hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,357 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.6
Commit Graph

20357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
e1ca762bbc Fix layout. 2021-02-08 20:24:15 +00:00
Geoffrey White
65ea1a4631 Add hints / links about tests and documentation to CONTRIBUTING.md. 2021-02-08 20:04:10 +00:00
Geoffrey White
690b525192 Add a link to the C/C++ CodeQL Tests README.md from the Supported CodeQL queries and libraries doc. 2021-02-08 20:04:10 +00:00
Geoffrey White
74178a5e86 Call out the copied code issue for qhelp files again (more generally) in the Supported CodeQL queries and libraries doc. 2021-02-08 20:04:09 +00:00
Geoffrey White
cb16c64540 Call out the issue of copied code for C/C++ example code in the C/C++ CodeQL Tests README.md (where we talk about it for tests). 2021-02-08 19:58:36 +00:00
Alexander Eyers-Taylor
7583904046 Update the language specification to allow empty var_decls 
This is a degenerate form that is accepted in the compiler even if they don't make much sense. 

Fixes #5060
 2021-02-08 18:54:13 +00:00
Taus Brock-Nannestad
c59b5c98cb Python: Replace use of AttrNode with getMember 2021-02-08 19:14:11 +01:00
Taus Brock-Nannestad
72a699e099 Python: Add CallCfgNode class and rewrite using that class 
I prefer this name to `CfgCallNode` as the latter will make
autocomplete more difficult.
 2021-02-08 16:55:18 +01:00
Asger Feldthaus
b278233a94 JS: Mention all versions of Angular are supported 2021-02-08 15:45:46 +00:00
Taus Brock-Nannestad
46eb3fd10a Python: Even more API::Node pushing. 2021-02-08 14:22:42 +01:00
Taus
c0c2aa69b3 Merge branch 'main' into python-port-flask-to-api-graphs 2021-02-08 14:17:25 +01:00
Taus Brock-Nannestad
2c4a477a4e Python: Support moduleImport("dotted.name") in API graphs 2021-02-08 14:08:34 +01:00
Taus
738d1bc3d4 Python: More use of API::Node 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-08 14:08:16 +01:00
Tamas Vajk
bd50ed975f Fix doc comment 2021-02-08 11:18:37 +01:00
CodeQL CI
8a2e063af7 Merge pull request #5107 from asgerf/js/json-in-script-tag 
Approved by erik-krogh
codeql-cli/v2.4.4 		2021-02-08 09:52:53 +00:00
Erik Krogh Kristensen
504db8739d fix typo in execa change-note file name 2021-02-08 10:00:26 +01:00
Erik Krogh Kristensen
8ca75e41d2 add change note 2021-02-08 09:59:45 +01:00
intrigus
2e30f2d9ce Java: Fix QHelp & accept test output 
Accept test output for changed alert message.
 2021-02-08 00:05:02 +01:00
Tamas Vajk
ef55ca179b Improve file read exception logging 2021-02-07 09:06:11 +01:00
Tamas Vajk
6d908876e0 Add new .stats file 2021-02-07 09:06:11 +01:00
Tamas Vajk
96248f8845 Add DB upgrade folder 2021-02-07 09:06:11 +01:00
Tamas Vajk
63b0fe10e4 Rework foreach_stmt_info extraction 2021-02-07 09:06:11 +01:00
Tamas Vajk
7c506f445c C#: Extract underlying methods of foreach statements 2021-02-07 09:06:11 +01:00
Jonas Jensen
7859c5234a Merge pull request #5085 from geoffw0/msprintf2 
C++: Fix FormattingFunction regression.
 2021-02-06 16:06:35 +01:00
yoff
f1a0ec2dec Merge pull request #4981 from RasmusWL/port-url-redirect-query 
Python: Port url redirect query
 2021-02-06 00:39:10 +01:00
yoff
ddd362bc16 Update python/ql/src/semmle/python/frameworks/Django.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2021-02-05 23:31:20 +01:00
Raul Garcia (MSFT)
d775528069 Fixes on multiple files. 2021-02-05 14:09:26 -08:00
Asger Feldthaus
0ceb8aa638 JS: Bump extractor version 2021-02-05 21:55:43 +00:00
Asger Feldthaus
236b7c5887 JS: Tolerate JSON in script tags 2021-02-05 21:54:50 +00:00
Taus
d3a79ecff1 Update python/ql/src/semmle/python/frameworks/Flask.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-05 22:54:27 +01:00
Jonathan Leitschuh
f00b0baaea Update java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-05 16:31:37 -05:00
Taus Brock-Nannestad
3d2548ed28 Python: Get rid of remaining type trackers in Flask model 
At this point, we may want to reconsider whether we really want the
deeply-nested module structure we had before (and which made the type
trackers somewhat bearable).

