hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 06:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,690 Branches 160 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
7d57d1915a JS: introduce DataFlow::DependencyModuleImport 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
ef6f4c7a5e JS: update docstring 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
f74653be46 JS: extract getDefaultNode from DefaultRange 2019-05-27 22:32:32 +02:00
Jonas Jensen
d2fa7aad1c Merge pull request #1336 from geoffw0/cached2 
CPP: Cache Expr.getType().
 2019-05-27 12:48:56 +01:00
Tom Hvitved
c82a2f0fec C#: Refactor data flow predicates to be defined by dispatch 2019-05-27 13:40:41 +02:00
Tom Hvitved
641126a506 Merge pull request #1339 from calumgrant/cs/cs8/ranges 
C#: Implement C#8 features
 2019-05-25 09:28:22 +02:00
yh-semmle
87cbc7e199 Merge pull request #1344 from aschackmull/java/validatedvariable 
Java: Replace ValidatedVariable with guarded accesses.
 2019-05-24 11:23:18 -04:00
Geoffrey White
170691b467 CPP: Comment as suggested. 2019-05-24 16:16:45 +01:00
Geoffrey White
6bac1e6e99 CPP: Accept CWE-190 test change. 2019-05-24 16:16:45 +01:00
Calum Grant
ae8ecc88e6 C#: Address review comments. 2019-05-24 14:56:58 +01:00
Anders Schack-Mulligen
1a9b1d5865 Java: Add change note. 2019-05-24 15:50:45 +02:00
Calum Grant
d2aea635e4 C#: Address review comments 2019-05-24 13:49:05 +01:00
Calum Grant
fe6056b0fc C#: Analysis change notes. 2019-05-24 13:49:05 +01:00
Calum Grant
14147a1abe C#: DB upgrade script and stats 2019-05-24 13:49:05 +01:00
Tom Hvitved
a1e58cedac C#: Refactor recursive patterns implementation 
- Extract names of properties in a propery match, using the `exprorstmt_name` relation.
- Simplify extraction of properties by not distinguishing between top-level patterns
  and nested patterns.
- Introduce `PatternExpr` to capture patterns in `is` expressions, `case` statements,
  and `switch` expression arms.
- Generalize `IsTypeExpr`, `IsPatternExpr`, `IsRecursivePatternExpr`, and `IsConstantExpr`
  to just `IsExpr` with a member predicate `PatternExpr getPattern()`.
- Generalize `TypeCase`, `RecursivePatternCase`, and `ConstCase` to just `CaseStmt` with
  a member predicate `PatternExpr getPattern()`.
- Introduce classes `Switch` and `Case` as base classes of switch statements/expressions
  and case statements/switch expression arms, respectively.
- Simplify CFG logic using the generalized classes.
- Generalize guards library to cover `switch` expressions tests.
- Generalize data flow library to cover `switch` expression assignments.
 2019-05-24 13:49:05 +01:00
Calum Grant
b28ad9066f C#: Change notes 2019-05-24 13:49:05 +01:00
Calum Grant
21203cdf0d C#: Minor code tidy. 2019-05-24 13:49:05 +01:00
Calum Grant
aecc9e2a57 C#: Fix LGTM warnings 2019-05-24 13:49:05 +01:00
Calum Grant
55b41cfaf7 C#: DB Upgrade script 2019-05-24 13:49:05 +01:00
Calum Grant
1a40c29aba C#: DB stats 2019-05-24 13:49:05 +01:00
Calum Grant
fa57017720 C#: Minor edit. 2019-05-24 13:49:05 +01:00
calum
1428d0ba93 C#: Implement recursive patterns 2019-05-24 13:49:05 +01:00
calum
318068b52f C#: Implement range operator 2019-05-24 13:49:04 +01:00
Geoffrey White
15e2248440 Merge pull request #1359 from jbj/definitions-column-order 
C++: definitions.ql performance tweaks
 2019-05-24 12:43:57 +01:00
alexey
8168c0ee0a Fix typo in test for the query 2019-05-23 15:54:59 +01:00
Tom Hvitved
d30bce4f31 C#: Update expected test output 2019-05-23 16:03:54 +02:00
Max Schaefer
1bf7bcf010 Merge pull request #1356 from asger-semmle/tainted-path-cherry-picked 
JS: Refactor LabelledBarrierGuard
 2019-05-23 12:26:35 +01:00
Asger F
6bb011a4cc JS: Stop using data/taint as flow labels in TaintedPath 2019-05-23 10:16:41 +01:00
Asger F
0823f6c935 JS: fix use of dataOrTaint() 2019-05-23 10:16:41 +01:00
Asger F
37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F
07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
Asger F
a1399d07a4 JS: Add change note for TypeScript full extraction 2019-05-23 09:19:01 +01:00
semmle-qlci
fac620d6f3 Merge pull request #1357 from asger-semmle/jump-to-namespace 
Approved by xiemaisi
 2019-05-23 09:00:24 +01:00
Asger F
9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Asger F
2fc0ab5595 JS: Stop using the AST-based isDocumentURL internally 2019-05-23 08:55:21 +01:00
Asger F
8b7dbf8b0f JS: Align DOM::locationRef with isDocumentURL 2019-05-23 08:45:08 +01:00
yh-semmle
64aa111b65 Merge pull request #1342 from aschackmull/java/field-annotation-cu 
Java: Check compilation unit of the same element in both disjuncts.
 2019-05-22 16:36:24 -04:00
Tom Hvitved
8fe2bccbf8 Merge pull request #1361 from calumgrant/cs/roslyn-3.1 
C#: Update to Roslyn 3.1
 2019-05-22 20:31:09 +02:00
Mark Shannon
e1614886c7 Python points-to. Improve API bey renaming a couple of methods and clarifying a few comments. 2019-05-22 17:28:25 +01:00
Ziemowit Laski
46b6eac955 [CPP-370] An .expected file is mismatched again. Not sure why 
this is happening.
 2019-05-22 09:08:44 -07:00
Ziemowit Laski
154b9aa488 [CPP-370] Reformat both Print.qll files. 2019-05-22 08:21:05 -07:00
Calum Grant
fcfb7b2b8a C#: Fix error caused by Roslyn upgrade. 2019-05-22 16:17:16 +01:00
Calum Grant
e5aa7f3ba7 C#: Upgrade to Roslyn 3.1 2019-05-22 15:54:30 +01:00
Jonas Jensen
dd5a2552c7 C++: Compute locations only for elements in result 
This gains some performance by not computing locations for all
expressions since we are only interested in calls and variable accesses.
The `Top::hasLocationInfo` predicate goes from 2m28s to 1m32s on
Chromium.
 2019-05-22 15:52:49 +01:00
Jonas Jensen
81f627c1c4 C++: pragma[noopt] Top::hasLocationInfo perf tweak 
This predicate was slow, mostly because it's just very large. A manual
join order cuts the run time on Chromium from

    definitions::Top::hasLocationInfo_dispred#ffffff ..................... 3m23s
    definitions::MacroAccessWithHasLocationInfo::hasLocationInfo#ffffff .. 1m56s

to

    definitions::Top::hasLocationInfo#ffffff .... 2m28s

The main slowdown was the two uses of `SCAN` to reorder columns in the
RA.
 2019-05-22 15:52:33 +01:00
Asger F
8590042a7e JS: customizable window, document, DOM value 2019-05-22 15:49:56 +01:00
alexey
e214174114 add return-or-yield-outside-of-function Python query 2019-05-22 15:27:32 +01:00