hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 09:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
91dccc3356 JS: add query js/unused-property 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
0cf2eaec5e JS: introduce CapturedSource 2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen
bfbf686d7b JS: fixup changenote for js/unbound-event-handler-receiver 2019-02-21 21:44:28 +01:00
Robert Marsh
a0c12c46e5 Merge pull request #962 from jbj/IRGuards-cached 
C++: Reduce the IRGuards to two cached stages
 2019-02-21 10:50:19 -08:00
Evgeny Vereshchagin
e9401fca0d CPP: add a query for catching alloca in a loop 
Thanks to Sam Lanning (@samlanning) and Robert Marsh for taking the time to help
to make it possible. In fact, it was Robert Marsh who effectively
wrote the query and figured out that __builtin_alloca should be
used to also take functions like strdupa into account. I just
filled out the metadata :-)
 2019-02-21 18:09:56 +01:00
Geoffrey White
0ca67880b2 Merge pull request #902 from jbj/test-queries.xml 
C++: Add a queries.xml to the test dir
 2019-02-21 16:43:01 +00:00
Geoffrey White
c10c65cefe Merge pull request #1 from jbj/returnstack-EscapesTree 
C++: Reimplement cpp/return-stack-allocated-memory with EscapesTree and data flow
 2019-02-21 16:20:09 +00:00
Tom Hvitved
f02ef51459 C#: Use explict recursion in blockPrecedesVar() 2019-02-21 17:14:23 +01:00
Mark Shannon
1519e1b1f9 Python: Make sanity check context sensitive. 2019-02-21 14:23:24 +00:00
Jonas Jensen
1bc967c1d1 Merge pull request #819 from geoffw0/newdelete 
CPP: Improve dataflow in newdelete.qll
 2019-02-21 15:09:49 +01:00
Mark Shannon
c1b8f500c7 Python: Make sure packages have locations, so they can be displayed, even if those locations are meaningless. 2019-02-21 12:53:59 +00:00
Taus
ed3a8f0bee Merge pull request #799 from markshannon/python-api-tidy-up 
Python API tidy up, part 1
 2019-02-21 13:25:17 +01:00
semmle-qlci
e5d6d69ef2 Merge pull request #953 from jf205/doc-links 
Approved by esben-semmle, felicity-semmle
 2019-02-21 12:01:48 +00:00
calum
15341965e0 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657 2019-02-21 11:48:48 +00:00
Geoffrey White
cd13e5877f CPP: Performance improvement. 2019-02-21 11:31:44 +00:00
Felicity Chapman
2358a9f4c7 Merge pull request #954 from jf205/doc-links-2 
Update link in readme file
 2019-02-21 11:14:11 +00:00
Jonas Jensen
d200bda2ad C++: Reduce the IRGuards to two cached stages 
Before this change, all the cached predicates in `IRGuards.qll` were in
separate cached stages, resulting in recomputation of most of the
library for each stage. This change groups the cached predicates in two
cached classes. A better grouping may be possible, but this grouping was
easy to do and seems to solve the problem.

Before this change, the `IRGuards` library accounted for five cached
stages when using the `RangeAnalysis` library. After this change, it
only accounts for one.
 2019-02-21 12:03:35 +01:00
Tom Hvitved
f8bb00a81c C#: Cache Call::getArgumentForParameter() 2019-02-21 11:41:40 +01:00
Jonas Jensen
1e0a385d41 C++: Put ReturnStackAllocatedMemory.ql on LGTM 2019-02-21 11:39:05 +01:00
Tom Hvitved
c8eb537591 C#: Improve performance of cs/dispose-not-called-on-throw 2019-02-21 11:20:54 +01:00
Tom Hvitved
c3a62b3656 C#: Always inline ControlFlowElement::[reachableFrom|getAReachableElement]() 2019-02-21 11:20:47 +01:00
Jonas Jensen
b9236d216f C++: Improve ReturnStackAllocatedMemory alert msg 2019-02-21 11:20:25 +01:00
Jonas Jensen
dcf910f20c C++: Use EscapesTree to find pointers to stack 
This simplifies the query and is a strict improvement on the tests. I
also found it to be an overall improvement on real projects.
