github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
71 965 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

71965 Коммитов

Автор SHA1 Сообщение Дата
Esben Sparre Andreasen 0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen b4952e7bfd JS: improve and expose SensitiveActions::HeuristicNames 2018-08-20 08:27:42 +02:00
Esben Sparre Andreasen 804c06bd59 JS: add models of logging frameworks 2018-08-20 08:27:42 +02:00
Dave Bartolomeo d975964674
Merge pull request #70 from hvitved/csharp/graph-tests 
C#: Do not use `@kind graph` in ql tests
 2018-08-18 10:04:07 -07:00
Dave Bartolomeo 332e944c16 C++: Remove `ConvertToVoid`, replace with `Convert` 2018-08-18 10:01:12 -07:00
Dave Bartolomeo 650539dbb6 C++: IR sanity query `unnecessaryPhiInstruction` 
Have `Instruction.getResultSize()` return zero for `void`.
 2018-08-17 15:37:19 -07:00
Denis Levin 276deee68c Added comments to the test file. Fixed a typo. 2018-08-17 10:50:52 -07:00
Robert Marsh aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Robert Marsh 4698d13a0d JavaScript: add change note 2018-08-17 10:16:51 -07:00
Robert Marsh 4da9d6d795 JavaScript: add support for Electron http client 2018-08-17 10:16:51 -07:00
calumgrant c2ad56adce
Fix table format 2018-08-17 18:15:02 +01:00
calum 2a66585028 Address some review comments, apart from the bullet format. 2018-08-17 18:12:08 +01:00
Tom Hvitved 0edd0057fc C#: Do not use `@kind graph` in ql tests 2018-08-17 17:55:13 +02:00
Asger F 7f77acf5f6 TypeScript: add change note 2018-08-17 14:48:53 +01:00
Asger F 3806e4b1aa JavaScript: add tests for "import" types 2018-08-17 14:26:32 +01:00
Asger F c902a4e880 TypeScript: add classes for "import" types 2018-08-17 14:26:32 +01:00
Asger F 875b6d0155 TypeScript: add "import" types to dbscheme 2018-08-17 14:26:32 +01:00
Asger F 4dc1462b6b JavaScript: fix performance issue in ServerSideUrlRedirect.qll 2018-08-17 14:02:19 +01:00
Dave Bartolomeo f4a060099b C++: Handle casts to `void` in IR 
Casts to `void` did not have a semantic conversion type in the AST, so they also weren't getting generated correctly in the IR. I've added a `VoidConversion` class to the AST, along with tests. I've also added IR translation for such conversions, using a new `ConvertToVoid` opcode. I'm not sure if it's really necessary to generate an instruction to represent this, but it may be useful for detecting values that are explicitly unused (e.g. return value from a call).

I added two new sanity queries for the IR to detect the following:
- IR blocks with no successors, which usually indicates bad IR translation
- Phi instruction without an operand for one of the predecessor blocks.

