hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,675 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
2ed37903d8 JavaScript: Include list of relevant environment variables in Javadoc for AutoBuild. 2019-02-27 11:54:59 +00:00
Mark Shannon
9e268d77d0 Python: Add responses to Falcon framework support. 2019-02-27 09:56:18 +00:00
Mark Shannon
6a48420191 Python: Basic support for falcon framework; routing and requests. 2019-02-27 09:55:52 +00:00
semmle-qlci
999e0c8b95 Merge pull request #947 from asger-semmle/string-ops-concat 
Approved by xiemaisi
 2019-02-27 09:54:46 +00:00
Mark Shannon
742c1d0fa7 Python: Add test skeleton for falcon web framework. 2019-02-27 09:53:20 +00:00
Max Schaefer
37a3085466 Merge pull request #993 from asger-semmle/getacallee 
JS: document new behavior of overriding InvokeNode.getACallee()
 2019-02-27 09:00:59 +00:00
Max Schaefer
6ecdb0edd5 JavaScript: Allow first expression in array literal to be an in expression. 2019-02-27 08:58:28 +00:00
Max Schaefer
0648d7aa09 JavaScript: Sharpen result type of getAReceivedItem. 2019-02-27 08:51:43 +00:00
semmle-qlci
d857f52c7d Merge pull request #991 from jbj/error-function-returns 
Approved by geoffw0
 2019-02-27 08:01:39 +00:00
Raul Garcia
fb5f220bb6 Merge branch 'users/raulga/ICryptoTransform' of https://github.com/raulgarciamsft/ql into users/raulga/ICryptoTransform 2019-02-26 16:22:54 -08:00
Raul Garcia
f8ae56a27c Improving documentation 2019-02-26 16:22:39 -08:00
Taus
dcaf0f8ba8 Merge pull request #978 from markshannon/python-turbogears 
Python: Add support for turbogears; requests and responses.
 2019-02-26 21:46:01 +01:00
Dave Bartolomeo
84c7f195d6 Merge pull request #994 from geoffw0/msalloc 
CPP: Add lots more allocation functions to Alloc.qll
 2019-02-26 11:59:45 -08:00
Mark Shannon
a480da6ed5 Python: Generalize turbogear response sinks to allow for internally sourced strings. 2019-02-26 18:31:06 +00:00
Calum Grant
5c2804d3ac Merge pull request #968 from hvitved/csharp/dataflow-performance 
C#: Improve join orders in `DataFlow` module
 2019-02-26 17:34:16 +00:00
Geoffrey White
c637bc5fcc CPP: Change note. 2019-02-26 17:17:16 +00:00
Geoffrey White
e32042d69c CPP: Add support for Microsoft functions in Alloc.qll. 2019-02-26 17:11:37 +00:00
Max Schaefer
cd9ccd4c8d Merge pull request #983 from asger-semmle/closure-global-ref 
JS: add closure library in globalObjectRef
 2019-02-26 16:55:58 +00:00
Max Schaefer
db5fbe29a3 Merge pull request #941 from esben-semmle/js/vue-support-2 
JS: Vue security improvements
 2019-02-26 16:49:38 +00:00
Mark Shannon
2995b023fa Python: Fix handling of turbogears' 'expose' decorator. 2019-02-26 16:40:21 +00:00
Asger F
eaf3f52372 JS: document new behavior of overriding InvokeNode.getACallee() 2019-02-26 16:09:19 +00:00
Max Schaefer
cc6ca8bc62 JavaScript: Add change note. 2019-02-26 15:53:29 +00:00
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
Jonas Jensen
07bd85e9fa C++: Function error doesn't always exit 
The configuration in `DefaultOptions.qll` assumed that a call to any
top-level function named `error` would exit the program. This is not
true.

The assumption was probably about `error(3)`, which is a GNU extension.
It only exits if its first argument it not 0. Furthermore, projects such
as openssh may define their own function named `error` with different
behaviour. Because the GNU `error` function is non-standard, it's
perfectly fine to shadow it with a project-specific definition.

This change removes two FPs from `PointlessComparison.qll` on
https://github.com/openssh/openssh-portable.
