hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 20:50:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
058ae7befc Merge pull request #1142 from taus-semmle/python-use-new-moduleobject-api 
Python: Use new `ModuleObject` API more widely.
 2019-03-26 15:02:44 +00:00
Mark Shannon
1e1903b6ac Python taint-tracking: Avoid computing many redundant copies of flow step for dicts and sequences. 2019-03-26 14:41:03 +00:00
Geoffrey White
1d0c74daa7 CPP: Fix typo. 2019-03-26 14:34:55 +00:00
Jonas Jensen
c923e4cd36 Merge pull request #1091 from geoffw0/opts 
CPP: Speed up AV Rule 35.ql
 2019-03-26 15:13:53 +01:00
Tom Hvitved
273e77e800 C#: Fix qhelp for ICryptoTransform queries 2019-03-26 14:38:29 +01:00
Max Schaefer
3e16d16525 JavaScript: Make type tracking-related parameter and predicate names more consistent. 2019-03-26 13:00:09 +00:00
Calum Grant
2229409180 Merge pull request #1088 from hvitved/csharp/no-qname-for-local-scope-vars 
C#: No qualified names for local scope variables
 2019-03-26 12:58:20 +00:00
Calum Grant
01aa4ecf2f Merge pull request #1075 from hvitved/csharp/get-location-to-string 
C#: Simplify dispatch hierarchy for `getLocation()` and `toString()`
 2019-03-26 12:56:29 +00:00
Geoffrey White
69f87d8eee CPP: Fix ODASA-3654. 2019-03-26 12:54:44 +00:00
Jonas Jensen
bdd6965d1b Merge branch 'master' into moremsalloc 2019-03-26 13:50:14 +01:00
Tom Hvitved
e01246acc8 C#: Autoformat 2019-03-26 13:38:47 +01:00
Geoffrey White
bd138238b0 CPP: Add a test of ODASA-3654. 2019-03-26 12:37:32 +00:00
Taus
702fc80054 Merge pull request #1166 from Semmle/rc/1.20 
Merge rc/1.20 into master
 2019-03-26 13:09:40 +01:00
Jonas Jensen
010bb61cbb Merge pull request #1164 from geoffw0/overflowdest-enable 
CPP: Re-enable OverflowDestination.ql on the security dashboard.
 2019-03-26 10:53:34 +01:00
Max Schaefer
bf04664bd7 Update javascript/ql/src/semmle/javascript/GeneratedCode.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-03-26 10:01:24 +01:00
Taus
23eed3073a Merge pull request #1157 from markshannon/python-taint-tracking-early-exit 
Python taint-tracking improvements
 2019-03-26 09:28:26 +01:00
Esben Sparre Andreasen
3cd93129a6 JS: classify HTML files with > 20 elements on a line as generated 2019-03-26 08:03:56 +01:00
Dave Bartolomeo
669ac2f4b4 C++: Fix FP in PointlessComparison due to preprocessor 
Reported by an LGTM customer here: https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943.

