hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 01:08:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
c422ade739 Merge pull request #927 from xiemaisi/js/ambiguous-id-attr-templates 
Approved by esben-semmle
 2019-02-13 08:35:41 +00:00
Tom Hvitved
9c287072cf Merge pull request #924 from calumgrant/cs/extractor-string-length 
C# extractor: Limit trap strings to 1MB
 2019-02-13 09:34:36 +01:00
Tom Hvitved
0cb2c0994a Merge pull request #930 from calumgrant/cs/suppress-alerts 
C#: Add some alert suppression comments
 2019-02-13 09:34:18 +01:00
semmle-qlci
1d4f894583 Merge pull request #931 from aschackmull/java/autoformat 
Approved by esben-semmle, hvitved, yh-semmle
 2019-02-13 08:30:25 +00:00
Robert Marsh
f0cf576e3b Merge pull request #935 from dave-bartolomeo/dave/PointerDecay 
C++: Handle pointer decay and inferred array sizes
 2019-02-12 15:03:21 -08:00
Dave Bartolomeo
aff2ea3316 C++: Handle pointer decay and inferred array sizes 
For function parameters that are subject to "pointer decay", the database contains the type as originally declared (e.g. `T[]` instead of `T*`). The IR needs the actual type. Similarly, for variable declared as an array of unknown size, the actual size needs to be inferred from the initializer (e.g. `char a[] = "blah";` needs to have the type `char[5]`).

I've opened a ticket to have the extractor emit the actual type alongside the declared type, but for now, this workaround is enough to unblock progress for typical code.
 2019-02-12 12:41:21 -08:00
Robert Marsh
6ab0eaac7d Merge pull request #926 from dave-bartolomeo/dave/MemoryOperand 
C++: Rationalize `RegisterOperand` vs. `MemoryOperand`
 2019-02-12 12:18:02 -08:00
Dave Bartolomeo
f5121d71bc C++: Fix range analysis for new API 2019-02-12 09:38:11 -08:00
Asger F
d532815efe JS: remove unused predicate 2019-02-12 17:34:21 +00:00
Asger F
be10f24de7 JS: make moduleImport() work for named imports 2019-02-12 17:22:06 +00:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
Max Schaefer
41eb1ff9d0 JavaScript: Drop precision of AmbiguousIdAttribute to 'high'. 2019-02-12 16:31:29 +00:00
Max Schaefer
25f95d9fb1 JavaScript: Be more conservative about templates in AmbiguousIdAttribute. 
Previously, we only excluded attributes where the value of the attribute itself suggests templating happening. Now we exclude all attributes in documents where _any_ attribute value suggests templating.
 2019-02-12 16:31:01 +00:00
Mark Shannon
0ea33b7e91 Python: Rename class. 2019-02-12 14:37:50 +00:00
Mark Shannon
e7d2c1e179 Python: Convert ObjectOrCfg back to using extensionals for speed. 2019-02-12 14:37:19 +00:00
Mark Shannon
bcf4df840c Convert ObjectOrCfg to IPA type for stronger type-checking. 2019-02-12 14:37:19 +00:00
Mark Shannon
c767de02e6 Python: Refactor points-to origin code for better encapsulation. 2019-02-12 14:37:19 +00:00
Mark Shannon
b644891e53 Python: Fix up some typos for bottle and add a few more tests. 2019-02-12 14:26:06 +00:00
Mark Shannon
aab0a243dc Python: Add redirects to bottle framework support. 2019-02-12 14:26:06 +00:00
Mark Shannon
d514fc543d Python: Add responses to bottle framework support. 2019-02-12 14:26:06 +00:00
Mark Shannon
8d525e5295 Python: Add support for bottle framework routing and requests. 2019-02-12 14:26:06 +00:00
Anders Schack-Mulligen
15a6044445 Javascript: Autoformat qlls 2019-02-12 14:41:31 +01:00
Taus
9caa9c10bc Merge pull request #928 from markshannon/python-points-to-through-callsites 
Python: Points-to should flow through call-sites if not assigned out of scope.