There's also a question of how we can make this a bit more
smooth. I think we need to consider exactly how we would like the
interface to this to work.
 2021-02-05 21:58:08 +01:00
Taus Brock-Nannestad
5bfde2c0f2 Python: Fix overly broad class attribute node class 
This is not strictly necessary, but it was bothering me that this
simply covered _all_ nodes that were both definitions and names at the
same time. Now it actually encompasses what the documentation claims
it does.
 2021-02-05 21:56:57 +01:00
Taus Brock-Nannestad
7f3c6acd08 Python: Handle class attribute references in API graph 
This is slightly dubious, and should really be in the currently
unimplemented "def" counterpart to the "use" bits we already have.

However, it seems to work correctly, and in the spirit of moving
things along, this seemed like the easier solution. We can always
replace the implementation with the "proper" approach at a later point.
 2021-02-05 21:54:35 +01:00
Alexander Eyers-Taylor
9af99f195e Merge pull request #5095 from alexet/imporve-js-perf 
Javascript: Improve performance of ExplicitInvokeNode::getArgument
 2021-02-05 18:49:03 +00:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
Raul Garcia (MSFT)
d48a713f30 Fixing cutom edges predicate 2021-02-05 09:27:08 -08:00
Raul Garcia (MSFT)
681e6a9303 Adding Solorigate context for the generic backdoor queries. 2021-02-05 09:02:59 -08:00
Taus Brock-Nannestad
ef600575ca Python: Add API graph support for subclasses 2021-02-05 16:52:58 +01:00
Taus Brock-Nannestad
b39cbf82c6 Python: Port Flask models to use API graphs 
Most of the type trackers in this model were easily replaceable with
uses of the API graph, but the ones for tracking subclasses are
problematic, as these take us out of the API graph.
 2021-02-05 14:41:42 +01:00
yoff
7fef1a8817 Merge pull request #5069 from tausbn/python-api-graphs 
Python: Add support for API graphs
 2021-02-05 13:17:09 +01:00
Shati Patel
6a46be2379 Install sphinx extension for building markdown tables 2021-02-05 12:07:06 +00:00
Shati Patel
5f17fa8366 Docs: Add outline for CWE coverage page 2021-02-05 12:06:57 +00:00
Taus Brock-Nannestad
78cb53449d Python: Slight cleanup of Cached::call 
Makes it more similar to the other functions in this module.
 2021-02-05 12:47:26 +01:00
Taus
6c8dfb253d Python: Use flowsTo instead of hasLocalSource 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-05 12:42:41 +01:00
Tamás Vajk
d7505e41db Merge pull request #5091 from tamasvajk/feature/cleanup-nullable 
C#: Fix nullable warnings and some code quality issues
 2021-02-05 12:07:42 +01:00
Jonas Jensen
6e5d56cbcb Merge pull request #5097 from geoffw0/qldoceg11 
C++: QLDoc Improvements
 2021-02-05 12:00:35 +01:00
Shati Patel
474ddc9bc8 Merge pull request #5090 from RasmusWL/docs-fix-direct-query-link 
Docs: Use /blob/ instead of /tree/ for direct query link
 2021-02-05 10:50:40 +00:00
Jonas Jensen
c945ece80d Merge pull request #5100 from MathiasVP/fix-changenote-unsigned-difference-expression-compared-zero 
C++: Add query author and link to original PR in change-note
 2021-02-05 11:21:48 +01:00
Geoffrey White
55b0dbd7b8 C++: Autoformat. 2021-02-05 10:02:31 +00:00