hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 16:03:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,692 Branches 160 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
shati-patel
fd4709d43a Merge pull request #1930 from jf205/js-links-122 
docs: update some links in a couple of javascript topics
 2019-09-13 15:58:23 +01:00
Asger F
a8e8ae868a JS: Update extractor version string 2019-09-13 15:48:31 +01:00
Asger F
173f32d2ba JS: Recognize 'require' calls in more cases 2019-09-13 15:48:31 +01:00
Asger F
3b7ecd5ccf JS: Add NumModules metric 2019-09-13 15:48:31 +01:00
Max Schaefer
fa4db5a841 JavaScript: Fix link to restify in library tutorial. 
(cherry picked from commit af24d125388ed89dcd364697d955026a1f46fd33)
 2019-09-13 15:28:21 +01:00
Max Schaefer
f1588b2622 JavaScript: Fix description of call graphs. 
(cherry picked from commit 2817cf060f6a506ee51a0296b3745e7406fc7cfc)
 2019-09-13 15:28:21 +01:00
james
ffa370a8ad docs: fix broken links in js topics 
(cherry picked from commit e8f867204d)
 2019-09-13 15:28:20 +01:00
semmle-qlci
82097f63ac Merge pull request #1903 from jf205/js-links 
Approved by asger-semmle
 2019-09-13 15:25:02 +01:00
Erik Krogh Kristensen
9dc9adda64 fix capitalization in test case 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen
3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:52:11 +01:00
Jonas Jensen
7cfbe88e7b C++: IR DataFlow::Node.toString consistency 
The `toString` for IR data-flow nodes are now similar to AST data-flow
nodes. This should make it easier to use the IR as a drop-in replacement
in the future. There are still differences because the IR data flow
library takes conversions into account.

I did not attempt to align the new nodes we use for field flow. That can
come later, when we add field flow to IR data flow.
 2019-09-13 14:33:31 +02:00
Jonas Jensen
562bffe710 C++: Simplify toString of ImplicitParameterNode 
This string looked out of place compared to `ExplicitParameterNode`,
whose string is simply the name of the parameter and therefore
indistinguishable from an access to the parameter without looking at the
location also. This has not been a problem so far, and if we want to
distinguish more clearly between initial values and accesses at some
point, we should do it for `ExplicitParameterNode` and
`UninitializedNode` too.
 2019-09-13 14:33:26 +02:00
Erik Krogh Kristensen
c4f27ed4cc rename TaintedLength to LoopBoundInjection 2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen
673e883c21 use superscript to denote the size of the tainted object 2019-09-13 11:00:11 +01:00
semmle-qlci
d0d3882121 Merge pull request #1919 from esben-semmle/js/fixup-1 
Approved by asger-semmle, xiemaisi
 2019-09-13 10:40:38 +01:00
semmle-qlci
1313821a25 Merge pull request #1904 from erik-semmle/passportModel 
Approved by asger-semmle, esben-semmle
 2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Tom Hvitved
f5cae9b6ea Merge pull request #1881 from aschackmull/java/pathgraph-nodes 
Java/C++/C#: Add nodes predicate to PathGraph.
 2019-09-13 10:32:47 +02:00
Dave Bartolomeo
e8cf3f876e Merge pull request #1660 from zlaski-semmle/zlaski/builtin-va-list 
Add a `__builtin_va_list` type, to complement `__builtin_va_*`
 2019-09-12 14:04:55 -07:00
Dave Bartolomeo
9072f6231f Merge pull request #1928 from jbj/autoformat-ssa 
C++: Autoformat IR SSA files
 2019-09-12 14:03:20 -07:00
zlaski-semmle
45640395a9 Merge pull request #1803 from geoffw0/qldoceg9 
CPP: Add syntax examples to QLDoc in Variable.qll
 2019-09-12 12:32:58 -07:00
Robert Marsh
7f6108259e Merge pull request #1927 from jbj/instructionNode 
C++: Add DataFlow::instructionNode
 2019-09-12 12:06:01 -07:00
Rebecca Valentine
f503e042fc Merge pull request #1877 from taus-semmle/python-modernise-non-iterator-query 
Python: Modernise the `py/non-iterable-in-for-loop` query.
