hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 13:23:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,688 Branches 159 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
fc5e7e5e91 CPP: Test the new query. 2019-05-29 10:35:48 +01:00
Geoffrey White
88f363d564 CPP: Update the ql, qhelp and example. 2019-05-29 10:35:48 +01:00
Geoffrey White
1f80dea375 CPP: Clone PotentiallyDangerousFunction query as DangerousUseOfGets. 2019-05-29 10:35:48 +01:00
Geoffrey White
574a1d8501 Merge pull request #1037 from kevinbackhouse/RangeAnalysisAssignAddOverflow 
Better overflow detection for AssignAdd/AssignSub
 2019-05-29 09:54:06 +01:00
Tom Hvitved
23ce5bc7bf Merge pull request #1353 from calumgrant/cs/diagnostic-queries3 
C#: Add internal queries for extractor and compiler diagnostics
 2019-05-29 10:26:41 +02:00
Kevin Backhouse
b7ac03d07b Merge pull request #2 from geoffw0/assignadd2 
CPP: Minor corrections to: Better overflow detection for AssignAdd/AssignSub
 2019-05-29 08:36:29 +01:00
Tom Hvitved
428ad72694 C#: Improve performance of always[Not]NullMethod() 2019-05-29 09:34:54 +02:00
Calum Grant
1b264f73b4 C#: Fix test settings. 2019-05-29 08:15:51 +01:00
Calum Grant
cd41f4f415 C#: Analysis change notes. 2019-05-29 08:15:50 +01:00
Calum Grant
573646fe6a C#: Various C#8 features: 
- Async streams (test only)
 - Unmanaged generic structs (extractor support)
 - Alternate interpolated strings (test only)
 - static local function (test only)
 2019-05-29 08:12:11 +01:00
semmle-qlci
5bbbd26787 Merge pull request #1372 from xiemaisi/js/fail-if-no-code 
Approved by esben-semmle
 2019-05-29 08:06:44 +01:00
james
29e46cf347 docs: add link to style guides in readme 2019-05-28 21:33:36 +01:00
Jonas Jensen
b0a7f207e4 Merge pull request #1343 from rdmarsh2/rdmarsh/cpp/getUnspecifiedType 
C++: add getUnspecifiedType() for exprs and decls
 2019-05-28 20:10:28 +01:00
Calum Grant
85f275ce73 Merge pull request #1347 from hvitved/csharp/dataflow/this-flow 
C#: Data flow through `this` parameter
 2019-05-28 19:58:01 +01:00
Mark Shannon
77c508f954 Python points-to: More comment clarifications and typo fixes. 2019-05-28 17:52:55 +01:00
Mark Shannon
3adaf07170 Python points-to: Make purpose of '$' variable explicit. 2019-05-28 17:23:24 +01:00
Mark Shannon
66e64615ee Python points-to: Improve qldoc and internal API a bit. 2019-05-28 17:17:05 +01:00
Robert Marsh
b4ef532039 C++: change note for getUnspecifiedType() 2019-05-28 07:58:23 -07:00
Robert Marsh
d20efe49dd C++: respond to PR comments 2019-05-28 07:51:59 -07:00
Max Schaefer
38a38ab780 JavaScript: Make autobuilder fail if no JS/TS code was seen. 
In particular, the autobuilder will no longer succeed for projects that
contain HTML or YAML files but no JS/TS code. Further down the line,
this prevents LGTM.com from classifying such projects as "JavaScript"
projects.
 2019-05-28 14:43:59 +01:00
semmle-qlci
9fb61d5f26 Merge pull request #1371 from xiemaisi/js/index-xml 
Approved by asger-semmle
 2019-05-28 14:30:43 +01:00
Asger F
1a6d09cc07 JS: Add change note 2019-05-28 12:42:59 +01:00
semmle-qlci
ead59baa0e Merge pull request #1369 from xiemaisi/js/fix-autobuild-test 
Approved by asger-semmle
 2019-05-28 12:27:17 +01:00
semmle-qlci
bd15994bb4 Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
Asger F
ef1ad0d3b7 JS: Summary expected output (not taint-tracking config anymore) 2019-05-28 12:05:51 +01:00
Asger F
9f43844f1e JS: Remove obsolete code 2019-05-28 11:54:57 +01:00
Asger F
8d60ae7200 JS: Avoid unnecessary casts 2019-05-28 11:54:42 +01:00
Asger F
9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Asger F
6617747185 JS: Update DataFlowTracking output for booleanOps.js 2019-05-28 11:19:23 +01:00
Max Schaefer
7f8f126338 JavaScript: Add support for XML extraction. 2019-05-28 09:44:24 +01:00
Max Schaefer
4992970181 JavaScript: Fix an auto-build test. 2019-05-28 09:44:24 +01:00
Tom Hvitved
0ee5fe88d9 CIL: Account for multiple VariableUpdate::getSource()s in nullness analysis 
For methods compiled without optimization (and possibly also with optimization),
it is possible for a variable update to have multiple possible assigned values.
For example, the non-optimized CIL for

```
return cond ? null : "not null"
```

is

```
0: nop
1: ldarg.0
2: ldfld cond
3: brtrue.s 6:
4: ldstr "not null"
5: br.s 7:
6: ldnull
7: stloc.0 L0 // stores either `null` or "not null"
8: br.s 9:
9: ldloc.0
10: ret
```

Consequently, an existential in `CallableReturns.qll` must be a `forex`.
 2019-05-28 10:13:00 +02:00
Tom Hvitved
4fc61ebbf3 C#: Add tests for maybe-null CIL methods 2019-05-28 10:05:33 +02:00
semmle-qlci
9804105855 Merge pull request #1364 from asger-semmle/typescript-change-note 
Approved by esben-semmle
 2019-05-28 08:27:38 +01:00
Max Schaefer
86e96c6dc3 JavaScript: Introduce is{Barrier,Sanitizer}Edge predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Max Schaefer
d9b3e461ba Merge pull request #1351 from asger-semmle/js-incomplete-nodes 
JS: Mark some more nodes as incomplete
 2019-05-28 07:59:23 +01:00
Max Schaefer
bad5465aad Merge pull request #1360 from asger-semmle/customize-window-document 
JS: Make some DOM concepts customizable
 2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen
fd4c749e27 JS: change FrameworkLibraryInstance Script/TopLevel inheritance 
This is theoretically a breaking change, but it preserves the
semantics of all queries in this repository, as far as I can see.
 2019-05-28 08:31:23 +02:00
Esben Sparre Andreasen
1b1e9ed51a JS: cache matchMarkerComment 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
189ac6c2bd JS: add js/prototype-pollution to the security suite 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
c143e31fb5 JS: rename getDefaultNode to getImportedModuleNode 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
0660db37f6 JS: introduce SemVer matching library 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
7d57d1915a JS: introduce DataFlow::DependencyModuleImport 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
ef6f4c7a5e JS: update docstring 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
f74653be46 JS: extract getDefaultNode from DefaultRange 2019-05-27 22:32:32 +02:00
Jonas Jensen
d2fa7aad1c Merge pull request #1336 from geoffw0/cached2 
CPP: Cache Expr.getType().
 2019-05-27 12:48:56 +01:00
Tom Hvitved
c82a2f0fec C#: Refactor data flow predicates to be defined by dispatch 2019-05-27 13:40:41 +02:00