hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,481 Commits 1,671 Branches 157 Tags
aibaars/rust-extract-libs
Commit Graph

79481 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
2b5684d1b9 JavaScript: Add library for HTML sanitizers 2018-08-10 12:27:39 +01:00
semmle-qlci
bbee9a860b Merge pull request #38 from jbj/ir-Instruction-hasUse 
Approved by dave-bartolomeo
 2018-08-10 12:03:26 +01:00
Max Schaefer
acbe7542cc Merge pull request #44 from asger-semmle/extend-change-note 
JavaScript: Add change note for Extend.qll
 2018-08-10 11:14:48 +01:00
Pavel Avgustinov
f1d42ed01c Merge pull request #45 from nickrolfe/codeowners 
add CODEOWNERS file
 2018-08-10 10:17:08 +01:00
Nick Rolfe
d2d6389266 add CODEOWNERS file 2018-08-10 10:08:46 +01:00
Asger Feldthaus
9a7da817b4 Add change note for Extend.qll 2018-08-10 09:56:35 +01:00
Julian Tibble
98e866e967 C++, JS: fix broken links in query help 2018-08-10 08:40:22 +01:00
Max Schaefer
18fd386bb4 Merge pull request #39 from asger-semmle/nodejslib-imports 
JavaScript: Use 'moduleMember' in NodeJSLib.qll for ES6-compatibility
 2018-08-10 08:21:01 +01:00
Max Schaefer
33af6b8131 Merge pull request #33 from jbj/lgtm-suites-submodule 
C++: Move LGTM suites to submodule
 2018-08-10 08:13:08 +01:00
Jonas Jensen
c92111d552 C++: Accept test changes: IR sanity query added 2018-08-10 09:04:52 +02:00
Robert Marsh
31819be32d C++: add security tags to some format queries 2018-08-09 13:31:29 -07:00
semmle-qlci
2b5a562ecd Merge pull request #37 from tibbes/cs/test-class-naming 
Approved by hvitved
 2018-08-09 17:30:39 +01:00
Asger F
b00938e9b3 Make NodeJSLib use moduleMember for ES6-compatibility 2018-08-09 15:10:21 +01:00
Jonas Jensen
961a7dcf15 C++ IR: Remove Instruction.hasUse predicate 
Now that it's been simplified to be the same as `getOperand`, it doesn't
seem to have a purpose.
 2018-08-09 15:36:52 +02:00
Jonas Jensen
8c06a68835 C++ IR: Remove redundant check for same function 
The check that an instruction is in the same function as its operands is
hopefully redundant and can be removed. Just to be sure, I've added the
check to a sanity query.

This check turned out to cause bad performance in the alias analysis
because it got inlined into `AliasAnalysis::resultEscapes` and then
pulled out to a loop-invariant predicate that got a bad join order. With
this check removed, the `ssa/AliasAnalysis.qll` file is orders of
magnitude faster.
 2018-08-09 15:36:52 +02:00
Max Schaefer
e32dc08cd0 Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Jonas Jensen
5c4292932f C++: Move LGTM suites to submodule 
This follows what's been done for JavaScript. The `cpp-alerts-lgtm`
suite is now empty and will be auto-generated when building a dist.

This commit has no effect in itself, but these files need to be in place
when the corresponding changes are made in Semmle/code.
 2018-08-09 10:35:05 +02:00
Max Schaefer
badb167962 Merge pull request #35 from esben-semmle/js/classify-application-insight 
JS: classify the ApplicationInsights library instance
 2018-08-09 08:12:12 +01:00
Julian Tibble
bb9ce0e1fd C#: fix inconsistent type/constructor name 
The code sample for the self-assignment query help had a different name
for the class and it's (intended) constructor, so was invalid.
 2018-08-08 22:42:06 +01:00
Robert Marsh
bf39674761 C++: remove accidental blank line 2018-08-08 14:17:35 -07:00
Robert Marsh
f280de7ae3 C++: add security tags to more queries 2018-08-08 13:55:36 -07:00
Max Schaefer
0de9eed71c Merge pull request #32 from asger-semmle/export-import-flow 
TypeScript: bugfixes for import-assign statement
 2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen
2589cf70c9 JS: classify the ApplicationInsights library instance 2018-08-08 15:39:22 +02:00
Max Schaefer
355302eac4 Merge pull request #29 from esben-semmle/js/fixup-angularjs-filter-argument-index 
JS: fix an off-by-one error in the AngularJS expression AST
 2018-08-08 14:03:55 +01:00
Max Schaefer
854dc0cbeb Merge pull request #28 from esben-semmle/js/whitelist-empty-functions 
JS: permit some calls with spurious arguments to empty functions
 2018-08-08 14:03:18 +01:00
Asger F
94bac1253d TypeScript: bugfixes for import-assign statement 2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen
8ee943f264 JS: restrict alert location to a single line 2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen
e1947f04df JS: change alert location for js/incomplete-object-initialization 2018-08-08 10:43:52 +02:00
Jonas Jensen
dab45c527e C++: cpp/incomplete-parity-check: medium precision 
As reported in CPP-236, this query has false positives on signed
integers that cannot be negative. It could possibly be improved with a
local range analysis, but the query would most likely still have so many
false positives that we would have to lower its precision.