 2019-02-12 14:41:12 +01:00
Asger F
3290c174c3 JS: Add DataFlow::Node.getAFunctionValue 2019-02-12 13:38:46 +00:00
Asger F
2fd1ee60a2 JS: add DataFlow::Node.getIntValue() 2019-02-12 13:38:46 +00:00
Asger F
0fd9d157f8 JS: add DataFlow::Node.getStringValue() 2019-02-12 13:38:45 +00:00
Anders Schack-Mulligen
fc9c7ea55a CSharp: Autoformat qls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
bcaaebfe7e CSharp: Autoformat qlls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
1182fca665 Javascript: Autoformat qls 2019-02-12 14:38:42 +01:00
Anders Schack-Mulligen
25469637db Java: Autoformat qls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen
63a4dd09ad Java: Autoformat qlls. 2019-02-12 14:38:08 +01:00
calum
884af9bd7f C#: Fix alert. 2019-02-12 13:34:33 +00:00
semmle-qlci
c133362660 Merge pull request #910 from xiemaisi/js/regexp-taint 
Approved by esben-semmle
 2019-02-12 13:15:16 +00:00
calum
e18eeb8d2a C#: Address review comments. 2019-02-12 12:56:58 +00:00
calum
1e1784239c C#: Alert suppression comments for lgtm[cs/catch-of-all-exceptions 2019-02-12 12:45:22 +00:00
Asger F
0444fa307d TS: update test expectations 2019-02-12 12:33:09 +00:00
Taus
583358bee3 Merge pull request #911 from markshannon/python-add-special-operation 
Python: Add 'special operation' pseudo-expression type
 2019-02-12 13:32:20 +01:00
Felicity Chapman
8c5b495c97 Merge pull request #917 from markshannon/python-extractor-change-note 
Python: Add change note for unified parser.
 2019-02-12 12:24:07 +00:00
Asger F
7a813cfb84 TS: disable type expansion by default 2019-02-12 12:21:11 +00:00
Taus
5b127eb676 Merge pull request #914 from markshannon/python-add-2-3-query-tests 
Python: Add 2/3 specific query tests.
 2019-02-12 12:54:29 +01:00
Taus
abc71cba4c Merge pull request #913 from markshannon/python-add-3-library-tests 
Python add 2/3 specific library tests
 2019-02-12 12:54:15 +01:00
calum
33e6b5e55f C#: Fix tests 2019-02-12 10:59:31 +00:00
semmle-qlci
ac3f413b87 Merge pull request #920 from xiemaisi/js/field-as-prop-write 
Approved by asger-semmle
 2019-02-12 10:48:13 +00:00
Calum Grant
0513828000 Merge pull request #922 from hvitved/csharp/cfg/remove-exception-edges 
C#: Remove some impossible CFG exception edges
 2019-02-12 10:42:07 +00:00
Calum Grant
e10ea73a07 Merge pull request #901 from hvitved/csharp/conditional-assign-join-order 
C#: Improve join order in `conditionalAssign()`
 2019-02-12 10:39:49 +00:00
Mark Shannon
220b881096 Python: Points-to should flow through call-sites if not assigned outside of scope. 2019-02-12 09:57:45 +00:00
Mark Shannon
384fa5db3f Python: clarfiy change note. 2019-02-12 09:53:00 +00:00
Calum Grant
b557b7b438 Merge pull request #895 from hvitved/csharp/get-a-thrown-exception 
C#: Avoid using `ExceptionClass` in deliberate Cartesian products
 2019-02-12 09:49:03 +00:00
Dave Bartolomeo
c224bbd767 C++: Fix Operand.getSize() 2019-02-11 17:48:59 -08:00
calum
b51eb2cb92 C#: Fix tags in documentation. 2019-02-11 17:52:55 +00:00