hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,679 Branches 158 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
881b3c8e33 C#: Fix IR consistency errors 
We were creating a `TranslatedFunction` even for functions that were not from source code, but then telling the IR package that those functions didn't have IR. This resulted in having prologue/epilogue instructions (e.g. `EnterFunction`, `ExitFunction`) with no enclosing `IRFunction`.
 2020-06-15 11:33:00 -04:00
Owen Mansel-Chan
f9db197e17 Merge pull request #3683 from owen-mc/improve-ast-class-reference-for-java 
Improve ast class reference for java
 2020-06-15 16:25:25 +01:00
Erik Krogh Kristensen
23223fc5fb change-note 2020-06-15 17:22:11 +02:00
Erik Krogh Kristensen
3ef5dc74a1 add backtracking to find division that end up being rounded 2020-06-15 17:10:10 +02:00
Erik Krogh Kristensen
e8db624e74 add .jar and .war to the list of sensitive files for js/insecure-download 2020-06-15 16:48:07 +02:00
Dave Bartolomeo
fecffab8e7 C++: Fix consistency error 
`TTranslatedAllocationSideEffects` wasn't limiting itself to functions that actually have IR, so it was getting used even in template definitions.
 2020-06-15 10:47:00 -04:00
Dave Bartolomeo
8cbc7e8654 C++/C#: Improve consistency failure result messages 
Some of our IR consistency failure query predicates already produced results in the schema as an `@kind problem` query, including `$@` replacements for the enclosing `IRFunction` to make it easier to figure out which function to dump when debugging. This change moves the rest of the query predicates in `IRConsistency.qll` to do the same. In addition, it wraps each call to `getEnclosingIRFunction()` to return an `OptionalIRFunction`, which can be either a real `IRFunction` or a placeholder in case `getEnclosingIRFunction()` returned no results. This exposes a couple new consistency failures in `syntax-zoo`, which will be fixed in a subsequent commit.

This change also deals with consistency failures when the enclosing `IRFunction` has more than one `Function` or `Location`. For multiple `Function`s, we concatenate the function names. For multiple `Location`s, we pick the first one in lexicographical order. This changes the number of results produced in the existing tests, but does't change the actual number of problems.
 2020-06-15 10:46:46 -04:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Aditya Sharad
1033d22d1b C++: Fix QLDoc on FormattingFunction library 
Copy-paste typo from `DataFlowFunction`.
 2020-06-15 07:32:53 -07:00
Shati Patel
3520f2c737 Merge pull request #3714 from shati-patel/name-res-114 
QL handbook: Update process for module resolution
 2020-06-15 15:29:56 +01:00
Rasmus Lerchedahl Petersen
f8eb5839cd Python: start on local flow 2020-06-15 16:25:41 +02:00
Shati Patel
947ccb06c7 Update docs/language/ql-handbook/name-resolution.rst 
Co-authored-by: Henning Makholm <hmakholm@github.com>
 2020-06-15 15:15:44 +01:00
Shati Patel
e69c946f31 Mention libraryPathDependencies 2020-06-15 14:56:57 +01:00
Erik Krogh Kristensen
d2716c532c qhelp 2020-06-15 14:59:48 +02:00
Asger Feldthaus
17010e25a1 JS: Update another test 2020-06-15 13:55:46 +01:00
Erik Krogh Kristensen
dc09a68eb4 add change-note 2020-06-15 14:30:34 +02:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Erik Krogh Kristensen
8682918779 add change note 2020-06-15 13:47:43 +02:00
