github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 679 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

10679 Коммитов

Автор SHA1 Сообщение Дата
Rasmus Wriedt Larsen 74345b1c05 Python: Make library-tests/taint/strings tests more transparent 
Following the setup I invented for library-tests/taint/unpacking.

TestStep is still a bit annoying, since the output is not easy to eyeball; but
for now I guess we can live with it :)

I honestly didn't get the point of DistinctStringKinds.ql, other than showing we
can handle multiple taint kinds
 2020-02-19 16:24:22 +01:00
Rasmus Wriedt Larsen e4b83855d9 Python: Autoformat security/strings/External.qll 2020-02-19 16:24:13 +01:00
Tom Hvitved ddf6b4a342
Merge pull request #2862 from calumgrant/cs/project-rids 
C#: Add runtime identifiers to project files
 2020-02-19 16:11:10 +01:00
Geoffrey White 89bbb975f9 C++: Effects on tests. 2020-02-19 14:52:49 +00:00
Geoffrey White 4e2a45cd3e C++: Correct SideEffectFunction model for PureStrFunction. 2020-02-19 14:38:43 +00:00
Geoffrey White 22cba0f26e C++: Delete TODO. 2020-02-19 14:38:43 +00:00
Geoffrey White 5f7085937e C++: Improve the SideEffect library QLDoc. 2020-02-19 14:38:43 +00:00
Geoffrey White c014ca6ed7 C++: Rename some tests for clarity / less emphasis on the AST. 2020-02-19 14:33:57 +00:00
Geoffrey White 3e49e12126 C++ Repair GlobalValueNumbering (AST) test. 2020-02-19 14:28:46 +00:00
Anders Schack-Mulligen c6016bb08c Java/C++/C#: Improve join-order in pathStep predicate 2020-02-19 14:47:39 +01:00
Geoffrey White df29143b7e C++: Fix a test that should be working on the AST dataflow. 2020-02-19 13:02:24 +00:00
Geoffrey White c94582a1c0
Merge pull request #2861 from MathiasVP/gvn-use-impl 
C++: Import AST GVN module for tests
 2020-02-19 11:16:11 +00:00
semmle-qlci 5e0f21a162
Merge pull request #2854 from max-schaefer/js/regexp-bounded-quantifier-fix 
Approved by esbena
 2020-02-19 10:12:13 +00:00
Mathias Vorreiter Pedersen 59a19679ea C++/C#: Sync identical files after merge 2020-02-19 11:06:00 +01:00
Mathias Vorreiter Pedersen bbcc1e1c37 Merge branch 'master' into sync-ir-valuenumbering-internals 2020-02-19 10:43:48 +01:00
Mathias Vorreiter Pedersen 3a05a82c1d C++: Accept output 2020-02-19 10:35:03 +01:00
Asger Feldthaus 77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Mathias Vorreiter Pedersen 246ef694f6 Merge branch 'master' into gvn-use-impl 2020-02-19 10:29:46 +01:00
Erik Krogh Kristensen 344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer 4346691cdc JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser. 2020-02-19 08:26:14 +00:00
Rebecca Valentine 9e3ed214d0
Python: ObjectAPI to ValueAPI: Foresight Additions (#2819) 
* Adds the...Type() predicates as foresight modernizations.

* Removes predicates that are not currently ported/portable

* Adds range types

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Update python/ql/src/semmle/python/objects/ObjectAPI.qll

Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

* Swaps xType for just x, at least when it's new

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-02-18 21:29:20 -08:00
Rebecca Valentine 810efef9de Adds python3 test 2020-02-18 15:02:47 -08:00
Rebecca Valentine e55f01d905 Adds new UseofApply test case and results to the Python2 tests dir 2020-02-18 12:12:25 -08:00
Erik Krogh Kristensen 73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Rebecca Valentine d0617ef7bc Autoformat 2020-02-18 09:00:31 -08:00
Mathias Vorreiter Pedersen cc4c780573
Merge pull request #2860 from jbj/isInCycle-neighbors 
C++: Manual magic for `isInCycle`
 2020-02-18 17:41:19 +01:00
Robert Marsh aaf6926c34
Merge pull request #2851 from jbj/ir-enable-only 
C++: Use IR for security.TaintTracking and GVN
 2020-02-18 11:37:34 -05:00
Taus ffbb5d0529
Merge pull request #2739 from RasmusWL/python-modernise-security 
Python: modernise Security/ queries
 2020-02-18 16:28:53 +01:00
Calum Grant c3b88210aa C#: Add runtime idenfitiers to project files. 2020-02-18 11:52:41 +00:00
Mathias Vorreiter Pedersen 4cad5549ee C++: Directly import AST GVN module in tests 2020-02-18 12:21:14 +01:00
Erik Krogh Kristensen e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen abe7aeef7c
Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Jonas Jensen 0d239e8bd2 C++: Manual magic for `isInCycle` 
The `isInCycle` predicate would take a long time on Wireshark with 6GB
RAM, sometimes OOMing in the fastTC HOP. Analyzing wireshark with 6GB is
important because that's the standard configuration on our Jenkins
workers. With this commit, I can analyze Wireshark with 6GB on my
laptop.

The `getNonPhiOperandDef` predicate on Wireshark is 34M tuples, while
`getDefIfHasNeighbors` is 11M tuples, and the TC of
`getDefIfHasNeighbors` is 23M tuples (487 MB).
 2020-02-18 08:33:43 +01:00
Rebecca Valentine 4178002d59 Merge branch 'master' into python-objectapi-to-valueapi-useofapply 2020-02-17 17:20:00 -08:00
Esben Sparre Andreasen e8938fb466 JS: introduce RegExpSequence::nextElement and previousElement 2020-02-17 23:20:25 +01:00
Rebecca Valentine c36c0aeb88 Fixes renaming bug 2020-02-17 12:09:01 -08:00
Rebecca Valentine 13cd8d2435 Fixes expected results bug 2020-02-17 11:47:03 -08:00
Rebecca Valentine a2c1d5ff45 Moves to higher level API 2020-02-17 11:46:53 -08:00
Rebecca Valentine c5986c52d3 Renames typeErrorType to typeError 2020-02-17 11:28:39 -08:00
Tom Hvitved a695b567ec Data flow: Sync files 2020-02-17 19:39:52 +01:00
Tom Hvitved 3a4f52315c Data flow: Track simple call contexts in `nodeCand[Fwd]1` 2020-02-17 19:37:35 +01:00
semmle-qlci ecad925101
Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
yo-h d3b1729864
Merge pull request #2793 from aschackmull/java/format-taint-step 
Java: Add String.format as default taint step.
 2020-02-17 12:50:12 -05:00
Alexander Eyers-Taylor c685b348c3
Merge pull request #2837 from jf205/monotonic-aggregates 
docs: expand QL book entry on monotonic aggregates
 2020-02-17 17:05:54 +00:00
james d5ff8f2b8e docs: technical feedback 2020-02-17 16:20:31 +00:00
Tom Hvitved 0e7838aca5 Data flow: Sync files 2020-02-17 15:08:26 +01:00
Tom Hvitved c7aa31d90a Address review comments 2020-02-17 15:07:53 +01:00
Erik Krogh Kristensen 56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
Anders Schack-Mulligen cabe627d1e Java: Fix qldoc. 2020-02-17 14:44:12 +01:00
Erik Krogh Kristensen 2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00