github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 679 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

10679 Коммитов

Автор SHA1 Сообщение Дата
Asger Feldthaus 8531c113a1 TS: Fix imports 2020-02-24 11:40:27 +00:00
Asger Feldthaus 9b52acc62a TS: Handle export * as ns 2020-02-24 11:40:27 +00:00
Asger Feldthaus 7f939fe1e4 TS: Update to TypeScript 3.8.2 2020-02-24 11:40:27 +00:00
semmle-qlci 94aa77748d
Merge pull request #2810 from erik-krogh/CVE74 
Approved by asgerf
 2020-02-24 11:32:42 +00:00
Asger Feldthaus f923b24bc5 JS: Fix test 2020-02-24 11:19:23 +00:00
Erik Krogh Kristensen 75c1852ee4
doc changes from review 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-24 11:58:59 +01:00
Mathias Vorreiter Pedersen ed430ce855 C++/C#: Bind parameter in new case. 2020-02-24 09:12:14 +01:00
Mathias Vorreiter Pedersen af364e66fc C++/C#: Move sanity check inside InstructionSanity module and accept tests 2020-02-23 20:53:49 +01:00
Dave Bartolomeo 170331b105 C++: Better fix for `void` type on buffer access 
Fixes issue https://github.com/github/codeql-c-analysis-team/issues/20

This change undoes the workaround in https://github.com/Semmle/ql/pull/2736, and replaces it with a fix for the underlying cause. The problem was that the IR construction code for side effects incorrectly assumed that `BufferAccessOpcode` included `SizedBufferAccessOpcode`. I think that was actually a perfectly reasonable assumption to make, so I changed the `Opcode` hierarchy to make it true.
 2020-02-21 18:46:32 -07:00
Taus 285be2893c
Merge pull request #2893 from BekaValentine/python-objectapi-to-valueapi-unnecessarylambda 
Python: ObjectAPI to ValueAPI: UnnecessaryLambda
 2020-02-21 22:23:02 +01:00
Taus e444fb8bfa
Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash 
Python: ObjectAPI to ValueAPI: HashedButNoHash
 2020-02-21 22:19:58 +01:00
Rebecca Valentine 14273fc677 Adds missing result to expected file 2020-02-21 11:25:03 -08:00
Rasmus Wriedt Larsen bfa7553095 Python: urlsplit sanitizer handles `in [KNOWN_VALUE]` 2020-02-21 16:03:29 +01:00
Rasmus Wriedt Larsen 798db91f71 Python: Add more urlsplit tests 2020-02-21 15:51:33 +01:00
Erik Krogh Kristensen 44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen 90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Rasmus Wriedt Larsen 31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Mathias Vorreiter Pedersen d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
Asger Feldthaus 1ee112a341 JS: Add change note 2020-02-21 13:55:27 +00:00
Asger Feldthaus a673539c98 JS: Update expected output 2020-02-21 13:51:23 +00:00
Asger Feldthaus b780bc4d59 JS: Also track into callbacks 2020-02-21 13:51:22 +00:00
Asger Feldthaus e8e649102f JS: Also propagate out of returns 2020-02-21 13:51:22 +00:00
Asger Feldthaus 8c36b999cc JS: Track flow into calls to bound functions 2020-02-21 13:51:20 +00:00
semmle-qlci ee5cf95f5b
Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
semmle-qlci e163d8d8c8
Merge pull request #2796 from asger-semmle/js/partial-invoke-receiver 
Approved by esbena
 2020-02-21 13:48:43 +00:00
Erik Krogh Kristensen 75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Mathias Vorreiter Pedersen da41cbca06 C#: Add similar fix to translation of switch statements in C# 2020-02-21 13:33:54 +01:00
Rasmus Wriedt Larsen abbc9293db
Merge pull request #2891 from tausbn/python-special-operations 
Python: Add AST support for special operations.
 2020-02-21 13:16:22 +01:00
semmle-qlci 382e4bc06a
Merge pull request #2895 from max-schaefer/js/improve-param-qldoc 
Approved by asgerf
 2020-02-21 12:01:02 +00:00
Asger Feldthaus 01fed95fe6 JS: Add change note 2020-02-21 11:49:20 +00:00
Max Schaefer 75495d7aad
Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-21 10:06:32 +00:00
Geoffrey White ad45a4b079
Merge pull request #2890 from nickrolfe/range_based_for 
C++: add more extensive test for desugaring of range-based-for loops
 2020-02-21 09:31:34 +00:00
Erik Krogh Kristensen 6ea14532ab small changes based on review 2020-02-21 10:27:57 +01:00
Max Schaefer fc4afe6eb2 JavaScript: Improve qldoc for `Parameter` to clarify that it also contains catch-clause parameters. 2020-02-21 09:14:00 +00:00
Anders Schack-Mulligen 771cb754c2
Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context 
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
 2020-02-21 10:02:06 +01:00
Jonas Jensen 1d786abebd
Merge pull request #2881 from rdmarsh2/ir-release-note 
C++/Docs: release notes for IR taint tracking and GVN
 2020-02-21 09:49:16 +01:00
Tom Hvitved 0cc3218115
Merge pull request #2872 from aschackmull/dataflow/pathstep-localflow-join 
Java/C++/C#: Improve join-order in pathStep predicate
 2020-02-21 09:39:17 +01:00
Rebecca Valentine df7f43ee86 Adds modernization 2020-02-20 17:07:56 -08:00
Rebecca Valentine 2f3ea10cf8 Move the query and examples over to 2/query-tests 2020-02-20 16:31:58 -08:00
Rebecca Valentine 376638e9c0 Move query over to Rasmus's API for NumericValue 2020-02-20 16:18:54 -08:00
Rebecca Valentine ab1fcb32ae autoformats 2020-02-20 16:17:43 -08:00
Rebecca Valentine 5d9d724d43 Removes conflicting NumericValue definition 2020-02-20 16:17:33 -08:00
Rebecca Valentine 28be3b47fc Replaces name-reference to the class with canonical predicate. 2020-02-20 15:41:51 -08:00
Rebecca Valentine 5acd982d59 Swaps ...obj for ...val 2020-02-20 15:41:51 -08:00
Rebecca Valentine 91ea46f5ee Adds test output. 2020-02-20 15:41:51 -08:00
Rebecca Valentine 115495450d Adds test cases. 2020-02-20 15:41:51 -08:00
Rebecca Valentine 96b8d78650 Adds modernized files. 2020-02-20 15:41:51 -08:00
Mathias Vorreiter Pedersen 780010d8f9 C++/C#: Sync identical files 2020-02-20 22:15:06 +01:00
Mathias Vorreiter Pedersen 6c08783158 C++: Accept output 2020-02-20 22:13:37 +01:00