hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 13:40:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
ce53a7d575 Merge pull request #1175 from psygnisfive/NullSensitiveContext 
[JS] Null Sensitive Context (new library)
 2019-04-15 08:50:14 +01:00
Ziemowit Laski
61c91b67aa [CPP-340] Refactor MistypedFunctionArguments.ql further. 2019-04-14 11:31:10 -07:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Rebecca Valentine
fb40548be5 fixes semicolon issues 2019-04-12 10:56:31 -07:00
Rebecca Valentine
a66d1c0e09 fixes test errors 2019-04-12 10:39:34 -07:00
Rebecca Valentine
d4f2172bdc void exprs are also ok 2019-04-12 10:39:20 -07:00
Asger F
b8ec7083d4 JS: Update isBarrier test output 2019-04-12 16:35:01 +01:00
Taus
ae6c768db8 Merge pull request #1244 from markshannon/fix-semantic-merge-conflict 
Python: Fix semantic merge conflict between #1206 and #1240.
 2019-04-12 14:49:24 +02:00
Mark Shannon
d6ba729dce Python: Fix semantic merge conflict between #1206 and #1240. 2019-04-12 12:32:41 +01:00
Asger F
b36075ca46 JS: step through refinements in AccessPaths 2019-04-12 11:12:50 +01:00
Asger F
720555be45 JS: Add test case 2019-04-12 11:11:26 +01:00
Taus
707b73c3d0 Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests 
Python: Remove callsite refinement ESSA definition in tests
 2019-04-12 12:05:40 +02:00
Taus
607b5fb077 Merge pull request #1206 from markshannon/python-taint-flow-classless 
Python taint-tracking: Better flow for "generic" taint.
 2019-04-12 11:54:52 +02:00
Jonas Jensen
29aa5f550c C++: Tidy up code so it looks good after qlformat 2019-04-12 10:43:24 +02:00
Esben Sparre Andreasen
2d66069d60 JS: change notes for js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
cf7d0a7ea5 JS: fixup qhelp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
74144b0271 JS: make RegExpPatterns::commonTLD more robust 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
9eb039038e JS: update docstring example for TypeBackTracker 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
1f565bd49c JS: Introduce TypeBackTracker::step and TypeBackTracker::smallstep 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
ian-semmle
a84a921730 Merge pull request #1241 from nickrolfe/category_changes 
C++: change expected test output following extractor frontend upgrade
 2019-04-11 23:27:31 +01:00
Nick Rolfe
baf091235c C++: change expected test output following extractor frontend upgrade 2019-04-11 17:45:35 +01:00
Mark Shannon
ca6e03f597 Python: Remove callsite refinement ESSA definition when call in a test defining a pi-node. 2019-04-11 16:08:29 +01:00
semmle-qlci
ccbb7ce04b Merge pull request #1224 from asger-semmle/cheerio 
Approved by esben-semmle
 2019-04-11 15:21:44 +01:00
semmle-qlci
a1cc2fbed3 Merge pull request #1233 from xiemaisi/js/amd-type-inference 
Approved by asger-semmle
 2019-04-11 15:20:00 +01:00
Geoffrey White
1e0e3192bb CPP: Restrict to #elif, #else, #endif. 2019-04-11 15:14:21 +01:00
Geoffrey White
2dad62acf4 CPP: Additional test cases. 2019-04-11 15:06:41 +01:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Jonas Jensen
6049c2ccfd C++: Autoformat Architecture + Best Practices 2019-04-11 14:27:07 +02:00
Geoffrey White
3ceacff0d4 CPP: Add a test of IncorrectConstructorDelegation.ql. 2019-04-11 12:24:16 +01:00
Geoffrey White
7dd7bf346d CPP: Add a test of placement new in CWE-772 (this case came up recently but has already been fixed). 2019-04-11 12:23:33 +01:00
Jonas Jensen
d3f60998b1 Merge pull request #1236 from dave-bartolomeo/dave/ReinterpretEscapes 
C++: Fix false positive in PointlessComparison
 2019-04-11 12:51:30 +02:00
Geoffrey White
4a8b4b32d5 CPP: Fix indentation. 2019-04-11 11:38:50 +01:00
Geoffrey White
2c0ccf4a85 CPP: Exclude unusual header files such as config.h. 2019-04-11 11:28:45 +01:00
Geoffrey White
f381768a1e CPP: Create HeaderFile.noTopLevelCode from existing logic. 2019-04-11 11:21:53 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
semmle-qlci
ed5fd96603 Merge pull request #1227 from asger-semmle/typescript3.4 
Approved by xiemaisi
 2019-04-11 10:39:57 +01:00
Geoffrey White
4beb77588a CPP: Add tests based on false positive results. 2019-04-11 10:14:32 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
semmle-qlci
9f13b6be18 Merge pull request #1234 from xiemaisi/js/customizations-qll 
Approved by esben-semmle
 2019-04-11 08:31:28 +01:00
Esben Sparre Andreasen
a6cf9503da Merge pull request #1235 from xiemaisi/js/include-yaml 
JavaScript: Teach AutoBuilder to extract YAML files by default.
 2019-04-11 09:28:59 +02:00
Max Schaefer
f22cb186e3 JavaScript: Teach AutoBuilder to extract YAML files by default. 2019-04-10 18:47:06 -07:00
Max Schaefer
078151f9d1 JavaScript: Add an (empty) Customizations.qll module. 
Somewhat analogous to the `Options.qll` module in C++; see module
comments for further explanation.
 2019-04-10 18:26:27 -07:00
semmle-qlci
02fc45d923 Merge pull request #1232 from xiemaisi/js/more-socket-improvements 
Approved by asger-semmle
 2019-04-10 22:20:00 +01:00
Geoffrey White
c974693b58 CPP: Add a test case for CWE-120. 2019-04-10 18:52:03 +01:00
Ziemowit Laski
d76138f189 [CPP-340] Remove use of getUnderlyingType() predicate as it does 
not appear necessary.  Correct comment to refer to
           arguments rather than parameters.
 2019-04-10 10:51:22 -07:00