hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,688 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ziemowit Laski
4aa9049c47 [CPP-387] Finished declarations, started on types. 2019-08-01 14:51:17 -07:00
Dave Bartolomeo
912679ef8c C++: Two IR fixes 
My original fix in https://github.com/Semmle/ql/pull/1661 fixed my minimal test case, but did not fix the original failure in a Linux snapshot. The real fix is to simply not create a `TranslatedDeclarationEntry` for an extern declaration, and have `TranslatedDeclStmt` skip any such declarations. I've added a regression test for that case (multiple extern declarations with same location in a macro expansion, with control flow between them). I did verify that it generates correct IR, and that it fixes all of the "use not dominated by definition" failures in Linux.

The underlying extractor bug, that caused the above issue also caused PrintAST to print garbage. I've worked around the bug in PrintAST.qll.

I've also fixed a bug in the control flow for `try`/`catch`, where there was missing flow from the `CatchByType` of the last handler of a `try` to the enclosing handler (or `Unwind`). Hat tip to @AndreiDiaconu1 for spotting this bug.
 2019-08-01 14:38:19 -07:00
Rebecca Valentine
40d7f5a332 Merge pull request #1671 from markshannon/python-flask-escape 
Python: Add missing function to flask test stub.
 2019-08-01 11:47:09 -07:00
Asger F
e09c22e67d JS: Add FlowLabel.isData() and .isTaint() 2019-08-01 15:22:51 +01:00
Max Schaefer
3a240b39d9 JavaScript: Address further review comments. 2019-08-01 15:03:53 +01:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Bas van Schaik
c7f45010c5 Remove reference to internal tooling from public repository 2019-08-01 11:02:03 +01:00
Esben Sparre Andreasen
90862fea99 JS: whitelist trivial throwers in js/superfluous-trailing-arguments 2019-08-01 11:49:43 +02:00
Mark Shannon
ebd5829bfb Python: Treat the result of calling a missing module member as 'unknown'. 2019-08-01 10:37:41 +01:00
semmle-qlci
691df0508e Merge pull request #1652 from xiemaisi/js/deprecate-isBarrier/2 
Approved by asger-semmle
 2019-08-01 09:47:04 +01:00
Max Schaefer
4141a98616 JavaScript: Replace Custom* with *::Range. 
The old names are kept as deprecated aliases.
 2019-08-01 09:45:44 +01:00
Anders Schack-Mulligen
1a779179e7 Merge pull request #1666 from yh-semmle/java-xxe-qhelp 
Java: update XXE qhelp with note on processing limits
 2019-08-01 10:01:53 +02:00
Ziemowit Laski
4afd6587e4 [CPP-387] Have almost all expressions done... 2019-07-31 19:57:46 -07:00
zlaski-semmle
2bc66ae553 Merge pull request #1661 from dave-bartolomeo/dave/ExternDeclarations 
C++: Stop generating `NoOp` instructions for declarations of externs
 2019-07-31 19:09:06 -07:00
yh-semmle
dc45ba5627 Java: update XXE qhelp with note on processing limits 2019-07-31 15:45:28 -04:00
Felicity Chapman
d61b5569c5 Merge pull request #1665 from jf205/update-support 
QL docs: update paths to change notes in support project
 2019-07-31 16:53:54 +01:00
james
735a2cbe06 docs: exclude readme from build 2019-07-31 15:42:46 +01:00
james
21e5d8c6b8 docs: update paths to change notes 2019-07-31 15:38:30 +01:00
semmle-qlci
1d806971ed Merge pull request #1634 from aibaars/cookbook 
Approved by aschackmull, dave-bartolomeo, hvitved, markshannon, xiemaisi, yh-semmle
 2019-07-31 14:31:28 +01:00
Felicity Chapman
7123067bd0 Merge pull request #1663 from jf205/vscode-readme 
docs: update readme to mention vscode extension
 2019-07-31 13:52:58 +01:00
james
862f716058 docs: update readme to mention vscode extension 2019-07-31 13:42:58 +01:00
Mark Shannon
5496fa41c8 Python: Add a way to easily specify constant values for in new Value API. 2019-07-31 12:41:51 +01:00
semmle-qlci
4722ec585d Merge pull request #1662 from jf205/add-gitignored 
Approved by asger-semmle
 2019-07-31 12:23:11 +01:00
Max Schaefer
33ea421841 JavaScript: Accept review suggestion. 
Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>
 2019-07-31 11:16:18 +01:00
Max Schaefer
785ecafd47 JavaScript: Address review comments. 2019-07-31 11:03:06 +01:00
Nick Rolfe
d83faaf714 Merge pull request #1659 from ian-semmle/getValueText 
C++: Accept changes to getValueText
 2019-07-31 10:59:00 +01:00
jf205
b64ecfb711 Merge pull request #1654 from felicity-semmle/ql-handbook/SD-3691-vale-corrections 
Ql handbook: Corrections for issues found using Vale
 2019-07-31 10:54:42 +01:00
jf205
eec91807c4 Merge pull request #1657 from asger-semmle/js/cheat-sheet 
JS: Add data flow cheat sheet
 2019-07-31 10:44:07 +01:00
Max Schaefer
967a5788b2 JavaScript: Address review comments. 2019-07-31 10:24:33 +01:00
semmle-qlci
0e64c84f7e Merge pull request #1656 from asger-semmle/rephrase-useless-def 
Approved by xiemaisi
 2019-07-31 09:55:38 +01:00
semmle-qlci
cff826221c Merge pull request #1655 from asger-semmle/hardcoded-creds-fp 
Approved by xiemaisi
 2019-07-31 09:55:16 +01:00
james
dc2d66c334 docs: gitignore rst vscode settings 2019-07-31 09:51:47 +01:00
Esben Sparre Andreasen
bf4a324a86 JS: add query js/indirect-command-line-injection 2019-07-31 09:24:25 +02:00
Asger F
7a27ccdaf3 JS: Move a comment 2019-07-31 08:19:26 +01:00
james
e69ba84e65 docs: gitignore .pyc files generated during sphinx-build 2019-07-31 06:38:49 +01:00
Dave Bartolomeo
972f0d97d3 C++: Stop generating NoOp instructions for declarations of externs 
Previously, where we had a function-scoped `DeclarationEntry` for an extern variable or function, we would generate a `NoOp` instruction for it. There's nothing wrong with this by itself, although it was unnecessary. However, I've hit an extractor issue (Jira ticket already opened) that commonly causes multiple `DeclStmt`s to share a single `DeclarationEntry` child on extern declarations, so removing the `NoOp` instructions is an easy way to work around the extractor issue.
 2019-07-30 16:49:24 -07:00
Ziemowit Laski
78ebdad1ea Add a __builtin_va_list type, to complement __builtin_va_* 
expressions.
 2019-07-30 16:36:37 -07:00
Ziemowit Laski
2a12bf8e62 [CPP-387] Add placeholder for declarations. 2019-07-30 15:55:04 -07:00
Ian Lynagh
8d8a2201b7 C++: Accept changes to getValueText 2019-07-30 23:24:52 +01:00
semmle-qlci
07fa55f331 Merge pull request #1647 from zlaski-semmle/zlaski/builtin-types-compatible-p 
Approved by dave-bartolomeo
 2019-07-30 20:43:39 +01:00
Ziemowit Laski
49adba0b51 [CPP-387] Create a new PR against new location of introduce-libraries-cpp.rst. 2019-07-30 12:32:01 -07:00
zlaski-semmle
075e4ab159 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Dave Bartolomeo <42150477+dave-bartolomeo@users.noreply.github.com>
 2019-07-30 11:39:42 -07:00
Nick Rolfe
9e8e63038f Merge pull request #1649 from ian-semmle/constexpr_if 
C++: Add 'constexpr if' support
 2019-07-30 18:45:08 +01:00
Asger F
eafd46221b JS: Add data flow cheat sheet 2019-07-30 18:11:32 +01:00
Asger F
ea563f8b97 JS: Rephrase dead store of local at declaration site 2019-07-30 18:02:27 +01:00
Asger F
378b0bfb74 JS: Do not treat the empty string as a credential 2019-07-30 17:29:12 +01:00
Felicity Chapman
2f9a3eb6fd Update the Spelling whitelist 2019-07-30 17:15:19 +01:00
Felicity Chapman
6ae842cec0 Update QL handbook issues highlighted by Vale 2019-07-30 17:11:34 +01:00
jf205
6d10731b8f Merge pull request #1653 from felicity-semmle/learn-ql/SD-3690-vale-corrections 
Learn QL: corrections for issues found using Vale
 2019-07-30 16:43:40 +01:00
Max Schaefer
3e6629d007 JavaScript: Deprecate multi-argument isBarrier and isSanitizer predicates. 
We informally deprecated them in 1.21, this commit deprecates them properly and removes support from the implementation. The predicates themselves will be removed in a future release.
 2019-07-30 16:32:08 +01:00