hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alessio Della Libera
5cae3005f3 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:20:22 +02:00
Alessio Della Libera
10bd745740 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:18:54 +02:00
Alessio Della Libera
8d26b810ee Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:17:16 +02:00
Alessio Della Libera
0c121062b6 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:54 +02:00
Alessio Della Libera
67fccac8a9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-16 14:13:03 +02:00
Jonas Jensen
768e5190a1 Merge pull request #4080 from geoffw0/split 
C++: Split test file stl.cpp
 2020-08-14 15:59:46 +02:00
Geoffrey White
89c2b6dc4b Merge remote-tracking branch 'upstream/master' into split 2020-08-14 14:03:34 +01:00
Rasmus Lerchedahl Petersen
7ea3fc04c8 Python: adjust test annotation (for after feature) 2020-08-14 14:46:39 +02:00
Rasmus Lerchedahl Petersen
4bc04486cb Python: Annotate tests (as before the new feature) 2020-08-14 14:41:35 +02:00
Tom Hvitved
357109a410 C#: Use DataFlow3 instead of DataFlow2 in Xml.qll to avoid overlap 
`semmle.code.csharp.frameworks.system.Xml` is imported in `LibraryTypeDataFlow.qll`,
and therefore part of the default namespace. This means that the use of `DataFlow2`
inside `Xml.qll` overlaps with some queries. Bumping to `DataFlow3` resolves the issue.
 2020-08-14 14:33:12 +02:00
Rasmus Lerchedahl Petersen
2817602a97 Merge branch 'master' of github.com:github/codeql into SharedDataflow_ParameterTests 2020-08-14 14:27:57 +02:00
Jonas Jensen
fe72b559d3 C++: Range analysis for unsigned AssignMulExpr 
This is essentially a copy-paste job of `AssignAddExpr`, together with
the math from the `UnsignedMulExpr` support.
 2020-08-14 14:19:54 +02:00
Rasmus Lerchedahl Petersen
e808d3033a Python: Add magic to DataFlowCall 2020-08-14 14:19:18 +02:00
CodeQL CI
e9a36b2524 Merge pull request #4062 from tausbn/python-fix-unknown-import-star 
Approved by yoff
 2020-08-14 13:17:45 +01:00
Jonas Jensen
f90d779122 C++: Fix SimpleRangeAnalysis for AssignOperation 
The range analysis wasn't producing useful bounds for `AssignOperation`s
(`+=`, `-=`) unless their RHS involved a variable. This is because a
shortcut was made in the `analyzableDef` predicate, which used to
specify that an analyzable definition was one for which we'd specified
the dependencies. But we can't distinguish between having _no
dependencies_ and having _no specification of the dependencies_.

The fix is to be more explicit about which definitions are analyzable.
To avoid too much repetition I'm still calling out to `analyzableExpr`
in the new code.
 2020-08-14 14:15:58 +02:00
Rasmus Lerchedahl Petersen
4211f7f346 Merge branch 'master' of github.com:github/codeql into MagicMethods 2020-08-14 13:26:27 +02:00
Rasmus Lerchedahl Petersen
360ddc6314 Python: better charPred 2020-08-14 13:25:17 +02:00
Shati Patel
b212af08a6 Docs: Rename default branch 2020-08-14 12:03:00 +01:00
Shati Patel
1d4978aa6e Merge pull request #4046 from jf205/link-quotes-learn-ql 
Learning CodeQL docs: update links to match GitHub docs style
 2020-08-14 11:57:09 +01:00
Taus
8cbd4974ae Merge pull request #3981 from yoff/SharedDataflow_Classes 
Python: Dataflow, test magic methods
 2020-08-14 12:45:55 +02:00
Jonas Jensen
e01e702f46 Merge pull request #4060 from bgianfo/patch-1 
C++: Detect GoogleTest tests cases in FNumberOfTests.ql
 2020-08-14 12:42:12 +02:00
Jonas Jensen