Under our current policy, this change will make the query hidden by
default on LGTM.
 2018-08-08 10:14:45 +02:00
Esben Sparre Andreasen
4e98ce21b4 JS: permit some calls with spurious arguments to empty functions 2018-08-08 10:13:02 +02:00
Max Schaefer
1a5585c83c Merge pull request #21 from esben-semmle/js/urilibraries-members 
JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember`
 2018-08-08 09:08:04 +01:00
Esben Sparre Andreasen
343b922c29 JS: fix an off-by-one error in the AngularJS expression AST 2018-08-08 09:58:57 +02:00
semmle-qlci
6fc36f6621 Merge pull request #6 from hvitved/csharp/query/constant-condition 
Approved by calumgrant
 2018-08-08 06:45:07 +01:00
Jonas Jensen
7e2338260c Merge pull request #27 from rdmarsh2/rdmarsh/cpp/change-notes 
C++/Doc: remove change notes from a migrated PR
 2018-08-07 20:04:11 +02:00
Jonas Jensen
a201fe688f Merge pull request #22 from rdmarsh2/rdmarsh/cpp/use-in-own-initializer-macro 
C++: handle more macros in UseInOwnInitializer
 2018-08-07 20:03:01 +02:00
Robert Marsh
bad9c9acb6 C++/Doc: remove change notes from a migrated PR 2018-08-07 10:36:20 -07:00
semmle-qlci
4d97570a1a Merge pull request #17 from xiemaisi/js/rename-unused-var 
Approved by esben-semmle
 2018-08-07 15:01:37 +01:00
semmle-qlci
87f9ecb442 Merge pull request #25 from nickrolfe/options 
Approved by jonas-semmle
 2018-08-07 13:06:18 +01:00
Pavel Avgustinov
a0df3628db Merge pull request #26 from sjvs/code-of-conduct 
Introduce code of conduct
 2018-08-07 12:23:12 +01:00
Bas van Schaik
9c4b9ef4f0 Introduce code of conduct 2018-08-07 12:19:02 +01:00
Esben Sparre Andreasen
3b00b9b8da JS: refactor UriLibraries.qll models to use DataFlow::moduleMember 2018-08-07 12:58:09 +02:00
Nick Rolfe
3444fb7b88 C++: remove all uses of deprecated 'extractor_flags' 2018-08-07 09:48:27 +01:00
semmle-qlci
6533ddfeaf Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters 
Approved by xiemaisi
 2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen
c06edd3745 Merge pull request #15 from xiemaisi/js/call-graph-data-flow 
JavaScript: Lift call graph library to data flow graph.
 2018-08-07 07:56:08 +02:00
Tom Hvitved
3ccd582d17 Merge pull request #9 from calumgrant/cs/undeprecated-metric-queries 
C#: Add @ids for metric queries
 2018-08-06 22:55:39 +02:00
Tom Hvitved
579d64cdd6 C#: Add change note 2018-08-06 13:46:00 -07:00
Tom Hvitved
323709b5ad C#: Generalize cs/constant-condition 2018-08-06 13:45:23 -07:00
Tom Hvitved
f7a515c8e9 C#: Prune CFG for obviously impossible nullness/matching edges 2018-08-06 13:45:23 -07:00
Tom Hvitved
9a1e148e85 C#: Various minor CFG bug fixes 2018-08-06 13:45:23 -07:00