Erik Krogh Kristensen
fe9aa241a1 add qhelp 2020-06-15 13:47:39 +02:00
Erik Krogh Kristensen
4d1920eec1 add .js and .py files to js/insecure-download 2020-06-15 12:48:50 +02:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
Asger Feldthaus
c4179eb81d JS: Update test 2020-06-15 11:13:20 +01:00
Rasmus Wriedt Larsen
c0043eb9db Python: Don't treat re.escape(...) as a regex 
Fixes https://github.com/github/codeql/issues/3712
 2020-06-15 11:54:14 +02:00
Rasmus Lerchedahl Petersen
6dfb3a5df8 Python: Address QL docs 2020-06-15 11:50:07 +02:00
Rasmus Wriedt Larsen
7601bd497e Python: Add tests for re.escape FP 2020-06-15 11:34:42 +02:00
semmle-qlci
b6b838774e Merge pull request #3704 from asger-semmle/js/cve-serve 
Approved by esbena
 2020-06-15 09:54:17 +01:00
Asger Feldthaus
c7f74e47e2 JS: Autoformat 2020-06-15 09:51:42 +01:00
Calum Grant
0d1fb0f248 Merge pull request #3509 from hvitved/csharp/html-raw 
C#: Recognize more calls to `IHtmlHelper.Raw`
 2020-06-15 09:31:58 +01:00
Shati Patel
3dd529035d QL reference: Update process for name resolution 2020-06-15 08:45:30 +01:00
Mathias Vorreiter Pedersen
6748f3887e C++: Add test demonstrating differences between AST and IR field flow. Also refactored the partial definitions test 2020-06-15 09:39:15 +02:00
Rasmus Lerchedahl Petersen
1af2e56894 Summary of recent meeting. 
Perhaps a not-python-specific version of this
could go into the shared implementation.
 2020-06-15 08:01:02 +02:00
Dave Bartolomeo
89a1fd4b4a C++/C#: Fix formatting 2020-06-13 08:22:04 -04:00
Dave Bartolomeo
eac3b06c57 C#: Fix up C# IR construction to latest interface 2020-06-12 17:40:27 -04:00
Dave Bartolomeo
73d2e09a8d C++:/C# Remove opcode from TRawInstruction 2020-06-12 17:36:01 -04:00
Dave Bartolomeo
978275cbd4 C++/C#: Move irFunc out of various TInstruction branches 2020-06-12 17:26:45 -04:00
Dave Bartolomeo
07c1520b4d C++/C#: Move ast out of TRawInstruction 2020-06-12 17:03:02 -04:00
Dave Bartolomeo
2aabe431f6 C++/C#: Stop caching getOldInstruction() 2020-06-12 16:22:58 -04:00
Dave Bartolomeo
ac169931b3 C++/C#: More efficient evaluation of SSA::hasInstruction() 2020-06-12 16:09:50 -04:00
Asger Feldthaus
315f3389d1 JS: Autoformat test 2020-06-12 19:58:05 +01:00
Asger F
d844e0025a Merge pull request #3651 from esbena/js/bad-multicharacter-sanitization 
JS: initial version of IncompleteMultiCharacterSanitization.ql
 2020-06-12 16:25:22 +01:00
Asger Feldthaus
b9cd157c0f JS: Autoformat 2020-06-12 15:36:02 +01:00
Dave Bartolomeo
4331b9b54e C++: Simplify logic to an implication 2020-06-12 09:31:19 -04:00
Esben Sparre Andreasen
678bb7c128 JS: simplify loop detection 2020-06-12 14:56:08 +02:00
Asger Feldthaus
eaf6be5fea JS: Fix lazy qldoc 2020-06-12 13:29:35 +01:00
Asger Feldthaus
91d98c0d00 JS: Change note 2020-06-12 13:12:55 +01:00
Asger Feldthaus
5548606f21 JS: Add test 2020-06-12 13:02:33 +01:00
Erik Krogh Kristensen
01c51eea89 Merge pull request #3680 from erik-krogh/bad-code-sanitizer 
JS: Add query to detect bad code sanitizers
 2020-06-12 14:00:21 +02:00
Asger Feldthaus
4795b87daa JS: Add model of Micro 2020-06-12 12:45:11 +01:00
Asger Feldthaus
230f78afb6 JS: Step through path.{format, parse} 2020-06-12 12:26:45 +01:00
semmle-qlci
2342d3dba3 Merge pull request #3662 from asger-semmle/js/package-export-fixes 
Approved by esbena
 2020-06-12 12:18:23 +01:00