f7273b8665 C++: Add custom modeling to extensibility.ql 2020-08-14 12:27:30 +02:00
Jonas Jensen
ee3312503e C++: Add test for extensible range analysis 
This commit demonstrates that the range is too wide before custom
modeling has been added to the test.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
bf7732ec9d C++: Silence QL compiler errors 2020-08-14 12:27:30 +02:00
Jonas Jensen
1deb1e6429 C++: Add SimpleRangeAnalysisExpr.dependsOnChild 2020-08-14 12:27:30 +02:00
Jonas Jensen
1b5b374a8e C++: Move getFullyConverted{Upper,Lower}Bounds 
Rather than being public, these internal predicates are now exposed
through a `SimpleRangeAnalysisInternal` module so it's clear that they
are not for general use.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
18ba562c25 C++: Fix: remember to bind e 2020-08-14 12:27:30 +02:00
Jonas Jensen
1c0e83a374 C++: Autoformat fixup 2020-08-14 12:27:30 +02:00
Jonas Jensen
aa78c6e750 C++: Move to experimental 
And rename to `SimpleRangeAnalysisExpr` to clarify which of our range
analysis libraries this belongs to.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
cdddf5fd40 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-extensible-base 2020-08-14 12:26:59 +02:00
Rasmus Lerchedahl Petersen
9556937840 Python: address review comments 2020-08-14 11:29:58 +02:00
Rasmus Lerchedahl Petersen
5ed3107045 Python: Start scaffold for magic methods 2020-08-14 11:12:23 +02:00
Tom Hvitved
e518cbabd6 Python: Sync data flow files 2020-08-14 11:04:45 +02:00
Tom Hvitved
9ebf8d1d58 Data flow: Sync files 2020-08-14 11:04:45 +02:00
Tom Hvitved
2d29fa1d15 Data flow: Use precise call contexts in flowFwd() 2020-08-14 11:04:45 +02:00
yoff
8d49ad7325 Update python/ql/test/experimental/dataflow/coverage/datamodel.py 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-14 10:53:37 +02:00
yoff
4b336e9b01 Update python/ql/test/experimental/dataflow/coverage/classes.py 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-14 10:53:10 +02:00
CodeQL CI
82f9826966 Merge pull request #4044 from aschackmull/java/xsssink-printwriter-format 
Approved by aibaars
 2020-08-14 08:34:48 +01:00
Anders Schack-Mulligen
4947e1d817 Java: Temporarily move a qltest. 2020-08-14 09:25:32 +02:00
Robert Marsh
ed06604b46 Merge pull request #4045 from geoffw0/plus 
C++: Model more of std::string in models.
 2020-08-13 16:59:47 -04:00
Robert Marsh
4a07bd5a15 Merge pull request #4032 from jbj/asExpr-docs 
C++: Clarify the docs on DataFlow::Node::asExpr
 2020-08-13 16:54:09 -04:00
Brian Gianforcaro
a6bcbe7974 C++: Detect GoogleTest tests cases in FNumberOfTests.ql 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-08-13 12:06:00 -07:00
Geoffrey White
498b350add Merge remote-tracking branch 'upstream/master' into plus 2020-08-13 18:21:28 +01:00
Geoffrey White
a839f1fae5 C++: Split off stringstream.cpp. 2020-08-13 18:17:24 +01:00
Geoffrey White
49d2f66ddb C++: Tidy up sources and sinks. 2020-08-13 18:08:58 +01:00
Geoffrey White
f343eb9143 C++: Split stl.cpp into string.cpp and vector.cpp. 2020-08-13 18:04:46 +01:00
Geoffrey White
5d7f771933 C++: Split off stl.h from stl.cpp. 2020-08-13 18:04:45 +01:00
Robert Marsh
de87f8fc42 Merge pull request #4057 from geoffw0/sal 
C++: SAL.qll QLDoc and cleanup
 2020-08-13 12:33:52 -04:00
Geoffrey White
93f95b1c22 Merge pull request #4053 from jbj/SimpleRangeAnalysis-mul 
C++: SimpleRangeAnalysis: unsigned multiplication
 2020-08-13 16:59:31 +01:00
Geoffrey White
3d60756d40 C++: Downgrade the query precision. 2020-08-13 15:45:57 +01:00