hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
5c9939b8ef Merge pull request #390 from esben-semmle/js/improve-useless-conditional-message 
Approved by xiemaisi
 2018-11-05 16:34:59 +00:00
Tom Hvitved
2d25a04a2e C#: Add test for guard implications logic 2018-11-05 16:47:10 +01:00
Geoffrey White
a38fefe7ba CPP: Fix trailing space. 2018-11-05 15:21:27 +00:00
Tom Hvitved
f5e6b79add C#: Address review comments 2018-11-05 16:14:15 +01:00
Geoffrey White
27fe996269 CPP: Change note. 2018-11-05 15:11:17 +00:00
Geoffrey White
3cb4211c78 CPP: Exclude code in macro invocations. 2018-11-05 15:07:22 +00:00
Geoffrey White
b4adfec2ef CPP: Add test case. 2018-11-05 14:19:16 +00:00
Esben Sparre Andreasen
651f32514b JS: use 'Util::describeExpression' in js/trivial-conditional 2018-11-05 13:00:07 +01:00
Esben Sparre Andreasen
4e54af3b41 JS: introduce 'Util::describeExpression' 2018-11-05 12:58:12 +01:00
Asger F
e670919807 JS: mention @type tag in qhelp 2018-11-05 11:31:32 +00:00
Asger F
ad7ecc1df0 JavaScript: added change note 2018-11-05 11:31:32 +00:00
Asger F
e39b0c7a75 JavaScript: address comments 2018-11-05 11:31:02 +00:00
Asger F
4f4ad2b942 JavaScript: ignore self-assignments with a JSDoc comment 2018-11-05 11:31:02 +00:00
Tom Hvitved
2846d80f1c Merge pull request #359 from calumgrant/cs/with-stubs 
C#: Sources and sinks for ASP.NET Core
 2018-11-05 11:46:02 +01:00
Jonas Jensen
9a3907c97f C++: Performance fix for FlowVar.getAnAccess 
The previous formulation of this predicate caused a CP in snapshots
where a variable had a large number of definitions and also reached a
large number of sub-basic-blocks.

This should fix performance of https://github.com/FrodeSolheim/fs-uae
and https://github.com/libretro/libretro-uae.

The `FlowVar.getAnAccess` predicate is still at risk of CP'ing when a
large group of defs has a large group of uses, but that has not been
observed to happen in practice yet. We would need to make
`localFlowStep` expose phi definitions in order to avoid that risk.
 2018-11-05 10:52:17 +01:00
semmle-qlci
b743ee4179 Merge pull request #314 from esben-semmle/js/json-stringify-as-command-line-injection-source-heuristic 
Approved by xiemaisi
 2018-11-05 07:37:36 +00:00
Arthur Baars
a525c181e2 Merge pull request #400 from adityasharad/merge/1.18-master-021118 
Merge rc/1.18 into master.
 2018-11-03 20:43:48 +01:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
13f0a401f3 C#: Update analysis change notes. 2018-11-02 16:46:48 +00:00
calum
aff47c9f38 C#: Tidy up whitespace. 2018-11-02 16:45:48 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Geoffrey White
1561363582 CPP: Speed up illDefined*ForStmt in inconsistentLoopDirection.ql. 2018-11-02 16:01:23 +00:00
Aditya Sharad
3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Arthur Baars
19f238a51a Merge pull request #399 from adityasharad/version/1.18.2-dev 
Version: Bump to 1.18.2 dev.
 2018-11-02 08:56:33 +01:00
Max Schaefer
e77ea62179 JavaScript: Tweak storeStep predicate. 2018-11-01 21:24:16 -04:00
Max Schaefer
94bba88080 JavaScript: Avoid unhelpful magic. 2018-11-01 21:22:51 -04:00
Max Schaefer
a72507a621 JavaScript: Remove a pragma[noopt]. 2018-11-01 21:22:03 -04:00
Aditya Sharad
3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
Geoffrey White
40ad2c9db9 Merge pull request #397 from pavgust/fix/suspicious-memset-perf 
SuspiciousCallToMemset: Simplify pointer indirection computation
 2018-11-01 18:46:30 +00:00
semmle-qlci
b130335adb Merge pull request #398 from aschackmull/java/autoformat 
Approved by yh-semmle
 2018-11-01 16:57:30 +00:00
Anders Schack-Mulligen
41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
Geoffrey White
a3dfa3140c CPP: Make Handlers always begin a BasicBlock. 2018-11-01 15:27:43 +00:00
Pavel Avgustinov
d5c8ea38b1 SuspiciousCallToMemset: Simplify pointer indirection computation 2018-11-01 14:34:04 +00:00
ian-semmle
cb3a6514f8 Merge pull request #389 from adityasharad/merge/master-next-311018 
Merge master into next.
 2018-11-01 14:13:45 +00:00
Esben Sparre Andreasen
8f3497a7bf JS: improve tests for interprocedural type inference 2018-11-01 13:51:38 +01:00
semmle-qlci
08833465a0 Merge pull request #386 from xiemaisi/js/lodash_partial 
Approved by esben-semmle
 2018-11-01 09:44:14 +00:00
semmle-qlci
86b3f0156b Merge pull request #387 from xiemaisi/js/amd-fixes 
Approved by esben-semmle
 2018-11-01 09:42:17 +00:00
semmle-qlci
a22aa3524e Merge pull request #388 from asger-semmle/revert-useless-conditional 
Approved by esben-semmle
 2018-11-01 09:23:19 +00:00
Jonas Jensen
ea601b2dc0 Merge pull request #352 from dave-bartolomeo/dave/Operands 
C++: Operands as IPA types
 2018-11-01 10:12:38 +01:00
semmle-qlci
fa81084d79 Merge pull request #330 from aschackmull/java/zipslip 
Approved by yh-semmle
 2018-10-31 14:40:43 +00:00
calum
7494bd66a4 C#: Address review comment. 2018-10-31 14:22:19 +00:00