 2019-09-12 11:14:40 -07:00
Calum Grant
b7db15646c Merge pull request #1858 from AndreiDiaconu1/ircsharp-continue 
C# IR: Add support for `ContinueStmt`
 2019-09-12 17:37:01 +01:00
Erik Krogh Kristensen
c2efb0afe7 two tiny qldoc changes 2019-09-12 16:58:07 +01:00
Erik Krogh Kristensen
119b1ffb80 changes based on review from max 2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen
dc891dc420 added js/loop-bound-injection to javascript security suite 2019-09-12 15:50:50 +01:00
Erik Krogh Kristensen
17a71a97c5 add loop-bound-injection to change-notes 2019-09-12 15:28:14 +01:00
Erik Krogh Kristensen
3d359bc8dc Merge remote-tracking branch 'upstream/master' into taintedLength 2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen
30f1bcf5bc updated query ID and expected output 2019-09-12 15:24:33 +01:00
Jonas Jensen
0c092e21b0 C++: Autoformat IR SSA files 
One autoformat omission had also slipped into
`DefaultTaintTracking.qll`.
 2019-09-12 15:45:08 +02:00
Jonas Jensen
10270cb36d C++: Turn a comment into QLDoc 2019-09-12 15:44:04 +02:00
AndreiDiaconu1
e55f16d990 Fix comment 2019-09-12 13:57:28 +01:00
AndreiDiaconu1
91fdfd48e5 Fixed CP problem 2019-09-12 13:09:49 +01:00
Jonas Jensen
c7e6081079 C++: Add DataFlow::instructionNode 
This is for symmetry with `exprNode` etc., and it should be handy for
the same reasons. I found one caller of `asInstruction` that got simpler
by using the new predicate instead.
 2019-09-12 11:44:17 +02:00
Tom Hvitved
5070270605 C#: Fix CFG for nested finally blocks 2019-09-12 11:44:04 +02:00
Tom Hvitved
b9fa837963 C#: Add new CFG test for try/finally 2019-09-12 11:44:04 +02:00
Tom Hvitved
3d32f3d173 C#: Restructure existing CFG tests for try/finally 2019-09-12 11:44:04 +02:00
AndreiDiaconu1
47120bc923 PR fixes 2019-09-12 10:34:00 +01:00
Calum Grant
e330d5a6c6 Merge pull request #1549 from hvitved/csharp/cfg/loop-unrolling 
C#: Loop unrolling for `foreach` statements
 2019-09-12 10:24:26 +01:00
AndreiDiaconu1
420abbf3dc C# IR: Support for ContinueStmt 
Added support for continue stmt.
Minimal refactoring of the `TranslatedSpecificJump` classes.
Added a new test file, `jumps.cs` and updated the expected output.
 2019-09-12 10:01:48 +01:00
Anders Schack-Mulligen
6299625b3d C#: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
61e4e61087 C++: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
2d620698d8 Java: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
95e2f162d9 Java/C++/C#: Adjust toString of empty accesspath. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
0a4b15d40b Java/C++/C#: Add nodes predicate to PathGraph. 2019-09-12 11:00:49 +02:00
Erik Krogh Kristensen
2db0cdf4e2 two small qhelp fixes 2019-09-12 10:00:08 +01:00
semmle-qlci
10076a6b2b Merge pull request #1886 from jbj/ir-taint-shared 
Approved by rdmarsh2
 2019-09-12 06:48:24 +01:00
Robert Marsh
e71a39f6b6 Merge pull request #1912 from jbj/tainttracking-ir-1 
C++: Stub replacement for security.TaintTracking
 2019-09-11 13:44:39 -07:00
Tom Hvitved
8f3f9406e2 C#: Early identification of duplicate extraction 2019-09-11 20:47:20 +02:00