hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
3b383e3aaf Merge pull request #635 from Semmle/xiemaisi-patch-3 
Approved by esben-semmle
 2018-12-07 14:02:48 +00:00
Max Schaefer
74e70615ed JavaScript: Fix performance regression in MixedStaticInstanceThisAccess. 2018-12-07 13:17:36 +00:00
Aditya Sharad
fcfab26267 Merge rc/1.19 into next. 2018-12-07 12:31:51 +00:00
Tom Hvitved
664453707a C#: Speedup Assertions::strictlyDominates() and ControlFlowElement::controlsBlock() 
Only calculate dominance by explicit recursion for split nodes; all other nodes
can use regular CFG dominance.
 2018-12-07 12:03:12 +01:00
Anders Schack-Mulligen
6beb396d93 Merge pull request #634 from yh-semmle/java/field-annotations 
Java: account for change to field annotation extraction
 2018-12-07 11:29:46 +01:00
Tom Hvitved
2a30dee8df Merge pull request #621 from calumgrant/cs/invalid-key 
C#: Fix [INVALID_KEY] error
 2018-12-07 11:24:45 +01:00
Tom Hvitved
c887dc89dc C#: Fix a bug in ThrowingCallable 
A method such as

```
void M()
{
    throw new Exception();
}
```

was incorrectly not categorized as a `ThrowingCallable`, that is, a callable
that always throws an exception upon invocation.
 2018-12-07 10:56:11 +01:00
Geoffrey White
b1e7649d02 CPP: Add functions containing errors to the sideEffects tests. 2018-12-07 09:54:36 +00:00
Tom Hvitved
243af36167 C#: Add more CFG tests with throwing methods 2018-12-07 10:43:45 +01:00
Tom Hvitved
fce805834e C#: Address review comments 2018-12-07 09:40:49 +01:00
Max Schaefer
74e3709de1 JavaScript: Add missing query id in change notes. 2018-12-07 08:25:28 +00:00
Jonas Jensen
00e52df371 C++: Rename "Incorrect 'not' operator usage" 
This makes the casing consistent with our other queries.
 2018-12-07 09:24:35 +01:00
yh-semmle
bc78219653 Java: account for change to field annotation extraction 2018-12-06 23:06:14 -05:00
yh-semmle
a709783fe5 Merge pull request #622 from ian-semmle/range_for 
C++: Follow range for statement test output changes
 2018-12-06 23:05:08 -05:00
semmle-qlci
9e73ed71b9 Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization 
Approved by mc-semmle
 2018-12-06 20:46:37 +00:00
Dave Bartolomeo
ebbd701188 C++: Fix PR feedback 2018-12-06 12:35:43 -08:00
Dave Bartolomeo
84b39bf999 C++: Simplify models for side effects and alias info. 2018-12-06 12:35:33 -08:00
yh-semmle
c2116f0d91 Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
Esben Sparre Andreasen
4f53411397 JS: recognize HTTP URLs in js/incomplete-url-sanitization 2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen
56fb63adbc JS: change notes for js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen
229eea00dc JS: add query js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
semmle-qlci
3397533045 Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen
bf048e7e49 JS: change notes for persistent storage taint step and cookie models 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
45b207c21b JS: introduce models of three cookie libraries 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Jonas Jensen
0a496c1d3d Merge pull request #617 from geoffw0/unusedstatic 
CPP: Fix false positives in UnusedStaticVariables.ql
 2018-12-06 14:09:52 +01:00
Taus
cb93017d98 Merge pull request #606 from markshannon/python-fix-regex-fp 
Python: Fix off-by-one error in regex parsing.
 2018-12-06 12:59:44 +01:00
Ian Lynagh
8d655c74ae C++: Follow range for statement test output changes 2018-12-06 11:12:46 +00:00
Esben Sparre Andreasen
7fb752784a JS: introduce persistent read/write pairs as a taint step 2018-12-06 10:36:10 +01:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Felicity Chapman
6a7b528280 1.19: Finalize change notes for JavaScript 2018-12-06 08:44:35 +00:00
semmle-qlci
bc91e0f53b Merge pull request #624 from Semmle/xiemaisi-patch-2 
Approved by esben-semmle
 2018-12-06 08:04:37 +00:00
Max Schaefer
305b8a6723 Merge pull request #620 from xiemaisi/js/qhelp-for-ms-queries 
JavaScript: Add query help for two externally contributed queries.
 2018-12-06 08:04:13 +00:00
Max Schaefer
75842fec1c Merge pull request #627 from samlanning/inconsistentStateExample 
JS: Fix syntax error in js/react/inconsistent-state-update example
 2018-12-06 08:03:32 +00:00
Sam Lanning
2ea148016c JS: Fix syntax error in js/react/inconsistent-state-update example 2018-12-05 16:44:40 -08:00
Dave Bartolomeo
2b80aee557 C++: Use getConvertedResultExpr in IR-based dataflow 
This sort of fixes one FP and causes a new FN, but for the wrong reasons. The IR dataflow is tracking the reference itself, rather than the referred-to object. Once we can better model indirections, we can make this work correctly.

This change is still the right thing to do, because it ensures that the dataflow is looking at actual expression being computed by the instruction.
 2018-12-05 12:34:44 -08:00
Dave Bartolomeo
e8efb32156 C++: Remove StoreDestinationAsPostUpdateNode 2018-12-05 11:33:48 -08:00
Dave Bartolomeo
65360b23f9 C++: Change model API based on feedback 
I've separated the model interface for memory side effects from the model for escaped addresses. It will be fairly common for a given model to extend both interfaces, but they are used for two different purposes.

I've also put each model interface and the non-member predicates that query it into a named module, which seemed cleaner than having predicates named `functionModelReadsMemory()` and `getFunctionModelParameterAliasBehavior()`.
 2018-12-05 10:58:46 -08:00
Taus
a8354b98d9 Merge pull request #626 from felicity-semmle/1.19/python-change-notes 
Update logging information based on 'extractor-python.md'
 2018-12-05 17:42:56 +01:00
Felicity Chapman
c735043772 Update for feedback 2018-12-05 16:36:34 +00:00
Felicity Chapman
9ef50a7876 Update logging information based on 'extractor-python.md' 2018-12-05 16:13:05 +00:00
Nick Rolfe
d577ee8849 Merge pull request #613 from ian-semmle/catch 
C++: Test output changes following CatchAny fix
 2018-12-05 16:02:43 +00:00
Ian Lynagh
7d8a8de53d C++: Test output changes following CatchAny fix 2018-12-05 15:35:54 +00:00
Max Schaefer
13a9903c21 JavaScript: Remove redundant conjunct in MixedStaticInstanceThisAccess. 
Minor cleanup, but might as well go into the release.
 2018-12-05 15:11:32 +00:00
Max Schaefer
a1f210df67 JavaScript: Address review comments. 2018-12-05 14:10:06 +00:00
calum
919d7cbf01 C#: Fix [INVALID_KEY] errors. 2018-12-05 13:55:55 +00:00
Geoffrey White
f6a87574f0 CPP: Add query ID to change note. 2018-12-05 13:55:46 +00:00
Max Schaefer
22502e7a10 JavaScript: Add query help for FileAccessToHttp query. 2018-12-05 13:12:52 +00:00
Max Schaefer
92c1e655dd JavaScript: Add query help for HttpToFileAccess query. 2018-12-05 12:58:38 +00:00
Tom Hvitved
733c7b0a8f Merge pull request #616 from felicity-semmle/1.19/c#-finalize-release-notes 
1.19: Finalize release notes for C#
 2018-12-05 11:17:19 +01:00