hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 20:50:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,679 Branches 158 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
Asger F
a1399d07a4 JS: Add change note for TypeScript full extraction 2019-05-23 09:19:01 +01:00
semmle-qlci
fac620d6f3 Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
Asger F
9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Asger F
2fc0ab5595 JS: Stop using the AST-based isDocumentURL internally 2019-05-23 08:55:21 +01:00
Asger F
8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
yh-semmle
64aa111b65 Merge pull request #1342 from aschackmull/java/field-annotation-cu 
Java: Check compilation unit of the same element in both disjuncts.
 2019-05-22 16:36:24 -04:00
Tom Hvitved
8fe2bccbf8 Merge pull request #1361 from calumgrant/cs/roslyn-3.1 
C#: Update to Roslyn 3.1
 2019-05-22 20:31:09 +02:00
Mark Shannon
e1614886c7 Python points-to. Improve API bey renaming a couple of methods and clarifying a few comments. 2019-05-22 17:28:25 +01:00
Ziemowit Laski
46b6eac955 [CPP-370] An .expected file is mismatched again. Not sure why 
this is happening.
 2019-05-22 09:08:44 -07:00
Ziemowit Laski
154b9aa488 [CPP-370] Reformat both Print.qll files. 2019-05-22 08:21:05 -07:00
Calum Grant
fcfb7b2b8a C#: Fix error caused by Roslyn upgrade. 2019-05-22 16:17:16 +01:00
Calum Grant
e5aa7f3ba7 C#: Upgrade to Roslyn 3.1 2019-05-22 15:54:30 +01:00
Jonas Jensen
dd5a2552c7 C++: Compute locations only for elements in result 
This gains some performance by not computing locations for all
expressions since we are only interested in calls and variable accesses.
The `Top::hasLocationInfo` predicate goes from 2m28s to 1m32s on
Chromium.
 2019-05-22 15:52:49 +01:00
Jonas Jensen
81f627c1c4 C++: pragma[noopt] Top::hasLocationInfo perf tweak 
This predicate was slow, mostly because it's just very large. A manual
join order cuts the run time on Chromium from

    definitions::Top::hasLocationInfo_dispred#ffffff ..................... 3m23s
    definitions::MacroAccessWithHasLocationInfo::hasLocationInfo#ffffff .. 1m56s

to

    definitions::Top::hasLocationInfo#ffffff .... 2m28s

The main slowdown was the two uses of `SCAN` to reorder columns in the
RA.
 2019-05-22 15:52:33 +01:00
Asger F
8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
alexey
e214174114 add return-or-yield-outside-of-function Python query 2019-05-22 15:27:32 +01:00
Asger F
153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
Asger F
deb217326d JS: Update our own queries 2019-05-22 13:13:08 +01:00
Nick Rolfe
94e3c676d5 Merge pull request #1352 from ian-semmle/edg 
C++: Follow extractor changes for 0136
 2019-05-22 13:11:59 +01:00
Mark Shannon
1018f27815 Python points-to: Add more comments about TObject and ObjectInternal. 2019-05-22 12:59:51 +01:00
Asger F
61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
Asger F
6246eb2fe3 JS: Refactor LabeledSantizerGuard 2019-05-22 12:08:03 +01:00
semmle-qlci
dc8123db8e Merge pull request #1355 from xiemaisi/js/data-flow-api-fiddling 
Approved by asger-semmle
 2019-05-22 10:40:32 +01:00
Anders Schack-Mulligen
3e5bbd96b1 Java: Account for non-source annotation on second field in multi-field declarations. 2019-05-22 11:33:10 +02:00
Calum Grant
fc8eccfc6b C#: Add some basic qhelp. Since these are internal queries, this is probably not needed. 2019-05-22 10:16:24 +01:00
semmle-qlci
c100c70a65 Merge pull request #1348 from xiemaisi/js/add-external-link-cwe 
Approved by esben-semmle
 2019-05-22 08:12:51 +01:00
Denis Levin
1b8117ba3a C++: Mishandling Japanese Era and Leap Year in calculations 2019-05-21 14:49:40 -07:00
Denis Levin
0b108fab0f Replaced tabs with spaces 2019-05-21 14:11:30 -07:00
Calum Grant
75c19e3991 C#: Add internal queries for extractor and compiler diagnostics. 2019-05-21 21:22:50 +01:00
semmle-qlci
114ba0e722 Merge pull request #1349 from EdoDodo/js-performance 
Approved by xiemaisi
 2019-05-21 17:50:01 +01:00
Ian Lynagh
6a77ac8a13 C++: Follow extractor changes for 0136 2019-05-21 17:07:21 +01:00
Asger F
180b5443ba JS: Update output of incomplete.ql 2019-05-21 17:02:43 +01:00
Asger F
de2f323172 JS: Mark unused parameter nodes as incomplete 2019-05-21 16:53:39 +01:00
Asger F
69dbbcf1c8 JS: Mark destructuring nodes as incomplete 2019-05-21 16:52:35 +01:00
Ziemowit Laski
81bfbc250f [CPP-370] Forgot to update an .expected file. 2019-05-21 07:08:13 -07:00
Ziemowit Laski
ae55b7b643 [CPP-370] Add new test file for testing procedurally nested format 
argument violations.
 2019-05-21 07:08:13 -07:00
Ziemowit Laski
f19f48dc1a [CPP-370] Revert accidental changes to Printf.qll (which belong on zlaski/cpp391 branch). 2019-05-21 06:55:32 -07:00
Ziemowit Laski
a49d82d2d6 [CPP-370] Exclude UserDefinedFormattingFunction nodes. 2019-05-21 06:55:32 -07:00
Ziemowit Laski
92054e2481 [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:54:41 -07:00
Ziemowit Laski
098b6543f5 [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:51:47 -07:00
Ziemowit Laski
91902e52f6 [CPP-370] Intermediate commit, file not in usable state. 2019-05-21 06:46:52 -07:00
Ziemowit Laski
d8b8dda439 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:45:52 -07:00
Ziemowit Laski
dbec17f85b [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:23:51 -07:00
Ziemowit Laski
6025c03857 [CPP-370] Add nested.cpp test case, for nested calls to ...printf functions. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
f6903c769a [CPP-370] Remove prohibition against UserDefinedFormattingFunction 2019-05-21 06:21:12 -07:00
Ziemowit Laski
8faf95ec84 [CPP-370] Tentatively modify CWE consts.cpp file to play nice with the dataflow library. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
1fce5a5b40 [CPP-370] Revert accidental changes to Printf.qll (which belong on zlaski/cpp391 branch). 2019-05-21 06:21:11 -07:00
Ziemowit Laski
99047e51f2 [CPP-370] Exclude UserDefinedFormattingFunction nodes. 2019-05-21 06:19:52 -07:00
Ziemowit Laski
b205951e6d [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:18:31 -07:00