hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,350 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.5
Commit Graph

20350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
fe186bf854 Python: Add test 2020-11-06 13:30:11 +01:00
Alvaro Muñoz
9db340c9ca add some improvements to the bean validation query 2020-11-06 13:08:45 +01:00
Asger Feldthaus
acb30e73bc JS: More precise handling of default import fallback 2020-11-06 12:04:41 +00:00
Rasmus Lerchedahl Petersen
64b9e9150e Python: only show results in extracted files 2020-11-06 12:01:16 +01:00
Erik Krogh Kristensen
16473fc2a4 matching a inverted char class with a char 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
804aaf36f0 support inverted char class and dot 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
64d680e2d3 support that an inverted char class can intersect with itself 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
321cf09bd8 add redos support for the simplest possible inverted char class 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
d04f3df1cd remove rendundant check 2020-11-06 10:18:57 +01:00
Asger Feldthaus
1e45bc75c4 JS: Add change note in new format 2020-11-06 09:14:03 +00:00
Asger Feldthaus
24714c41be JS: Update test output after rebase 2020-11-06 09:14:03 +00:00
Asger Feldthaus
9e25bbc4ed JS: Add support for moment-timezone as well 2020-11-06 09:13:52 +00:00
Asger Feldthaus
7bf21d80b2 JS: Shift line numbers in test file 2020-11-06 09:13:52 +00:00
Asger Feldthaus
9418c6c8fe JS: Add support for dateformat package 2020-11-06 09:13:52 +00:00
CodeQL CI
9f2eb84f2b Merge pull request #4624 from erik-krogh/concatFix 
Approved by asgerf
 2020-11-06 09:11:41 +00:00
Asger Feldthaus
39c8226fba JS: Autoformat 2020-11-06 09:06:20 +00:00
Asger Feldthaus
790526b529 JS: Some fixes and address review comments 2020-11-06 09:06:20 +00:00
Asger Feldthaus
8a3fba05e9 JS: Add steps through date-formatting functions 2020-11-06 09:06:18 +00:00
Anders Schack-Mulligen
cb77e460ae Merge pull request #4600 from porcupineyhairs/urirefactor 
Java : Refactor all instances of `java.net.URI` into TypeUri
 2020-11-06 09:35:09 +01:00
Asger Feldthaus
d07e69e529 JS: Improve handling of destructuring export declaration 2020-11-05 23:51:44 +00:00
CodeQL CI
a908e5938e Merge pull request #4574 from erik-krogh/jsdom 
Approved by asgerf
 2020-11-05 22:13:39 +00:00
Erik Krogh Kristensen
9137759d7c calculate the size of the concatenation before doing the actual concatenation in Expr.qll 2020-11-05 22:55:52 +01:00
Tom Hvitved
a3894be1c5 Merge pull request #4607 from hvitved/csharp/msbuild-mono-no-shared-compilation 
C#: Disable shared compilation when building with Mono+MSBuild
 2020-11-05 19:56:25 +01:00
Geoffrey White
c9f846e0d2 C++: Give Iterator a proper interface. 2020-11-05 16:43:50 +00:00
Geoffrey White
b5326b3937 C++: Give OperatorNewAllocationFunction, OperatorDeleteAllocationFunction proper interfaces. 2020-11-05 16:43:49 +00:00
Geoffrey White
7f54379a0c C++: Make more function models private (except a few that are used outside the library). 2020-11-05 16:43:42 +00:00
Taus Brock-Nannestad
7c58b28e36 Python: Write DataFlow::update more succinctly 
This has no impact on performance, but it cleans up the code a bit,
and (hopefully) makes it more readable.
 2020-11-05 16:47:41 +01:00
Taus Brock-Nannestad
bae4acabb1 Python: Fix bad join in StrConst::isUnicode 
Also fixes a bug ("`B`" was not recognised as a bytestring prefix).

The basic idea behind this fix is that the set of possible prefixes is
fairly small, so it's easier just to precompute them, and then join
them with the entire prefix of the string in question (rather than
look at each string in isolation, get its prefix, and _then_ check
whether it looks like it's a unicode string prefix, which essentially
is what the code did before).
 2020-11-05 16:45:27 +01:00
Taus Brock-Nannestad
1251bc57f5 Python: Fix bad join in TObject::literal_instantiation 
Here, `context.appliesTo(n)` was being distributed across all of the
disjuncts, which caused poor performance.