Even though the comparison is pointless in the preprocessor configuration in effect during extraction, it is not pointless in other preprocessor configurations. Similar to ExprHasNoEffect, we'll now exclude results in functions that contain preprocessor-excluded code. I factored the similar code already used in ExprHasNoEffect in a non-recursive version into Preprocessor.qll, leaving the recursive version in ExprHasNoEffect.ql. I believe the recursive version is too aggressive for PointerlessComparison, which does no interprocedural analysis.
 2019-03-25 16:19:18 -07:00
Max Schaefer
c50067b597 JavaScript: Refactor type tracking to avoid computing very large relations. 2019-03-25 20:38:58 +00:00
Max Schaefer
084159dcfd JavaScript: Teach type trackers to track flow through one level of properties. 2019-03-25 20:38:58 +00:00
Max Schaefer
9fbc0eb717 JavaScript: Switch from path summaries to step summaries for type tracking. 
This is sufficient since we are not doing summarisation.
 2019-03-25 20:37:05 +00:00
Dave Bartolomeo
e25c578011 C++: Use #if 0 instead of comment to exclude broken test case. 2019-03-25 11:10:13 -07:00
Dave Bartolomeo
2e752f48ff C++: Add more Lambda IR test cases 
New tests for mixed =/& captures and for captures with initializers
 2019-03-25 11:05:53 -07:00
Dave Bartolomeo
8770258714 C++: Add LambdaExpression.getInitializer() 2019-03-25 10:52:57 -07:00
Geoffrey White
193c61c5b5 CPP: Re-enable OverflowDestination.ql on the security dashboard. 2019-03-25 17:40:22 +00:00
Mark Shannon
2f0bb828c8 Python: Tweak wording of qldoc. 2019-03-25 17:35:23 +00:00
Max Schaefer
8e926333a9 JavaScript: Simplify a few newtypes and remove unused predicates. 2019-03-25 16:57:46 +00:00
Max Schaefer
55394df96f JavaScript: Refactor HTTP libraries to use type tracking instead of tracked nodes. 2019-03-25 16:57:46 +00:00
Max Schaefer
74db8b1979 JavaScript: Use type tracking instead of tracked nodes in Express. 2019-03-25 16:57:46 +00:00
Max Schaefer
276f216ef9 JavaScript: Use type tracking to improve modelling of socket.io. 2019-03-25 16:57:46 +00:00
Max Schaefer
4702790696 JavaScript: Refactor AMD/CommonJS path expression analysis to avoid bad magic. 2019-03-25 16:57:46 +00:00
Max Schaefer
0e0fe2545d JavaScript: Refactor Closure::isTopLevelExpr to avoid unhelpful magic. 2019-03-25 16:57:46 +00:00
Max Schaefer
c17f4d7d41 JavaScript: Cache SourceNode::track and SourceNode::backtrack. 2019-03-25 16:57:46 +00:00
Max Schaefer
2b778afdf5 JavaScript: Cache a bunch of flow steps to avoid recomputation. 2019-03-25 16:57:46 +00:00
Jonas Jensen
1be9762463 Merge pull request #1162 from geoffw0/rnr-open 
CPP: Fix Resource not released in destructor FP
 2019-03-25 17:26:34 +01:00
Geoffrey White
2759861da4 CPP: Change note. 2019-03-25 12:17:05 +00:00
Geoffrey White
9b31b4e364 CPP: Fix false positive. 2019-03-25 11:57:23 +00:00
Max Schaefer
4d1161f236 Merge pull request #1156 from esben-semmle/js/fix-define-property-regression 
JS: fix getAPropertyAttribute timeouts
 2019-03-25 11:11:58 +00:00
semmle-qlci
d6be42dcc7 Merge pull request #1160 from hvitved/csharp/is-branch 
Approved by calumgrant
 2019-03-25 10:53:22 +00:00
Esben Sparre Andreasen
4ab3407726 JS: add classification test cases 2019-03-25 10:45:44 +01:00
Geoffrey White
7b88bf7617 CPP: Add a test. 2019-03-25 09:22:18 +00:00
Tom Hvitved
1994f00495 C#: Introduce isBranch() predicate 
We already have `isJoin()`, so it makes sense to have `isBranch()` for symmetry.
 2019-03-25 09:51:26 +01:00
Ziemowit Laski
29af56d21b [CPP-340] Refine the test query for mismatching args/params by applying 
C promotion rules.  The following issues are now flagged:
             (1) passing a larger type than the receiver can accept
                 (e.g., long long -> int)
             (2) passing a type of different signedness than the
                 parameter specified.
 2019-03-24 19:42:05 -07:00
Tom Hvitved
1d05bccd87 Merge pull request #952 from calumgrant/cs/non-null-functions 
C#: Better call analysis using CIL
 2019-03-23 10:47:22 +01:00
Dave Bartolomeo
d20e5bc69c C++: IR construction for lambda expressions 
The IR construction code wasn't handling lambda expressions, so I added `TranslatedLambdaExpression`. It's pretty straightforward: it creates a temporary variable, initializes it with an `Uninitialized` instruction, then initializes the individual captured fields with the initializer list supplied in the AST.

When testing the case of a lambda with no captures, I noticed that we weren't handling initialization of empty structs with an initializer list correctly, so I fixed that along the way.

I was getting confused by the bad indentation for wrapped lines in
TranslatedInitialization.qll, so I fixed that up in a separate commit.
 2019-03-22 15:17:27 -07:00
Dave Bartolomeo
f0bd1ab7ab C++: Remove overaggressive line breaks in TranslatedInitialization.qll 2019-03-22 15:17:27 -07:00
Geoffrey White
7fd08233c3 CPP: Optimize AV Rule 35's usesMacro. 2019-03-22 14:43:58 +00:00
Calum Grant
eafb6d84e9 Merge pull request #1 from hvitved/cs/non-null-functions 
C#: Adjustments to CIL/nullness analyses
 2019-03-22 14:41:35 +00:00
Tom Hvitved
6c182564e7 C#: Adjustments to CIL/nullness analyses 
- Cache predicates in the same stage using a cached module.
- Introduce `DefUse::defUseVariableUpdate()` and use in `CallableReturns.qll`.
  The updated file `csharp/ql/test/library-tests/cil/dataflow/Nullness.expected`
  demonstrates why this is needed.
- Utilize CIL analysis in `Guards::nonNullValue()`.
- Analyze SSA definitions in `AlwaysNullExpr`, similar to `NonNullExpr`.
 2019-03-22 15:11:31 +01:00
Mark Shannon
2edde1fed8 Python taint-tracking. Handle early exit and 'not' correctly for 'falsey' taints. 2019-03-22 11:58:23 +00:00