hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,692 Branches 160 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
f5a63e3a91 Merge pull request #1801 from geoffw0/lambdar 
CPP: Update taint test comments.
 2019-08-22 18:45:41 +02:00
Nick Rolfe
bea1f687e7 Merge pull request #1796 from mgrettondann/enable-usingentry-getenclosingelement 
C++: Add support for UsingEntry.getEnclosingElement
 2019-08-22 17:01:57 +01:00
Taus Brock-Nannestad
92f48191c2 Update test results for UndefinedGlobal.ql. 2019-08-22 17:53:36 +02:00
Geoffrey White
a70975f95f CPP: Update test comments. 2019-08-22 15:40:38 +01:00
Anders Schack-Mulligen
ef0c6d01eb Java: Add a global extension point for taint steps. 2019-08-22 16:38:59 +02:00
Geoffrey White
c007d4ffd7 Merge pull request #1781 from jbj/dataflow-location-workaround 
C++: Workaround for lambda expression locations
 2019-08-22 15:36:22 +01:00
james
372243aa1a docs: some more slide fixes 2019-08-22 15:30:37 +01:00
Taus Brock-Nannestad
b82ebf2a37 Add tests. 2019-08-22 16:30:14 +02:00
Mark Shannon
4759044ee4 Python tests: Fix up tests for CWE-312 to not use external locations. 2019-08-22 15:27:49 +01:00
Mark Shannon
9df205b288 Python tests: Fix up CWE-327 tests to use new sensitive-data library. 2019-08-22 15:27:48 +01:00
Mark Shannon
6cd0087d9d Python: Use Value API for sensitive data analysis. 2019-08-22 15:27:48 +01:00
Mark Shannon
81c65cd37c Add missing html tag 2019-08-22 15:27:48 +01:00
Mark Shannon
816938369e Python: Add tests for clear-text storage and logging. 2019-08-22 15:27:48 +01:00
Mark Shannon
15bb8b5f70 Python add new queries for clear-text logging and storage. 2019-08-22 15:27:48 +01:00
Mark Shannon
79ebd5652a Python: Add library support for cookies. Update and extend sensitive data library. 2019-08-22 15:27:48 +01:00
Taus Brock-Nannestad
b9ef8a0526 Python: Extend hasAttribute to unknown-but-defined module variables. 2019-08-22 16:22:53 +02:00
james
110b02a556 docs: improve scaling behaviour, fix fonts and headings 
docs: better responsive behaviour

docs: improve c/c++ slides

docs: titles and fonts

docs: tidy up layout and css

docs: update layout to scale font-size by slide height

docs: tidy up templates and fix font headings
 2019-08-22 14:59:08 +01:00
james
a35241e4cd docs: 2nd round of suggestions 2019-08-22 14:58:29 +01:00
james
feb4d26de8 docs: address first round of review comments on other slides and add intro to ql decks 2019-08-22 14:58:29 +01:00
james
4c714981f0 docs: address comments on bad overflow guard slides 2019-08-22 14:58:28 +01:00
james
a9a0b9a5d0 docs: fix some errors picked up by vale linter 2019-08-22 14:58:28 +01:00
james
c97f5829a2 docs: rationalize images and slide backgrounds 2019-08-22 14:58:28 +01:00
james
b0ff09b04d docs: further css tweaks 2019-08-22 14:58:27 +01:00
james
1d31a78d27 docs: rename QL training sphinx project 2019-08-22 14:58:27 +01:00
james
819f308010 docs: add several cpp training slides 2019-08-22 14:58:27 +01:00
Matthew Gretton-Dann
855ce8dd9d C++: Add support for UsingEntry.getEnclosingElement 2019-08-22 14:23:38 +01:00
Taus Brock-Nannestad
f9c002e441 Python: Support short mode flags (e.g. re.M) in regexes. 2019-08-22 14:53:58 +02:00
Tom Hvitved
0801e51175 Merge pull request #1790 from jbj/tainttracking-cross-language 
C++/C#/Java: Shared TaintTrackingImpl.qll
 2019-08-22 14:17:23 +02:00
Jonas Jensen
d38dbf0f63 C++: Workaround for lambda expression locations 
See CPP-427.
 2019-08-22 11:52:56 +02:00
Anders Schack-Mulligen
3aedadcb35 Java: Add localExprFlow and localExprTaint. 2019-08-22 11:25:23 +02:00
Taus
ae2a68b988 Merge pull request #1791 from markshannon/python-revert-tests 
Python: Revert and update tests removed in #1767
 2019-08-22 11:20:24 +02:00
Jonas Jensen
ad9ee54b65 C++/C#/Java: defaultAdditionalTaintStep 2019-08-22 11:14:06 +02:00
Tom Hvitved
ef6cf57597 C#: Add change note 2019-08-22 10:51:31 +02:00
Tom Hvitved
d2f8b0bc20 C#: Handle constructors with member initializers and base() calls in CFG 2019-08-22 10:34:23 +02:00
Tom Hvitved
e6ba282e05 C#: Revert a few changes 2019-08-22 09:26:13 +02:00
Ziemowit Laski
f3fc1be6fc [CPP-387] Address review comments; some line reordering. 2019-08-21 17:14:14 -07:00
Robert Marsh
1b6339528c Merge pull request #1783 from jbj/taint-fields-structs 
C++: Don't propagate taint between field and struct [CPP-410]
 2019-08-21 11:20:26 -07:00
yh-semmle
9012c3240f Merge pull request #1789 from aschackmull/java/autoformat 
Java: Autoformat.
 2019-08-21 12:36:55 -04:00
Taus
c595d0f27b Merge pull request #1784 from markshannon/python-move-essa-together 
Python: Move all ESSA related code into one folder.
 2019-08-21 17:51:45 +02:00
Tom Hvitved
5d140930d0 C#: Add field initializers to CFG for constructors 
This commit adds field initializers to the CFG for non-static constructors. For
example, in

```
class C
{
    int Field1 = 0;
    int Field2 = Field1 + 1;
    int Field3;

    public C()
    {
        Field3 = 2;
    }

    public C(int i)
    {
        Field3 = 3;
    }
}
```