These sanity queries found another subtle IR translation bug. If an expression that is normally translated as a condition (e.g. `&&`, `||`, or parens in certain contexts) has a constant value, we were not creating a `TranslatedExpr` for the expression at all. I changed it to always treat a constant condition as a non-condition expression.
 2018-08-17 01:44:54 -07:00
Robert Marsh bea298fcab
Merge pull request #65 from dave-bartolomeo/dave/Graph 
C++: Make IR dump and AST dump tests use the official graph query format
 2018-08-16 17:33:30 -07:00
Denis Levin 2a46a26d9e Update addressing review comments 2018-08-16 17:29:04 -07:00
semmle-qlci 83c539ace6
Merge pull request #54 from denislevin/denisl/cs/ZipSlip 
Approved by calumgrant
 2018-08-16 20:01:53 +01:00
Dave Bartolomeo 3ebb7938f6 C++: Make IR dump and AST dump tests use the official graph query format 2018-08-16 10:14:56 -07:00
calum 68d8b66a1f Minor edits. 2018-08-16 14:01:31 +01:00
calum 72e690764e Add the QL Style Guide. 2018-08-16 13:23:01 +01:00
ian-semmle 692f416143
Merge pull request #40 from nickrolfe/dependent_template_alias 
C++: dependent template alias
 2018-08-15 17:41:24 +01:00
Geoffrey White fdfbfb365f
Merge pull request #62 from ian-semmle/302_1_test 
C++: Improve the JSF 3.02 rule 1 message, and add a test
 2018-08-15 17:22:33 +01:00
semmle-qlci 63180d484b
Merge pull request #60 from pavgust/imp/c-wrapped-functions 
Approved by dave-bartolomeo, jbj
 2018-08-15 16:44:27 +01:00
Ian Lynagh d2b4265b73 C++: Improve the JSF 3.02 rule 1 message, and add a test 2018-08-15 15:26:18 +01:00
Jonas Jensen 6225fcf2b8
Merge pull request #12 from pavgust/imp/c-locations 
Simplify C locations handling
 2018-08-15 16:14:31 +02:00
semmle-qlci 6132b2c419
Merge pull request #34 from esben-semmle/js/twitter_text-library 
Approved by xiemaisi
 2018-08-15 14:45:52 +01:00
ian-semmle 6e7b3ad90c
Merge pull request #61 from Semmle/cpp-CODEOWNERS 
Remove @Semmle/cpp from CODEOWNERS
 2018-08-15 13:36:59 +01:00
semmle-qlci 12577f0280
Merge pull request #47 from jbj/ir-perf-blocks-etc 
Approved by dave-bartolomeo
 2018-08-15 12:53:43 +01:00
Nick Rolfe 6b6749854e
Remove @Semmle/cpp from CODEOWNERS 2018-08-15 12:32:54 +01:00
Nick Rolfe df1f51463f C++: extend test to cover template aliases 2018-08-15 10:44:51 +01:00
Nick Rolfe 5bef9f7118 C++: test for resolving specialisations dependent on template aliases 2018-08-15 10:44:51 +01:00
Geoffrey White f904aed016
Merge pull request #57 from jbj/suites-in-ql-repo 
C++: Move C/C++ suites to ql repo
 2018-08-15 10:19:08 +01:00
semmle-qlci 8e5059f43a
Merge pull request #58 from xiemaisi/js/demote-heterogeneous-comparison 
Approved by asger-semmle
 2018-08-15 09:01:24 +01:00
Max Schaefer 105b6c9d84
Merge pull request #59 from tibbes/js/fix-qhelp-typo 
JS: fix typo in qhelp (parameter type confusion)
 2018-08-15 08:36:25 +01:00
Esben Sparre Andreasen a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Denis Levin a09e7db08d Removing @precision high tag 2018-08-14 18:41:21 -07:00
Denis Levin cdc065cc38
Merge pull request #1 from calumgrant/cs/ZipSlip 
C#: Fix the unit tests for ZipSlip
 2018-08-14 18:35:48 -07:00
Pavel Avgustinov d999ada22c FunctionsWithWrappers: Simplify/tidy library. 2018-08-14 17:16:15 -07:00
Pavel Avgustinov 628edc9577 definitions.qll: Tidy up handling of type mentions 2018-08-14 16:38:57 -07:00
Pavel Avgustinov 3bc06627e1 Simplify definitions.qll for C++. 2018-08-14 16:38:56 -07:00
Pavel Avgustinov 382ae85431 Simplify location handling for C++ locations. 2018-08-14 16:38:56 -07:00
Max Schaefer 303b0a0027 JavaScript: Demote `HeterogenousComparison` to warning level. 2018-08-14 15:54:07 +01:00
Geoffrey White 031964e853
Merge pull request #30 from jbj/incomplete-parity-check-medium 
C++: Downgrade cpp/incomplete-parity-check from high to medium precision [CPP-236]
 2018-08-14 15:19:02 +01:00
semmle-qlci 8323a77a48
Merge pull request #56 from xiemaisi/js/import-globals 
Approved by asger-semmle
 2018-08-14 14:45:40 +01:00
Jonas Jensen dc22833259 C++: Factor out IRBlock.qll differences 
All three `IRBlock.qll` files are now identical again, and they are just
a thin object-oriented layer on top of the three
`IRBlockConstruction.qll` files, two of which are identical.
 2018-08-14 14:12:26 +02:00