hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 21:20:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,679 Branches 158 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Marsh
5dd8c9cd4e C++: revert InlineAsm subclassing SideEffectOpcode 2019-05-31 13:28:26 -07:00
Robert Marsh
2770b2a9b9 C++: respond to PR comments 2019-05-31 13:19:40 -07:00
Robert Marsh
98d6f5919f C++: Treat asmStmt operands as input/output in IR 2019-05-31 12:51:44 -07:00
Robert Marsh
66d1efdb97 C++: respond to PR comments 2019-05-31 12:42:04 -07:00
Dave Bartolomeo
0bfc559cb1 Apply suggestions from code review 
Co-Authored-By: rdmarsh2 <rdmarsh2@gmail.com>
 2019-05-31 12:29:23 -07:00
Robert Marsh
23560436a7 C++: add minimal AsmStmt support to IR 2019-05-31 12:29:19 -07:00
semmle-qlci
3851261230 Merge pull request #1378 from jbj/hasQualifiedName-inline-namespace 
Approved by dave-bartolomeo
 2019-05-31 19:39:42 +01:00
semmle-qlci
c0440cf7f5 Merge pull request #1386 from asger-semmle/prototype-change-note 
Approved by xiemaisi
 2019-05-31 19:30:30 +01:00
semmle-qlci
d741e0b20c Merge pull request #1382 from jbj/redundant-null-check-gvn 
Approved by dave-bartolomeo
 2019-05-31 16:28:01 +01:00
Mark Shannon
66ba1079f3 Python points-to: Cache objects. 2019-05-31 16:26:43 +01:00
Mark Shannon
f6cc0be4a4 Python points-to. Move extension to prevent points-to being recomputed. 2019-05-31 16:26:43 +01:00
Mark Shannon
f311c2013e Python points-to: Cache a few key predicates. 2019-05-31 16:26:43 +01:00
Mark Shannon
1de0dc9282 Python taint-tracking: Fix performance of pathalogically slow predicate. 2019-05-31 16:26:43 +01:00
Mark Shannon
b182abd119 Python points-to: Fix up a number of overly slow predicates. 2019-05-31 16:26:43 +01:00
Mark Shannon
8e2d6c4fc6 Python points-to: Simplify logic w.r.t. comparisons. 2019-05-31 15:58:35 +01:00
Max Schaefer
c560096b17 JavaScript: Make Script and CodeInAttribute concrete. 2019-05-31 12:04:14 +01:00
Asger F
a4a9e951d5 JS: Add query ID to change note 2019-05-31 11:44:06 +01:00
Asger F
ffb3265b26 JS: Mention results are shown on LGTM 2019-05-31 11:35:35 +01:00
Asger F
5170fa2ded JS: Add change note for prototype pollution 2019-05-31 10:58:56 +01:00
semmle-qlci
653c8b8496 Merge pull request #1358 from AlexTereshenkov/master 
Approved by taus-semmle
 2019-05-31 10:16:44 +01:00
Max Schaefer
74688bb600 Merge pull request #1341 from esben-semmle/js/sync-suites 
JS: Add queries to the manual suite for LGTM constistency
 2019-05-31 08:18:08 +01:00
Jonas Jensen
fff6c386c9 Merge pull request #1381 from dave-bartolomeo/dave/CopyCtor 
C++: Make `constructor-used-as-copy-constructor` warning/low
 2019-05-31 09:15:37 +02:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
Calum Grant
5b8c6d4789 Merge pull request #1377 from hvitved/csharp/useless-upcast 
C#: Teach `cs/useless-upcast` about disambiguating constructor calls
 2019-05-31 06:51:39 +01:00
Robert Marsh
6167a556fd Merge pull request #1380 from dave-bartolomeo/dave/RangeFor 
C++: IR support for range-based `for` loops
 2019-05-30 17:21:42 -07:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Mark Shannon
6689994285 Python points-to: Minor refactoring for clarity. 2019-05-30 17:18:16 +01:00
Dave Bartolomeo
f4d41a15d7 C++: Add change not 2019-05-30 08:33:57 -07:00
Dave Bartolomeo
e90403be31 C++: Make constructor-used-as-copy-constructor warning/low 
This query is supposed to look for constructors that unintentionally qualify as copy constructors due to default arguments. There are quite a few real-world projects that define such constructors intentionally. I've reduced the severity to "warning" and the precision to "low" due to the high false positive rate.