the initializer expressions `Field1 = 0` and `Field2 = Field1 + 1` are added
to the two constructors, mimicking

```
public C()
{
    Field1 = 0;
    Field2 = Field1 + 1;
    Field3 = 2;
}
```

and

```
public C()
{
    Field1 = 0;
    Field2 = Field1 + 1;
    Field3 = 3;
}
```

respectively. This means that we no longer have to synthesize calls, callables,
parameters, and arguments in the data flow library, so much of the work from
d1755500e4 can be simplified.
 2019-08-21 16:21:38 +02:00
Tom Hvitved
a2ffddec5f Merge pull request #1785 from jbj/dataflow-recursion-prevention-shared 
C++/C#/Java: Pyrameterize ConfigurationRecursionPrevention
 2019-08-21 15:56:50 +02:00
Mark Shannon
e77ae09a86 Python tests: Update test results to account for better handling of branches in finally blocks. 2019-08-21 14:47:57 +01:00
Mark Shannon
714fecbf5e Python: Revert tests removed in #1767. 2019-08-21 14:39:53 +01:00
semmle-qlci
ddc716d2d3 Merge pull request #1768 from asger-semmle/ts-debugging 
Approved by esben-semmle, xiemaisi
 2019-08-21 14:21:45 +01:00
Felicity Chapman
4e355ce497 Merge pull request #1786 from jf205/gtm-sphinx 
Sphinx docs: update references on `layout.html`
 2019-08-21 14:17:21 +01:00
Jonas Jensen
25701f203d C++/C#/Java: Shared TaintTrackingImpl.qll 
This file is now identical in all languages. Unifying this file led to
the following changes:
- The documentation spelling fixes and example from the C++ version
  were copied to the other versions and updated.
- The steps through `NonLocalJumpNode` from C# were abstracted into a
  `globalAdditionalTaintStep` predicate that's empty for C++ and Java.
- The `defaultTaintBarrier` predicate from Java is now present but empty
  on C++ and C#.
- The C++ `isAdditionalFlowStep` predicate on
  `TaintTracking::Configuration` no longer includes `localFlowStep`.
  That should avoid some unnecessary tuple copying.
 2019-08-21 14:55:54 +02:00
jf205
79477a45cf Merge pull request #1748 from asger-semmle/type-tracking-tutorial 
JS: Type tracking tutorial
 2019-08-21 13:47:53 +01:00
james
419d07e1e5 docs: remove HS, GA, add GTM ref 2019-08-21 13:45:54 +01:00
Asger F
fd7cfedf4b JS: Add AdditionalTypeTrackingStep 2019-08-21 13:44:03 +01:00
Anders Schack-Mulligen
629c19e719 Java: Autoformat. 2019-08-21 14:38:17 +02:00