The new helper predicate, `literal_node_class` should be fairly small,
since it only applies to a subset of `ControlFlowNode`s, and only
assigns a limited set of `ClassObjectInternal`s to these nodes.
 2020-11-05 16:40:29 +01:00
Taus Brock-Nannestad
35a63e2411 Python: Fix bad join in regex::used_as_regex 
Since the number of relevant attributes in the `re` module is fairly
small, it made sense to factor this out in a separate predicate, and
the join order also became more sensible.
 2020-11-05 16:33:59 +01:00
Taus Brock-Nannestad
035e747ad5 Python: Fix slow use of regexCapture in Builtin::strValue 
This is only _really_ expensive when there are a _lot_ of strings in
the database, but for this case, where we're always extracting the
same substring of the string, it's easier -- and faster -- to just
make a substring operation directly.
 2020-11-05 16:33:33 +01:00
Taus Brock-Nannestad
83ba8c9bf5 Python: Add LocalSourceNode and flowsTo 
This fixes the major performance problem with type tracking on
some (pathological) databases.

The interface could probably be improved a bit. In particular, I'm
thinking that we might want to have `DataFlow::exprNode` return a
`LocalSourceNode` so that a cast isn't necessary in order to use
`flowsTo`.

I have added two `cached` annotations. The one on `flowsTo` is
crucial, as performance regresses without it. The one on
`simpleLocalFlowStep` may not be needed, but Java has a similar
annotation, and to me it makes sense to have this relation cached.
 2020-11-05 16:26:03 +01:00
Erik Krogh Kristensen
e124ba66b4 moving jsdom sink to js/xss 2020-11-05 16:10:33 +01:00
james
f85f99c6c2 update ql-language-reference links 2020-11-05 14:54:14 +00:00
james
e5fff6445a rename ql-handbook -> ql-language-reference 2020-11-05 14:43:39 +00:00
james
d749b839fa ql lang spec: update links 2020-11-05 14:40:45 +00:00
james
21cdf896bb first pass through files and links 2020-11-05 14:36:35 +00:00
Tom Hvitved
10ab3304c1 Merge pull request #4575 from hvitved/csharp/cfg/post-dominance 
C#: Restrict post-dominance to normal execution
 2020-11-05 15:31:13 +01:00
Anders Schack-Mulligen
45d117b68e Merge pull request #4603 from pwntester/new_deser_sink 
New UnsafeDeserialization sink and improvements to SnakeYaml sink
 2020-11-05 13:09:15 +01:00
Rasmus Lerchedahl Petersen
6cecd3ba83 Python: Move and rename query 2020-11-05 11:49:39 +01:00
Alvaro Muñoz
f103955f38 change qldoc formating according to LSP suggestion 2020-11-05 11:48:26 +01:00
james
6ed290f2bd rename rst files 2020-11-05 09:43:40 +00:00
CodeQL CI
89a808cafe Merge pull request #4552 from erik-krogh/tsImport 
Approved by asgerf
 2020-11-05 09:23:58 +00:00
CodeQL CI
b55f18bffd Merge pull request #4549 from erik-krogh/pruneReturn 
Approved by asgerf
 2020-11-05 09:13:21 +00:00
CodeQL CI
c85f817cee Merge pull request #4579 from erik-krogh/redos 
Approved by asgerf
 2020-11-05 08:38:44 +00:00
Robert Marsh
2f204869e7 Merge pull request #4604 from criemen/ir-block-sort-order 
C++, C# IR: Stabilize sort order for basic blocks.
 2020-11-04 18:22:23 -05:00
Erik Krogh Kristensen
342b6a4f2d Update javascript/ql/src/semmle/javascript/security/performance/SuperlinearBackTracking.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-11-04 22:37:56 +01:00
Tom Hvitved
1ba9e29a40 C#: Precise data flow for EntityFramework(Core) 2020-11-04 19:48:03 +01:00
Alvaro Muñoz
302062b670 Merge branch 'new_deser_sink' of https://github.com/pwntester/ql into new_deser_sink 2020-11-04 18:58:57 +01:00
Alvaro Muñoz
6fef63306e add qldoc 2020-11-04 18:58:41 +01:00