 2019-02-26 16:31:34 +01:00
Taus Brock-Nannestad
e47b391329 Fix interpolation. 2019-02-26 16:27:04 +01:00
Taus Brock-Nannestad
7daaf77183 Make query alert refer to AST nodes rather than CFG nodes. 2019-02-26 15:56:37 +01:00
Tom Hvitved
8abf76b618 C#: Reduce size of getAThrownException() 
In the precense of multiple core libraries, `getAThrownException()` would return
multiple copies of the same exception, say `System.OverflowException`, one for each
core library. With this change we try to identify which core library a given control
flow element was compiled against, and only return the corresponding version.
 2019-02-26 15:11:45 +01:00
semmle-qlci
86e646beb4 Merge pull request #975 from asger-semmle/global-closure-dataflow 
Approved by esben-semmle
 2019-02-26 13:57:39 +00:00
Taus Brock-Nannestad
504cb648d1 Change query description. 2019-02-26 13:26:20 +01:00
Taus Brock-Nannestad
8d774cd354 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-02-26 13:23:38 +01:00
Asger F
29d2d620e4 JS: add taint step through object/array spread operators 2019-02-26 11:43:59 +00:00
Taus
9d7877907b Merge pull request #964 from markshannon/python-locations-for-packages 
Python: Make sure packages have locations.
 2019-02-26 11:55:27 +01:00
Mark Shannon
3854050d57 Python: Update documentation for new web frameworks. 2019-02-26 10:17:29 +00:00
Mark Shannon
7d0943f30d Python: Add tests for turbogears. 2019-02-26 10:15:37 +00:00
Mark Shannon
26c5ebde54 Python: Basic support for TurboGears: requests and responses. 2019-02-26 10:15:36 +00:00
Esben Sparre Andreasen
f9111f68e9 Update javascript/ql/src/semmle/javascript/dataflow/TypeInference.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-02-26 11:11:44 +01:00
Asger F
6b9157540b JS: mark globalFlowPred as internal 2019-02-26 09:56:22 +00:00
semmle-qlci
681ff0f39c Merge pull request #977 from asger-semmle/extend-test-version 
Approved by xiemaisi
 2019-02-26 09:55:41 +00:00
Jonas Jensen
f12dfda28f Merge pull request #985 from rdmarsh2/rdmarsh/ir-call-side-effect 
C++: fix PrimaryInstruction for call side effects
 2019-02-26 10:36:18 +01:00
semmle-qlci
74a4103857 Merge pull request #976 from asger-semmle/closure-import-deep 
Approved by esben-semmle
 2019-02-26 09:34:04 +00:00
semmle-qlci
00d490e84d Merge pull request #945 from asger-semmle/extensible-module-import 
Approved by xiemaisi
 2019-02-26 09:26:28 +00:00
Esben Sparre Andreasen
9511bdf6ae JS: address review comment 2019-02-26 10:07:00 +01:00
Max Schaefer
c2a5350bf2 Merge pull request #982 from asger-semmle/closure-string-lib 
JS: model string functions from closure library
 2019-02-26 08:26:14 +00:00
Nick Rolfe
53de2d8d3e Merge pull request #830 from ian-semmle/constexpr 
C++: Add Function.{isDeclaredConstexpr,isConstexpr}() predicates
 2019-02-25 22:11:24 +00:00
Robert Marsh
af490a9b3e C++: fix PrimaryInstruction for call side effects 2019-02-25 11:41:40 -08:00
Asger F
93440014a0 JS: only propagate through first argument of truncate() 2019-02-25 17:11:55 +00:00
Asger F
d45f670646 JS: remove duplicate modelling of urlDecode/urlEncode 2019-02-25 17:04:56 +00:00
Asger F
29de1411b7 JS: remove restriction on truncate calls 2019-02-25 17:00:47 +00:00
Asger F
50e8f83ad5 JS: use globalVarRef/SourceNode instead 2019-02-25 16:54:45 +00:00
Asger F
8354909d46 JS: add closure library in globalObjectRef 2019-02-25 16:45:47 +00:00