hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 16:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
c26ae26f53 JS: support explicit type arguments for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen
45a4026385 JS: support additional export statements for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen
c6f9a043ca JS: support additional import statements for Flow 2019-01-13 22:10:56 +01:00
Robert Marsh
eabc674bb3 Merge pull request #747 from jbj/cfg-remove-cfg.ql 
C++: Delete library-tests/qlcfg/cfg.ql
 2019-01-11 11:57:26 -08:00
Jonas Jensen
ef331ee68c Merge pull request #633 from Semmle/rdmarsh/cpp/range-analysis 
C++: New range analysis
 2019-01-11 19:32:20 +01:00
Geoffrey White
c8cbc8ea5a Merge pull request #751 from jbj/hides-parameter-crossfile 
C++: Improvements to "Declaration hides parameter"
 2019-01-11 18:00:50 +00:00
Geoffrey White
a656c692bb Merge pull request #752 from jbj/large-parameter-assignment 
C++: Exclude copy assignment in LargeParameter.ql
 2019-01-11 17:54:30 +00:00
semmle-qlci
04c15028ab Merge pull request #750 from aschackmull/javascript/autoformat 
Approved by xiemaisi
 2019-01-11 16:35:38 +00:00
calum
e76eb1641a C#: Address review comment. 2019-01-11 16:13:04 +00:00
Taus
dcdbc00430 Merge pull request #753 from markshannon/python-fix-regex-test-depth 
Python tests: Increase import depth to ensure sre_constants module is imported.
 2019-01-11 16:46:56 +01:00
Nick Rolfe
e8f4127fe5 C++: fix wording in GVN qldoc comment 2019-01-11 13:56:52 +00:00
Tom Hvitved
36e4b879e9 C#: Remove comment 2019-01-11 14:32:34 +01:00
Anders Schack-Mulligen
db9407bae5 Javascript: Update .expected files. 2019-01-11 14:27:16 +01:00
Jonas Jensen
ca3554dcc6 C++: Incorporate docs review comments 2019-01-11 14:18:15 +01:00
Jonas Jensen
b65e2f8b79 C++: Put QLDoc on two helper predicates 2019-01-11 14:07:22 +01:00
Tom Hvitved
390ebc96ae C#: Autoformat QL files 2019-01-11 13:55:28 +01:00
Taus Brock-Nannestad
b5dc0134a7 Python: Move query suites to public repo. 2019-01-11 13:46:47 +01:00
calum
de4f592bba C#: Add alert suppression comments for cs/similar-file 2019-01-11 12:36:20 +00:00
calum
a44a86bf6f C#: Add alert suppression comments. Rename e to ex in catch clauses for consistency. 2019-01-11 12:32:24 +00:00
Jonas Jensen
6385dd38cf C++: Exclude operator= in ExprHasNoEffect 2019-01-11 13:30:08 +01:00
Jonas Jensen
95e457cb49 C++: Add test with FP in ExprHasNoEffect 2019-01-11 13:18:44 +01:00
Mark Shannon
33a2315ba0 Python tests: Increase import depth to ensure sre_constants module is imported. 2019-01-11 12:15:56 +00:00
calum
fb0cae87a8 C#: Fix some alerts, and fix a potential NullReferenceException. 2019-01-11 12:12:11 +00:00
Jonas Jensen
1cc36dd969 C++: Exclude copy assignment in LargeParameter.ql 
The purpose of the copy assignment operator is to copy the object, so we
should not complain that a copy happens when passing the parameter. See
https://en.wikibooks.org/wiki/More_C++_Idioms/Copy-and-swap for details.
 2019-01-11 12:00:02 +01:00
Jonas Jensen
4ea3849595 C++: Add failing test case for LargeParameter.ql 2019-01-11 11:53:04 +01:00
semmle-qlci
b0dd3dfeb1 Merge pull request #502 from xiemaisi/js/summaries 
Approved by asger-semmle
 2019-01-11 10:27:03 +00:00
Jonas Jensen
b38ca944f4 C++: Work around CPP-331 
This change suppresses results from "Declaration hides parameter" where
the ParameterDeclarationEntry does not link up to the right
FunctionDeclarationEntry.
 2019-01-11 11:26:43 +01:00
Max Schaefer
f9d704bdcf JavaScript: Add example of indirect command injection. 2019-01-11 10:24:41 +00:00
Jonas Jensen
2268f1fee6 C++: Speed up "Declaration hides parameter" 
Bad magic ended up in `LocalVariable.getFunction` and effectively
created a Cartesian product. Before this change, the timing looked like
this:

