hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 09:40:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
274147c87a Merge pull request #4339 from joefarebrother/printAST-java-var-decls 
Java: Add synthetic nodes for `LocalVariableDeclExpr`s in the AST view
 2020-09-28 10:21:25 +01:00
Rasmus Wriedt Larsen
3af5c720cc Python: Add test of more indirect command injection sinks 2020-09-28 11:16:52 +02:00
Rasmus Wriedt Larsen
f7f6564189 Python: Model subprocess.Popen (and helpers) 2020-09-28 11:13:04 +02:00
Rasmus Wriedt Larsen
62dc0dd263 Python: Model os.exec* os.spawn* and os.posix_spawn* 
I also had to exclude the inline expectation tests from files outside the test
repo.
 2020-09-28 11:05:33 +02:00
Rasmus Wriedt Larsen
c440fd0c09 Python: Adjust expectations for system command executions 
I mostly did this to show my reviewers that the tests actually run and do
something ;)
 2020-09-28 11:05:33 +02:00
Rasmus Wriedt Larsen
060720aae7 Python: Add tests for all SystemCommandExecution from stdlib 
Overall idea is that `test/experimental/meta/ConceptsTest.qll` will set up
inline expectation tests for all the classes defined in `Concepts.qll`, so any
time you model a new instance of Concepts, you simply just import that
file. That makes the tests a little verbose, but allows us to share test-setup
between all the different frameworks we model.

Note that since the definitions of SystemCommandExecution subclasses are
scattered across multieple framework modeling qll files, it think it makes the
most sense to have the tests for each framework in one location.

I'm not 100% convinced about if this is the right choice or not (especially when
we want to write tests for sanitizers), but for now I'm going to try it out at
least.
 2020-09-28 11:05:32 +02:00
Tamas Vajk
a635503be0 Add test cases to UselessCastToSelf 2020-09-28 11:04:22 +02:00
Tamas Vajk
3577b27f49 Fix to not report on enum member initialization 2020-09-28 11:04:22 +02:00
Tamas Vajk
77bb1b2cd9 C#: Extract constant value of enum member equal clauses 2020-09-28 11:04:22 +02:00
Tamas Vajk
a6b62a3838 C#: Add enum init value test 2020-09-28 10:56:50 +02:00
Geoffrey White
11587c930b C++: Autoformat. 2020-09-28 09:19:35 +01:00
Tamás Vajk
20c4d94ccc Merge pull request #4318 from tamasvajk/feature/pointer-cast 
C#: Add implicit cast from array to pointer
 2020-09-28 09:34:54 +02:00
Erik Krogh Kristensen
664342dd0f change SimpleParameter to Parameter in the express model to support destructuring parameters 2020-09-26 21:31:06 +02:00
Robert Marsh
27dc49ff7a C++: Fix performance issue in PartialDefinition 2020-09-25 19:08:07 -07:00
Robert Marsh
713bdae77a C++: sync identical files 2020-09-25 13:54:58 -07:00
Robert Marsh
9240256a9f C++: fix QLDoc 2020-09-25 11:55:39 -07:00
Rasmus Wriedt Larsen
2acfd4cdb1 Python: Show we're able to handle example with __init__.py files 2020-09-25 18:28:31 +02:00
Taus
fc84286b56 Merge pull request #3830 from yoff/SharedDataflow_FieldFlow 
Python: Shared dataflow: Field flow
 2020-09-25 14:53:57 +02:00
CodeQL CI
ea5feb2b0a Merge pull request #4331 from erik-krogh/DVNA-files 
Approved by esbena
 2020-09-25 05:21:03 -07:00
Erik Krogh Kristensen
6b9aea82ca model method calls in the needle library 2020-09-25 14:13:31 +02:00
Erik Krogh Kristensen
a22ddb145b model calls to needle 2020-09-25 13:53:22 +02:00
Rasmus Lerchedahl Petersen
4621e6d8c0 Python: fix QL format 2020-09-25 13:37:39 +02:00
Rasmus Lerchedahl Petersen
88bba46698 Python: Modify tests based on review 
The extra hist in `test.py` seen in `globalStep.expected`
are due to the removal of manual filtering code.
