hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,684 Branches 159 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
95f53639b1 C++: Fixes to avoid confusing autoformat 
These issues were found by Geoffrey in PR review.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
b14b65ecf0 C++: Don't use deprecated predicates in test 
This made the `expected` file contain QL line numbers.
 2019-09-09 11:04:04 +02:00
Jonas Jensen
ea3d066661 C++: Add D.cpp, ported from D.java 
The original port of the Java field-flow tests did not include this
file. It's added here for completeness, and the results are the same as
for Java.
 2019-09-09 10:45:06 +02:00
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Jonas Jensen
745e321e3b Merge pull request #1901 from jf205/cpp-links 
docs: fix broken `Expr` links
 2019-09-09 10:38:02 +02:00
Jonas Jensen
10b69358ae C++: Fix flow from this by ref. 2019-09-09 10:36:58 +02:00
Jonas Jensen
08b63d4342 C++: Test to show lack of flow from this by ref. 
The `test_nonMemberSetA` also shows how the lack of flow through `&` is
a problem for non-member getters, but that's addressed on a separate
branch.
 2019-09-09 10:36:11 +02:00
Jonas Jensen
ef96288303 C++: Make PartialDefinitionNode private 
This class is undocumented and exposes implementation details through
its `getPartialDefinition` member. It does not need to be public.
 2019-09-09 10:34:51 +02:00
Esben Sparre Andreasen
2a22471975 JS: address review comments 2019-09-09 10:31:40 +02:00
Tom Hvitved
ef4f954b58 Merge pull request #1797 from jbj/dataflow-TTwo 
C++/C#/Java: data flow AccessPath up to length 2
 2019-09-09 10:28:48 +02:00
james
9437c2d007 docs: fix broken Expr links 2019-09-09 09:25:19 +01:00
Esben Sparre Andreasen
ec58ccc0ec JS: fixup dbscheme in upgrade directory 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
5d6997c1c9 JS: additional extraction metrics cleanup 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
03d38ca54b JS: simplify cache interaction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
6dbe827dd3 JS: add QL classes for the extraction metrics 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
5665cf9328 JS: record metrics during extraction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
7fcde4c130 JS: add extraction metrics to the dbscheme 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
27e36cfe05 JS: apply google-java-format to extractor source code 2019-09-09 09:05:12 +02:00
Jonas Jensen
d51e5212fb Merge remote-tracking branch 'upstream/master' into dataflow-TTwo 
Conflicts:
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/test/library-tests/dataflow/fields/flow.expected
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
 2019-09-08 21:08:43 +02:00
Rebecca Valentine
9eebe00b33 Merge pull request #1869 from taus-semmle/python-fix-typehint-divergence 
Python: Prevent divergence in type-hint analysis. (ODASA-8075)
 2019-09-06 14:33:20 -07:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
AndreiDiaconu1
320cd6b96c More PR fixes 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
765414430d More PR fixes 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
9ecbb4a3f3 More fixes for the PR comments 2019-09-06 18:10:54 +01:00
AndreiDiaconu1
fe3645f26d Fix some PR comments 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
db213bbf80 Fixed sanity checks 
The foreach was erroneously labelling the `True` and `False` edges as backedges.
Added a case for the compiler generated while in the predicate `getInstructionBackEdgeSuccessor/2`
from the file `IRConstruction.qll` so that only the edges from inside the body are labeled as back edges.
 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
46d7b9e3bf Lock stmt 
Added support for the lock stmt
Added a test case and updated the expected output
 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
4dd548bfa2 Foreach stmt 
Addded support for the foreach stmt (for now only the "canonical" desugaring).
Added a test and updated the expected output.
 2019-09-06 18:09:15 +01:00
AndreiDiaconu1
a5ec763035 Delegate creation and call 
Added support for delegate creation and call.
Added a test case and updated the expected output.
 2019-09-06 18:08:03 +01:00
AndreiDiaconu1
331707f3a3 Framework for the translation of compiler elements 
Added a framework for the translation of compiler generated elements, so that the process of adding a new desugaring process is almost mechanical.
The files in `internal` serve as the superclasses for all the compiler generated elements.
The file `Common.qll` captures common patterns for the compiler generated code to improve code sharing (by pattern I mean an element that appears in multiple desugarings). For example the `try...finally` pattern appears in the desugaring process of both the `lock` and the `foreach` stmts, so a class the provides a blueprint for this pattern is exposed. Several other patterns are present.
The expected output has also been updated (after a rebase) and it should be ignored.
 2019-09-06 18:08:03 +01:00
AndreiDiaconu1
80b7512fe2 Initial restructure 
The `raw/internal` folder has been restructured to better enhance code sharing between compiler generated elements and AST generated elements.
The translated calls classes have been refactored to better fit the C# library.
A new folder has been added, `common` that provides blueprints for the classes that deal with translations of calls, declarations, exprs and conditions.
Several `TranslatedX.qll` files have been modified so that they use those blueprint classes.
 2019-09-06 18:08:03 +01:00
Ian Lynagh
4190a53574 C++: Update test output 2019-09-06 17:31:08 +01:00
Ian Lynagh
a32214d41e C++: Resolve all classes 
We used to only resolve top-level classes.
 2019-09-06 17:31:08 +01:00
Felicity Chapman
4952ad5cff Merge pull request #1896 from shati-semmle/vale-typo 
Vale linter: fix typo
 2019-09-06 16:56:22 +01:00
shati-semmle
4d98b4c3a1 Vale linter: fix typo 2019-09-06 16:47:20 +01:00
Calum Grant
3734552081 C#: Add change note for datetime queries. 2019-09-06 16:45:02 +01:00
Calum Grant
f9b99ae245 C#: Adjust date query severity and add precisions. Tidy up tags. 2019-09-06 16:44:29 +01:00
Nick Rolfe
09036a3bdf Merge pull request #1760 from ian-semmle/mangling 
C++: Use mangled names to resolve classes
 2019-09-06 16:38:47 +01:00
Asger F
dfd18a51ee JS: Change note 2019-09-06 16:03:16 +01:00
shati-semmle
486707c90e Merge pull request #1891 from jf205/slide-fixes 
docs: improve slide layout for printing
 2019-09-06 15:52:32 +01:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Asger F
ebd7875cae JS: Add regression test 2019-09-06 15:38:55 +01:00
yh-semmle
79a0a56adf Merge pull request #1890 from aschackmull/java/best-bound-rangeanalysis 
Java: Restrict the output of Range Analysis to the best bounds.
 2019-09-06 10:35:11 -04:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Asger F
f7654d6f1c JS: Add test 2019-09-06 14:42:07 +01:00
james
f78ce146f1 docs: improve slide layout for printing 2019-09-06 14:42:06 +01:00
Anders Schack-Mulligen
6b85fe087a Java: Restrict the output of Range Analysis to the best bounds. 2019-09-06 15:39:46 +02:00
AlexTereshenkov
523d055194 Add a new issue template for false positive in LGTM.com 
Add a new issue template for false positive in LGTM.com
 2019-09-06 14:39:06 +01:00
Calum Grant
d2336dc8cf Merge pull request #1882 from aschackmull/lang/autoformat 
Java/C#/JavaScript: Autoformat
 2019-09-06 14:37:40 +01:00
Asger F
fa95871f46 JS: Add event handler sink to code injection 2019-09-06 14:33:00 +01:00