github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 954 коммитов 1 575 Ветки 136 Теги 552 MiB
Граф коммитов

10954 Коммитов

Автор SHA1 Сообщение Дата
Rebecca Valentine 047c328c58
Update python/ql/src/semmle/python/objects/ObjectAPI.qll 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 19:20:08 -07:00
Rebecca Valentine e8708a083f Python: Modernizes query and expecteds 2020-03-09 19:13:54 -07:00
Rebecca Valentine 48e67bca51 Python: Modernizes query 2020-03-09 18:57:42 -07:00
Rebecca Valentine 810efc5ca2
Python: Adds Rasmus's suggestion 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-09 16:21:34 -07:00
Taus be09c17367
Merge pull request #2990 from BekaValentine/python-objectapi-to-valueapi-raisingtuple 
Python: ObjectAPI to ValueAPI: RaisingTuple
 2020-03-10 00:16:12 +01:00
Taus 96e99f55ad
Merge pull request #2976 from BekaValentine/python-objectapi-to-valueapi-emptyexcept 
Python: ObjectAPI to ValueAPI: EmptyExcept
 2020-03-09 23:56:27 +01:00
Taus b51e2a9e80
Merge pull request #2977 from BekaValentine/python-objectapi-to-valueapi-catchingbaseexception 
Python: ObjectAPI to ValueAPI: CatchingBaseException
 2020-03-09 22:54:50 +01:00
Mathias Vorreiter Pedersen 1a5282ae21 C++: Add testcase that previously resulted in a false positive 2020-03-09 22:33:59 +01:00
Mathias Vorreiter Pedersen 525a00098e C++: Address review comments 2020-03-09 22:16:05 +01:00
Dave Bartolomeo 9fae2faaeb
Merge pull request #2994 from jbj/IRSanity-separate-file 
C++: Move InstructionSanity out of Instruction.qll
 2020-03-09 16:34:36 -04:00
Rasmus Wriedt Larsen a38fd2d3d1 Python: Use unambiguous name getCallNode 2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen a9674ef6e8 Python: Resolve autoformat ugliness 2020-03-09 16:54:55 +01:00
semmle-qlci 155985c77d
Merge pull request #3024 from max-schaefer/js/move-portals-to-experimental 
Approved by asgerf
 2020-03-09 15:39:36 +00:00
Rasmus Wriedt Larsen 31cfb1689c Python: Fix minor bug in modernisation-rewrite 
Obviously the result module shouldn't be a package 🤦 I was confusing
myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D
 2020-03-09 15:49:08 +01:00
Mathias Vorreiter Pedersen 6dee7061a0 C++: Handle constant variable accesses in SimpleRangeAnalysis.qll 2020-03-09 15:44:32 +01:00
Rasmus Wriedt Larsen 0ce8e9180b Python: Remove code that adds taint to unrelated ControlFlowNode 
The problem with the deleted code is that it would add flow to what might be an
unrelated ControlFlowNode, which is illustrated in the query below (that gives
results on flask)

