hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Asger Feldthaus
9249b92d85 JS: Fix typo in comment 2020-02-17 12:48:13 +00:00
Esben Sparre Andreasen
8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
b07f3d36d8 qldoc on splitPath 2020-02-17 13:17:12 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Shati Patel
c5eec30713 Tidy up QLDoc spec 2020-02-17 12:07:15 +00:00
Shati Patel
2ce1ad1818 Rename "QLDoc specification" to "QLDoc comment specification" 2020-02-17 12:07:15 +00:00
Shati Patel
c846f536c4 Remove numbering 2020-02-17 12:07:15 +00:00
Esben Sparre Andreasen
c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen
3855268201 use RegExpCreationNode 2020-02-17 13:02:47 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module 
Python: fix alerts for py/import-deprecated-module
 2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking 
Python: Handle iterable unpacking in taint tracking
 2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module 
Python: Fix FP for py/import own module
 2020-02-17 11:23:11 +01:00
Tom Hvitved
8e325ead91 Add change notes 2020-02-17 11:00:10 +01:00
Tom Hvitved
dcdb5299f0 C#: Update expected test output 2020-02-17 10:52:02 +01:00
Tom Hvitved
7eae5f913c C#: Update data-flow test 2020-02-17 10:45:44 +01:00
Tom Hvitved
28307399f8 Data flow: Sync files 2020-02-17 10:45:35 +01:00
Tom Hvitved
bc6c4744b1 Data flow: Follow-up changes to FlowExploration module 2020-02-17 10:43:26 +01:00
Tom Hvitved
307ac7f0b3 Data flow: Remove UntypedAccessPath again 2020-02-17 10:32:27 +01:00
Jonas Jensen
0aba965a9e C++: Don't mention deprecated class 
The language tests were failing because they don't tolerate mentioning a
deprecated class anywhere.
 2020-02-16 09:43:25 +01:00
Jonas Jensen
a59c0facee C++: Accept test changes for IR libs 
This is for the tests in the ql repo. There are also changed tests in
the internal repo.
 2020-02-15 21:12:20 +01:00
Jonas Jensen
f4ba56f0c0 C++: Use IR for security.TaintTracking and GVN 2020-02-15 21:10:29 +01:00
Jonas Jensen
e95ebb25a5 C++: Ensure tainted_diff.ql keeps using old lib 
Without this, the test will compare the IR to itself after we enable it.
 2020-02-15 21:10:29 +01:00
Jonas Jensen
0628625a76 Merge pull request #2835 from MathiasVP/value-number-perf 
C++: Value number performance fix
 2020-02-15 20:40:53 +01:00
Mathias Vorreiter Pedersen
8cda847dbc C++: Add TLoadTotalOverlapValueNumber to getKind predicate in AST GVN wrapper 2020-02-15 09:37:45 -07:00
Jonas Jensen
49d2f5a60b C++: autoformat 2020-02-15 09:41:27 +01:00
SpaceWhite
0be6f84387 Add sample 2020-02-15 16:49:33 +09:00
SpaceWhite
1ad7bd9684 add sample code 2020-02-15 16:46:09 +09:00
SpaceWhite
a29ccd674f Initial commit 2020-02-15 16:27:03 +09:00
Dave Bartolomeo
867581df91 Merge pull request #2844 from MathiasVP/value-numbering-performance-fix-2 
C++: Ensure that there is just one overlap for an operand in value numbering
 2020-02-14 16:40:03 -07:00
Robert Marsh
7abd289d7d C++: reinclude IRType in total load value numbers 2020-02-14 13:34:29 -08:00
Robert Marsh
f3c788d1e9 Merge pull request #2843 from jbj/ValueNumbering-import-order 
C++: Change import order for stable cache checksum
 2020-02-14 13:34:20 -05:00
Mathias Vorreiter Pedersen
8b8a8cae5b C++/C#: Sync identical files 2020-02-14 16:11:57 +01:00
Mathias Vorreiter Pedersen
4a7b865dc0 C++: Move overlap fix into SSAConstruction 2020-02-14 16:11:00 +01:00
semmle-qlci
8d21692caf Merge pull request #2845 from max-schaefer/js/http2 
Approved by esbena
 2020-02-14 13:05:48 +00:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Nick Rolfe
d2a0037ad0 Merge pull request #2833 from hmakholm/pr/ql-codeql 
Don't chain to ./codeql in .codeqlmanifest.json
 2020-02-14 11:44:27 +00:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen
9d61004128 remove redundant constructor on sink 2020-02-14 12:31:12 +01:00
Max Schaefer
ad83a8946c JavaScript: Sort lines in change notes. 2020-02-14 11:15:09 +00:00
Max Schaefer
f181111886 JavaScript: Add model of http2 compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
Mathias Vorreiter Pedersen
121c5e436d C++: Check that there is only one overlap 2020-02-14 11:13:53 +01:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
Jonas Jensen
928bdbacb0 C++: Change import order for stable cache checksum 
Without this fix, running the full LGTM suite would get the IR evaluated
twice. That's because we have multiple IPA types and constructors with
the same name (like `TInstruction` and `MkIRFunction`), and the QL
compiler chooses how to disambiguate those names differently depending
on import order.

I've tested that the IR is only evaluated once now by running the whole
suite on a tiny project (jbj/magicrescue) and looking at the output of

    perl -ne 'print if /^RESULTS IN:/ .. /^\[/ and not /^\[/' runSnapshotQueries-debug.log | sort |uniq -c |sort -n |less
 2020-02-14 10:28:52 +01:00