    Variable::LocalVariable::getFunction_dispred#bb ... 50.1s
    #select#cpe#123#fff ............................... 20.6s

After this change, those predicates become much faster:

    Variable::LocalVariable::getFunction_dispred#ff ... 121ms
    DeclarationHidesParameter::localVariableNames#fff . 77ms
    #select#cpe#123#fff ............................... 28ms

Introducing the predicate `localVariableNames` ensures that we can do
the main join on two columns simultaneously, so that's a change we
should keep even if we remove the `pragma[nomagic]` later.
 2019-01-11 11:06:18 +01:00
Jonas Jensen
8a435ae321 C++: Autoformat "Declaration hides parameter" 2019-01-11 11:02:52 +01:00
Anders Schack-Mulligen
e58094c732 Javascript: Autoformat. 2019-01-11 11:02:42 +01:00
Max Schaefer
7d2d33840a JavaScript: Track flow through forwarding higher-order calls. 2019-01-11 09:15:58 +00:00
Tom Hvitved
c06fc2af09 C#: Remove DefUse.qll 2019-01-11 09:35:38 +01:00
Max Schaefer
59bac829b1 JavaScript: Refactor flowsIntoHigherOrderCall predicate. 2019-01-11 08:34:09 +00:00
Max Schaefer
edc5117dfd JavaScript: Track flow into (simple) higher-order function calls. 
The only case we support for now are functions that invoke one of their arguments, passing another argument as input.
 2019-01-11 08:11:15 +00:00
Max Schaefer
414ab8ea8c JavaScript: Refactor argumentPassing. 2019-01-11 07:57:58 +00:00
Esben Sparre Andreasen
9af6a81a58 JS: change note for ODASA-7636 fix 2019-01-11 08:37:01 +01:00
Esben Sparre Andreasen
d0372dd290 JS: reuse a variable 2019-01-11 08:34:17 +01:00
Esben Sparre Andreasen
d3543b74c0 JS: fixup: use the basic block of the actual write (ODASA-7636) 2019-01-11 08:34:17 +01:00
Jonas Jensen
88a251c05a C++: Delete library-tests/qlcfg/cfg.ql 
This test was intended to catch regressions in the CFG, but it looks
like it's just catching insignificant extractor changes. The test has
started failing after some recent extractor changes, but I have no way
to pinpoint the failure and understand whether it's a problem or not, so
I think it's better to delete this test.

The remaining tests check whether the QL-based CFG generates the same
graph as the extractor-based CFG. Furthermore, the `successor-tests`
check that the extractor-based CFG works as intended.
 2019-01-11 08:24:07 +01:00
Tom Hvitved
0f7dc51e89 C#: Fix performance issue in isValidExplicitParamsType() 2019-01-10 21:19:23 +01:00
Tom Hvitved
2197736128 C#: Speedup cs/missed-readonly-modifier 2019-01-10 20:57:36 +01:00
Robert Marsh
c455db9e59 C++: update test expectations 2019-01-10 11:24:13 -08:00
Geoffrey White
87569d14b9 CPP: QLDoc comments. 2019-01-10 17:38:42 +00:00
Geoffrey White
ba3bc1596b CPP: Manual fixup. 2019-01-10 15:28:13 +00:00
Geoffrey White
c4b01d0816 CPP: Autoformat some other untidy source files. 2019-01-10 15:28:13 +00:00
Geoffrey White
28261d6787 Merge pull request #737 from jbj/cfg-perf 
C++: QL CFG performance and tweaks
 2019-01-10 14:45:53 +00:00
Geoffrey White
f2e68da322 CPP: Use dataflow to find wrapped rounding functions. 2019-01-10 14:44:11 +00:00
Geoffrey White
207c4d365a CPP: Test wrapped rounding functions more thoroughly. 2019-01-10 14:39:23 +00:00
Geoffrey White
4f002291c5 CPP: Add exception for builtins. 2019-01-10 14:16:57 +00:00