(That code was from when dataflow had many strange things in it.)
 2020-09-25 13:35:30 +02:00
Max Schaefer
0ccbaf9e88 JavaScript: Handle empty package.json files gracefully. 2020-09-25 12:12:39 +01:00
Joe
5256c0ba39 Java: Improve PrintAst tests and rename things 
Add tests for `EnhcancedForStmt`s and `InstanceOfExpr`s.
Rename LocalVarDeclParent to SingleLocalVarDeclParent
 2020-09-25 11:31:56 +01:00
yoff
c56ff986d4 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-25 11:56:50 +02:00
Rasmus Wriedt Larsen
85607fe2d5 Python: Adjust location for .expected output 2020-09-25 11:56:45 +02:00
Rasmus Wriedt Larsen
3d5511221e Python: Add test for implicit __init__.py files 2020-09-25 11:48:38 +02:00
Rasmus Wriedt Larsen
120a569c6f Python: Explain how CallGraph test.py even works 
Also remove options file, since it did nothing at all (and blocked
experimental/library-tests/options from taking effect)
 2020-09-25 11:42:59 +02:00
Geoffrey White
09b5fb6753 C++: Fix comments. 2020-09-25 10:41:25 +01:00
CodeQL CI
4deb43f361 Merge pull request #4323 from RasmusWL/python-new-command-injection-query 
Approved by tausbn
 2020-09-25 02:39:46 -07:00
Geoffrey White
6fd1bf89c1 C++: Change note. 2020-09-25 10:33:40 +01:00
Esben Sparre Andreasen
ba0a2e1665 JS: tag consistency: replace cwe-20 with cwe-020 2020-09-25 10:28:05 +02:00
CodeQL CI
7b1dbb4364 Merge pull request #4337 from max-schaefer/js/fix-indirect-command-injection 
Approved by asgerf
 2020-09-25 00:18:55 -07:00
Robert Marsh
1445b31864 C++: QLDoc for Operand 2020-09-24 16:34:16 -07:00
Robert Marsh
e51b9215e4 C++: QLDoc for Overlap in IR construction 2020-09-24 15:56:29 -07:00
Robert Marsh
e9b1d817c7 C++: QLDoc for VirtualVariable in IR construction 2020-09-24 15:55:57 -07:00
Robert Marsh
46ff4d524f C++: autoformat 2020-09-24 14:54:31 -07:00
Erik Krogh Kristensen
b8154d41b1 type-track objects where the "$where" property has been written 2020-09-24 20:55:25 +02:00
Robert Marsh
ca06637de0 C++: add qldoc comment 2020-09-24 10:40:45 -07:00
Geoffrey White
ec3c1568d2 C++: Model erase. 2020-09-24 18:38:29 +01:00
Geoffrey White
8b91d5077d C++: Model find. 2020-09-24 18:38:29 +01:00
Geoffrey White
d550741c0c C++: Model insert_or_assign. 2020-09-24 18:38:28 +01:00
Geoffrey White
c51294e423 C++: Model operator[] and at. 2020-09-24 18:38:28 +01:00
Geoffrey White
13b15d9bcd C++: Model swap. 2020-09-24 18:38:27 +01:00
Geoffrey White
6119bf3430 C++: Model begin and end. 2020-09-24 18:38:27 +01:00
Geoffrey White
25e0c680c6 C++: Model insert. 2020-09-24 18:38:27 +01:00
Robert Marsh
094b06ec2a C++: remove unneeded predicate 2020-09-24 10:37:38 -07:00
CodeQL CI
19316930cd Merge pull request #4310 from asgerf/js/extract-xml-with-codeql 
Approved by aibaars, esbena
 2020-09-24 10:14:46 -07:00
Geoffrey White
0dca7f81bc C++: Model std::swap. 2020-09-24 15:49:33 +01:00