from ControlFlowNode arg, CallNode call, CallNode other_call
where
    call.getNode().getAKeyword().getValue() = arg.getNode() and
    not call.getAnArg() = arg and
    other_call.getAnArg() = arg and
    not other_call = call
select call, arg, other_call
 2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen cac5d00ca2 Python: Fix string taint tests 
The tests in ql/python/ql/test/library-tests/taint/strings/ shows that
ClassValue::str() is not good enough.
 2020-03-09 15:10:48 +01:00
Tom Hvitved 6a10516c1e
Merge pull request #3021 from aschackmull/dataflow/partial-path-perf 
Java/C++/C#: Fix performance issue in partial paths exploration.
 2020-03-09 15:04:33 +01:00
Max Schaefer 3c785ecaa7 JavaScript: Move flow summaries to `experimental`. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Asger F 5a1bf94994
Merge pull request #2987 from asger-semmle/js/urls-not-sensitive-data 
JS: Declassify sensitive exprs with special characters
 2020-03-09 12:29:47 +00:00
Asger Feldthaus 6c1f98a5ae JS: Update vague variable name 2020-03-09 11:58:38 +00:00
Calum Grant 250afda7da
Merge pull request #2831 from hvitved/csharp/local-function-fresh-label 
C#: Generate fresh TRAP ID for local functions
 2020-03-09 10:46:45 +00:00
Anders Schack-Mulligen a2bbacf58d Java/C++/C#: Fix performance issue in partial paths exploration. 2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen 4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen f491fcd5ae Java/C++/C#: Sync. 2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen 7a74634cfd Java/C++/C#: Simplify. 2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen cf84a53573 Java/C++/C#: Fix bug in type pruning. 2020-03-09 11:04:24 +01:00
Asger Feldthaus a9a9c14eea JS: Change note 2020-03-07 15:15:13 +00:00
Asger Feldthaus a1d479e975 JS: Declassify sensitive exprs with special characters 2020-03-07 15:15:13 +00:00
Asger Feldthaus 759631ae56 JS: Raise default memory limit to 2.4G 2020-03-07 15:13:53 +00:00
Asger Feldthaus c55dcf88d5 JS: Improve error reporting 2020-03-07 15:13:52 +00:00
Asger Feldthaus 549d4e9b57 JS: Do not restart in the middle of a message 2020-03-07 15:13:52 +00:00
Asger Feldthaus e1657b237b JS: Extract compiler-restarting into a function 2020-03-07 15:13:52 +00:00
Asger Feldthaus 2ef21ea4b8 JS: Only evaluate relevant barrier guards 2020-03-07 15:13:20 +00:00
Asger Feldthaus fd1a14d3bd JS: Add qldoc to a private predicate 2020-03-07 15:13:20 +00:00
Asger Feldthaus eed4204e04 JS: Lift some internal members to private top-level 2020-03-07 15:13:20 +00:00
SpaceWhite 5e912cbf8e Move directory to experimental 2020-03-07 11:55:32 +09:00
SpaceWhite 8cdc2bb268 Merge branch 'master' into CWE-094 2020-03-07 11:54:31 +09:00
SpaceWhite b7af1645aa Move directory to experimental 2020-03-07 11:49:33 +09:00
SpaceWhite 2ec107bc2d Merge branch 'master' into CWE-643 2020-03-07 11:47:53 +09:00
Rebecca Valentine 3e36c672cf Python: Removes superfluous cast 2020-03-06 13:06:11 -08:00
Rebecca Valentine 7b49c8e6f8 Python: Fixes bug in modernization 2020-03-06 12:47:46 -08:00
Jonas Jensen 0cd3eb7b7e C++: Accept test changes 
Some IR inconsistencies are "fixed" because we no longer translate
constant initializers of static locals.
 2020-03-06 20:20:47 +01:00
Rasmus Wriedt Larsen 8b2c74a4dd Python: Modernise remaining Security/*.qll files 2020-03-06 17:30:02 +01:00
Rasmus Wriedt Larsen 14957345a3 Python: Fix formatting of isLegalExceptionType 2020-03-06 17:27:50 +01:00
Rasmus Wriedt Larsen 70634fe30e Python: Remove usage of deprecated .getValue() 2020-03-06 16:20:31 +01:00
Jonas Jensen cc38abd228 C++: Ignore constant static initializers 2020-03-06 15:05:28 +01:00
Jonas Jensen 02f0b89a0d C++: Test for constant static initializer 2020-03-06 15:05:28 +01:00
Rasmus Wriedt Larsen 2416cac8f4 Python: Modernise StringKind files 2020-03-06 14:45:03 +01:00
semmle-qlci 3ae1aada37
Merge pull request #2995 from tausbn/python-fix-nested-sequence-assign-cp 
Approved by RasmusWL
 2020-03-06 09:43:24 +00:00