 2019-02-21 11:20:25 +01:00
Tom Hvitved
a382a5876f Merge pull request #808 from calumgrant/cs/double-checked-locks 
C#: Work on cs/unsafe-double-checked-lock
 2019-02-21 11:17:35 +01:00
Jonas Jensen
9f2fdbbc1d C++: More tests for RedundantNullCheckSimple 2019-02-21 10:13:25 +01:00
Jonas Jensen
12084fc904 C++: Add new query to new experimental suite 
This suite isn't referenced from anywhere yet, but it'll be included in
a standard ODASA dist because the dist includes all files in the `c` and
`cpp` directories. We can modify the nightly test jobs to include the
experimental suite.
 2019-02-21 10:13:25 +01:00
Jonas Jensen
9ac8d60636 C++: IR query for redundant null check 
This new query is not written because it's the most interesting query we
could write but because it's an IR-based query whose results are easy to
verify.
 2019-02-21 10:13:25 +01:00
Esben Sparre Andreasen
305a249280 JS: add taint steps for fs.realpath and fs.realpathSync 2019-02-21 09:48:35 +01:00
Esben Sparre Andreasen
27cae0c190 JS: model one more 'autobind' for js/unbound-event-handler-receiver 2019-02-21 08:23:54 +01:00
Raul Garcia
143b1e576e Update .gitignore 2019-02-20 17:10:32 -08:00
Raul Garcia
fa73b8488a Update .gitignore 2019-02-20 17:10:19 -08:00
Raul Garcia
7d197692ac Adding a new rule for detecting usage of static objects that implement ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results. 2019-02-20 17:07:04 -08:00
yh-semmle
a4beb03e15 Java: respect override annotations in java/unused-parameter 2019-02-20 15:27:35 -05:00
calum
40f3b8b439 C#: Address review comments (documentation). 2019-02-20 18:00:30 +00:00
james
2cf247d739 update link in readme file 2019-02-20 16:59:40 +00:00
james
50ad8a4089 update link in vue.qll 2019-02-20 16:43:56 +00:00
semmle-qlci
f5e419e774 Merge pull request #933 from xiemaisi/js/createContextualFragment 
Approved by asger-semmle
 2019-02-20 12:42:27 +00:00
Taus
caf0bfe858 Merge pull request #951 from markshannon/python-string-tests 
Python: Add a test for handling of corner-case strings.
 2019-02-20 12:46:42 +01:00
Mark Shannon
adadd4942b Python: Remove BuiltinFunctionObject module as it is clearer and more concise to use ModuleObject::builtin(). 2019-02-20 11:23:48 +00:00
Mark Shannon
98be27a73e Python: Add 'attr' predicate as a synomnym for 'getAttribute' to help readability. 2019-02-20 11:08:44 +00:00
Geoffrey White
7b0f310856 CPP: Add query IDs to change note. 2019-02-20 10:38:49 +00:00
Mark Shannon
35fa5d8f60 Python move various theXXX() predicates into the appropriate module. 2019-02-20 10:34:08 +00:00
Mark Shannon
76d1fba9f0 Python: Add a test for handling of corner-case strings. 2019-02-20 10:26:40 +00:00
Geoffrey White
bc0387dc9a CPP: Change note. 2019-02-20 10:21:49 +00:00
Geoffrey White
d30bcb6fcf CPP: Widen allocReachedVariable slightly. 2019-02-20 10:19:57 +00:00
Geoffrey White
23ae12a763 CPP: Add test cases. 2019-02-20 10:19:57 +00:00
Geoffrey White
6a17ebbd1b CPP: Add test cases and renumber. 2019-02-20 10:09:57 +00:00
Geoffrey White
4e77f586da CPP: Fix file names. 2019-02-20 10:08:27 +00:00
Jonas Jensen
2dea0b4270 Merge pull request #879 from rdmarsh2/rdmarsh/cpp/ir-guards-edges 
C++: Add edge-based predicates to IRGuards
 2019-02-19 16:54:52 +01:00
Taus
9e1a5238ac Merge pull request #950 from markshannon/python-fix-a-couple-of-performance-issues 
Python: fix a couple of performance issues
 2019-02-19 16:15:19 +01:00