 2019-05-30 08:33:26 -07:00
semmle-qlci
b17eb5cc9d Merge pull request #1384 from asger-semmle/typescript-3.5 
Approved by xiemaisi
 2019-05-30 15:53:27 +01:00
semmle-qlci
9614a1a039 Merge pull request #1385 from xiemaisi/js/lgtm-yml-change-notes 
Approved by mc-semmle
 2019-05-30 15:25:49 +01:00
Asger F
be5173680d Merge pull request #2 from xiemaisi/tainted-path-squashed 
JavaScript: Update expected test output.
 2019-05-30 15:16:19 +01:00
Max Schaefer
a3be6be17d JavaScript: Add change notes for newly added lgtm.yml properties. 2019-05-30 15:11:35 +01:00
Max Schaefer
3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00
Asger F
9b28a3adf0 Merge pull request #1 from xiemaisi/tainted-path-squashed 
JavaScript: Remove a few more configurations from AllConfigurations.qll.
 2019-05-30 13:26:42 +01:00
Max Schaefer
5ac408d641 JavaScript: Remove a few more configurations from AllConfigurations.qll. 
This works around BDD node exhaustion we get due to the complex type
hierarchy caused by importing many configurations at once. I've also
renamed the library accordingly.
 2019-05-30 13:13:16 +01:00
Asger F
320f484e7e TS: Rephrase change note 2019-05-30 12:48:05 +01:00
Asger F
d6010d7be7 TS: Update supported compiler version range 2019-05-30 12:45:26 +01:00
Asger F
72c0925967 TS: Bump to TypeScript 3.5.1 2019-05-30 11:40:25 +01:00
Geoffrey White
d672a6e13e Merge pull request #1376 from jbj/getName-direct 
C++: Use Definition.qll's getName
 2019-05-30 10:01:12 +01:00
Jonas Jensen
2b424bfb81 C++: Clarify getAQualifierForMembers 2019-05-30 10:06:35 +02:00
Jonas Jensen
4f304fcbf7 C++: Fix join order in RedundantNullCheckSimple 
The join order broke again after the last change.
 2019-05-30 09:43:56 +02:00
Jonas Jensen
a61aec9e63 C++: Fix ValueNumbering for CopyInstruction 
Querying for overlap type wasn't possible when this library was first
written. This change fixes FPs in `RedundantNullCheckSimple.ql` on
Wireshark and other real-world projects.
 2019-05-30 09:42:46 +02:00
Jonas Jensen
120df6054b C++: Demonstrate a FP due to GVN 2019-05-30 09:41:42 +02:00
Jonas Jensen
2e7daf2308 C++: Use GVN in RedundantNullCheckSimple 2019-05-30 09:41:42 +02:00
Dave Bartolomeo
aff85c5b24 C++: IR support for range-based for loops 
IR construction was missing support for C++ 11 range-based `for` loops. The extractor generates ASTs for the compiler-generated implementation already, so I had enough information to generate IR. I've expanded on some of the predicates in `RangeBasedForStmt` to access the desugared information.

One complication was that the `DeclStmt`s for the compiler-generated variables seem to have results for `getDeclaration()` but not for `getDeclarationEntry()`. This required handling these slightly differently than we do for other `DeclStmt`s.

The flow for range-based `for` is actually easier than for a regular `for`, because all three components (init, condition, and update) are always present.
 2019-05-29 14:40:29 -07:00
Calum Grant
59a006e59e Merge pull request #1368 from hvitved/csharp/cil-nullness 
CIL: Account for multiple `VariableUpdate::getSource()`s in nullness analysis
 2019-05-29 20:55:08 +01:00
Geoffrey White
665510a13c CPP: Add DangerousFunctionOverflow.ql to the security suite. 2019-05-29 16:36:02 +01:00
alexey
9377638834 Improve query help 2019-05-29 16:28:07 +01:00
alexey
86ec047be2 Rename files by style guide and change query metadata 2019-05-29 15:35:58 +01:00