hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
477be260f3 JS: rename UselessRangeCheck -> UselessComparisonTest 2018-11-29 11:22:14 +00:00
Asger F
2e65f6b660 JS: address some style comments 2018-11-29 11:22:14 +00:00
Asger F
2870209299 JS: fix links in qhelp file 2018-11-29 11:22:14 +00:00
Asger F
76a69f4ff2 JS: address review comments 2018-11-29 11:22:14 +00:00
Asger F
f3020f776e JS: avoid extending self-edges 2018-11-29 11:22:14 +00:00
Asger F
4a367d3fdb JS: more efficient encoding of unary constraints 2018-11-29 11:22:14 +00:00
Asger F
5283c6cd48 JS: only warn about dead code 2018-11-29 11:22:14 +00:00
Asger F
2d6bf0aff3 JS: improve join ordering in extendedEdge 2018-11-29 11:22:14 +00:00
Asger F
84ea4cf1d1 JS: manually reorder extendedEdge and negativeEdge 2018-11-29 11:22:14 +00:00
Asger F
344bec3865 JS: Add UselessRangeCheck.ql 2018-11-29 11:22:14 +00:00
Asger F
d813635f3e JS: Restrict constraint generation to relevant nodes 2018-11-29 11:22:14 +00:00
Asger F
43df9538bf JS: be conservative in presence of NaN comments 2018-11-29 11:22:14 +00:00
Asger F
feb8a8c4fd JS: restrict bias to 30-bit range to avoid overflow 2018-11-29 11:22:14 +00:00
Asger F
20aa4e1f6d JS: handle sharp inequalities directly 2018-11-29 11:22:14 +00:00
Asger F
9d8d953292 JS: perform widening when adding operands of very different magnitude 2018-11-29 11:22:14 +00:00
Asger F
6c53ad80c7 JS: add constant constraints in range analysis 2018-11-29 11:22:13 +00:00
Asger F
064b1099eb JS: range analysis through phi nodes 2018-11-29 11:22:13 +00:00
Asger F
09ca6652fb JS: Support return value of x++ 2018-11-29 11:22:13 +00:00
Asger F
73cbdee691 JS: Compound assignments and update exprs in range analysis 2018-11-29 11:22:13 +00:00
Asger F
a374540c55 JS: Range analysis library 2018-11-29 11:22:13 +00:00
Max Schaefer
8637eaf100 JavaScript: Address review comments. 2018-11-29 10:48:44 +00:00
Felicity Chapman
f6fe8d5a28 Text updates for consistency and clarity 2018-11-29 10:20:13 +00:00
mc
83d4fb6711 Merge pull request #559 from xiemaisi/js/invalid-dynamic-method-call 
JavaScript: Documentation review for new query `UnvalidatedDynamicMethodCall`.
 2018-11-29 09:59:53 +00:00
Max Schaefer
5f16406ad7 JavaScript: Add new query HardcodedDataInterpretedAsCode. 2018-11-29 09:52:31 +00:00
Max Schaefer
94a5722c2a JavaScript: Model taint propagation through new Buffer and Buffer.from. 2018-11-29 09:52:31 +00:00
Max Schaefer
4091cf410d JavaScript: Improve detection of require calls. 2018-11-29 09:52:31 +00:00
Jonas Jensen
d991fa84b1 Merge pull request #552 from geoffw0/move-security-tests-add 
CPP: Add the Semmle security tests.
 2018-11-29 10:49:20 +01:00
Max Schaefer
506236994f JavaScript: Address doc review comments. 2018-11-29 09:49:13 +00:00
Geoffrey White
9d95291124 CPP: Delete the CPython queries and libraries. 2018-11-29 09:29:46 +00:00
Geoffrey White
909ff428ac CPP: Deprecate the CPython queries. 2018-11-29 09:28:29 +00:00
Tom Hvitved
ab7a094439 C#: Include CFG splits in Ssa::Definition::toString() 
Just like syntax elements can be split in the control flow graph, so can SSA
definitions. To make this clear, and to make debugging easier, this commit
adds the splits as a prefix in the textual representation of SSA definitions.
 2018-11-29 10:00:08 +01:00
semmle-qlci
d64067aaae Merge pull request #558 from xiemaisi/js/sanitise-access-paths 
Approved by asger-semmle
 2018-11-29 08:27:58 +00:00
Dave Bartolomeo
40864f9ebb C++: Fix GVN test expectation 2018-11-28 14:07:23 -08:00
semmle-qlci
d31c9950f9 Merge pull request #566 from ian-semmle/defuse_test 
Approved by dave-bartolomeo
 2018-11-28 20:48:14 +00:00
Geoffrey White
d261f1b6d2 CPP: Deprecate the PointsTo tests. 2018-11-28 20:23:33 +00:00
calum
f2d7b6ebe9 C#: Change notes. 2018-11-28 20:21:34 +00:00
Tom Hvitved
3eb163f656 C#: Account for split SSA definitions in guards library 
On 03e69e9945, I updated the guards library to account
for control flow graph splitting. However, the logic that relates SSA qualifiers for
the guard and the guarded expression was not updated accordingly.
 2018-11-28 20:00:13 +01:00
Tom Hvitved
1a25f0a068 C#: Add test for guard inside a split CFG block 2018-11-28 19:59:05 +01:00
Dave Bartolomeo
d7938362dd C++: Rename Chi IPA types to match classes 2018-11-28 10:33:04 -08:00
Geoffrey White
1232694340 CPP: Add external/jpl tags. 2018-11-28 18:18:28 +00:00
calum
6c6d7e4fff C#: Fix false-positives in cs/index-out-of-bounds. 2018-11-28 17:42:08 +00:00
Taus
595e6fcbf8 Merge pull request #550 from markshannon/python-weak-crypto 
Python: Query for use of weak crypto keys.
 2018-11-28 18:21:27 +01:00
Mark Shannon
a345727f71 Python fix up tags in qhelp. 2018-11-28 17:14:07 +00:00
Ian Lynagh
6cb6b1c07d C++: Tweak the defuse test 
It looks like this is what it was originally intended to do.
 2018-11-28 17:11:17 +00:00
Mark Shannon
b3eaa46f14 Python: Use consistent abbreviations in weak-crypto query message. 2018-11-28 16:58:22 +00:00
Mark Shannon
4f0a666a43 Python: Tweak name of new query and add change note. 2018-11-28 16:58:22 +00:00
Mark Shannon
3c4c8cf7d3 Python: Add qhelp for new query. 2018-11-28 16:57:34 +00:00
Mark Shannon
1065ad0ce7 Python: Weak crypto query. 2018-11-28 16:57:34 +00:00
Mark Shannon
2bf98b805d Python: Delete some misleading qhelp and rename a couple of queries. 2018-11-28 16:53:38 +00:00
Taus
c75fa28510 Merge pull request #538 from markshannon/python-jinja2-autoescape 
Python: New query to check for use of jinja2 templates without auto-escaping
 2018-11-28 17:32:17 +01:00