hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,968 Commits 1,741 Branches 165 Tags
af443569d9390ab89c479aa8ea5f18581baa742b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dave Bartolomeo af443569d9 C++: Fix handling of accesses to escaped variables in Aliased SSA 
This fixes a subtle bug in the construction of aliased SSA. `getResultMemoryAccess` was failing to return a `MemoryAccess` for a store to a variable whose address escaped. This is because no `VirtualIRVariable` was being created for such variables. The code was assuming that any access to such a variable would be via `UnknownMemoryAccess`. The result is that accesses to such variables were not being modeled in SSA at all.

Instead, the way to handle this is to have a `VariableMemoryAccess` even when the variable being accessed has escaped, and to have `VariableMemoryAccess::getVirtualVariable()` return the `UnknownVirtualVariable` for escaped variables. In the future, this will also let us be less conservative about inserting `Chi` nodes, because we'll be able to determine that there's an exact overlap between two accesses to the same escaped variable in some cases.
2018-11-30 12:15:19 -08:00
change-notes
Merge pull request #573 from felicity-semmle/1.19/python-change-notes
2018-11-30 12:30:57 +00:00
config
C++: IR-based dataflow
2018-11-30 12:15:11 -08:00
cpp
C++: Fix handling of accesses to escaped variables in Aliased SSA
2018-11-30 12:15:19 -08:00
csharp
Merge pull request #513 from calumgrant/cs/cwe-134
2018-11-26 14:58:54 +01:00
docs
Style guide: Fix whitespace.
2018-11-07 09:12:55 +01:00
java
Merge master into next.
2018-11-23 16:36:31 +00:00
javascript
Merge pull request #571 from xiemaisi/js/numeric-constant-interpreted-as-code
2018-11-29 17:07:48 +00:00
python/ql
Python: Fix accidentally introduced cartesian product.
2018-11-29 14:19:47 +00:00
.editorconfig
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.gitattributes
Mark several known binary extensions as -text
2018-09-23 16:24:32 -07:00
.gitignore
Don't .gitignore .vs/VSWorkspaceSettings.json
2018-09-26 15:52:44 +02:00
.lgtm.yml
Update lgtm.yml file to exclude Python source in query and test folders.
2018-11-20 14:57:36 +00:00
CODE_OF_CONDUCT.md
Introduce code of conduct
2018-08-07 12:19:02 +01:00
CODEOWNERS
C++: Add C++ analysis team to CODEOWNERS
2018-10-24 11:58:37 +02:00
CONTRIBUTING.md
Update CONTRIBUTING.md and README.md to link the the QL Style Guide.
2018-08-20 11:06:22 +01:00
COPYRIGHT
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
LICENSE
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
README.md
Update CONTRIBUTING.md and README.md to link the the QL Style Guide.
2018-08-20 11:06:22 +01:00

README.md

Semmle QL

This open source repository contains the standard QL libraries and queries that power LGTM, and the other products that Semmle makes available to its customers worldwide.

How do I learn QL and run queries?

LGTM has extensive documentation on getting started with writing QL. You can use the interactive query console or the QL for Eclipse plugin to try out your queries on any open-source project that's currently being analyzed.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines and QL style guide.

License

The LGTM queries are licensed under Apache License 2.0 by Semmle.

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 19 GiB
Languages
CodeQL 32.3%
Kotlin 27.4%
C# 17.1%
Java 7.7%
Python 4.6%
Other 10.7%