly complicated, and the comments explaining the
complications did not auto-format well. A reference type cannot have
specifiers on it, so it's fine to call `getUnspecifiedType` before
checking if it's a reference type.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
8e98d42504 C++: Turn more "short" comments into "long" 
The autoformatter is opinionated about comment styles and assumes that
"short" comments attach to the following item while "long" comments are
items themselves. I found top-level short comments with the following
two commands and then searched the output for empty lines that came
after the comment.

    git grep -A1 '^/\* .*\*/' cpp/ql/src
    git grep -A1 '^//' 'cpp/ql/src/**/*.ql*'
 2019-09-09 11:04:04 +02:00
Jonas Jensen
95f53639b1 C++: Fixes to avoid confusing autoformat 
These issues were found by Geoffrey in PR review.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
b14b65ecf0 C++: Don't use deprecated predicates in test 
This made the `expected` file contain QL line numbers.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
ea3d066661 C++: Add D.cpp, ported from D.java 
The original port of the Java field-flow tests did not include this
file. It's added here for completeness, and the results are the same as
for Java.
 2019-09-09 10:45:06 +02:00
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Jonas Jensen
745e321e3b Merge pull request #1901 from jf205/cpp-links 
docs: fix broken `Expr` links
 2019-09-09 10:38:02 +02:00
Jonas Jensen
10b69358ae C++: Fix flow from this by ref. 2019-09-09 10:36:58 +02:00
Jonas Jensen
08b63d4342 C++: Test to show lack of flow from this by ref. 
The `test_nonMemberSetA` also shows how the lack of flow through `&` is
a problem for non-member getters, but that's addressed on a separate
branch.
 2019-09-09 10:36:11 +02:00
Jonas Jensen
ef96288303 C++: Make PartialDefinitionNode private 
This class is undocumented and exposes implementation details through
its `getPartialDefinition` member. It does not need to be public.
 2019-09-09 10:34:51 +02:00
Esben Sparre Andreasen
2a22471975 JS: address review comments 2019-09-09 10:31:40 +02:00
Tom Hvitved
ef4f954b58 Merge pull request #1797 from jbj/dataflow-TTwo 
C++/C#/Java: data flow AccessPath up to length 2
 2019-09-09 10:28:48 +02:00
james
9437c2d007 docs: fix broken Expr links 2019-09-09 09:25:19 +01:00
Esben Sparre Andreasen
ec58ccc0ec JS: fixup dbscheme in upgrade directory 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
5d6997c1c9 JS: additional extraction metrics cleanup 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
03d38ca54b JS: simplify cache interaction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
6dbe827dd3 JS: add QL classes for the extraction metrics 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
5665cf9328 JS: record metrics during extraction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
7fcde4c130 JS: add extraction metrics to the dbscheme 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
27e36cfe05 JS: apply google-java-format to extractor source code 2019-09-09 09:05:12 +02:00
Jonas Jensen
d51e5212fb Merge remote-tracking branch 'upstream/master' into dataflow-TTwo 
Conflicts:
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/test/library-tests/dataflow/fields/flow.expected
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
 2019-09-08 21:08:43 +02:00
Rebecca Valentine
9eebe00b33 Merge pull request #1869 from taus-semmle/python-fix-typehint-divergence 
Python: Prevent divergence in type-hint analysis. (ODASA-8075)
 2019-09-06 14:33:20 -07:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
AndreiDiaconu1
320cd6b96c More PR fixes 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
765414430d More PR fixes 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
9ecbb4a3f3 More fixes for the PR comments 2019-09-06 18:10:54 +01:00