hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

161 Commits

Author SHA1 Message Date
Calum Grant
cd41f4f415 C#: Analysis change notes. 2019-05-29 08:15:50 +01:00
semmle-qlci
5bbbd26787 Merge pull request #1372 from xiemaisi/js/fail-if-no-code 
Approved by esben-semmle
 2019-05-29 08:06:44 +01:00
Jonas Jensen
b0a7f207e4 Merge pull request #1343 from rdmarsh2/rdmarsh/cpp/getUnspecifiedType 
C++: add getUnspecifiedType() for exprs and decls
 2019-05-28 20:10:28 +01:00
Robert Marsh
b4ef532039 C++: change note for getUnspecifiedType() 2019-05-28 07:58:23 -07:00
Max Schaefer
38a38ab780 JavaScript: Make autobuilder fail if no JS/TS code was seen. 
In particular, the autobuilder will no longer succeed for projects that
contain HTML or YAML files but no JS/TS code. Further down the line,
this prevents LGTM.com from classifying such projects as "JavaScript"
projects.
 2019-05-28 14:43:59 +01:00
Asger F
1a6d09cc07 JS: Add change note 2019-05-28 12:42:59 +01:00
semmle-qlci
bd15994bb4 Merge pull request #1367 from xiemaisi/js/configuration-api-consistency 
Approved by esben-semmle
 2019-05-28 12:26:58 +01:00
semmle-qlci
9804105855 Merge pull request #1364 from asger-semmle/typescript-change-note 
Approved by esben-semmle
 2019-05-28 08:27:38 +01:00
Max Schaefer
86e96c6dc3 JavaScript: Introduce is{Barrier,Sanitizer}Edge predicate. 
This name is more intuitive than the previous binary
`is{Barrier,Sanitizer}` predicates, and is consistent with the other
languages.
 2019-05-28 08:08:14 +01:00
Tom Hvitved
641126a506 Merge pull request #1339 from calumgrant/cs/cs8/ranges 
C#: Implement C#8 features
 2019-05-25 09:28:22 +02:00
yh-semmle
87cbc7e199 Merge pull request #1344 from aschackmull/java/validatedvariable 
Java: Replace ValidatedVariable with guarded accesses.
 2019-05-24 11:23:18 -04:00
Anders Schack-Mulligen
1a9b1d5865 Java: Add change note. 2019-05-24 15:50:45 +02:00
Calum Grant
d2aea635e4 C#: Address review comments 2019-05-24 13:49:05 +01:00
Calum Grant
fe6056b0fc C#: Analysis change notes. 2019-05-24 13:49:05 +01:00
Calum Grant
b28ad9066f C#: Change notes 2019-05-24 13:49:05 +01:00
Asger F
a1399d07a4 JS: Add change note for TypeScript full extraction 2019-05-23 09:19:01 +01:00
Asger F
61ef73b0f7 JS: Add change note and deprecation member 2019-05-22 12:23:29 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
semmle-qlci
56ab013114 Merge pull request #1340 from xiemaisi/js/es2019 
Approved by asger-semmle
 2019-05-20 16:47:09 +01:00
Max Schaefer
b62be049ec JavaScript: Add change note. 2019-05-20 10:56:37 +01:00
Esben Sparre Andreasen
8256f2e736 Merge pull request #1308 from asger-semmle/exceptional-flow 
JS: Add flow through exceptions
 2019-05-17 08:33:44 +02:00
Asger F
9c1208e751 JS: Add change note 2019-05-16 17:50:10 +01:00
Asger F
b9ade67933 JS: Add change note 2019-05-16 10:56:47 +01:00
Robert Marsh
14795863e2 Merge pull request #1303 from jbj/hasQualifiedName 
C++: Fix `getQualifiedName` performance issues
 2019-05-15 12:42:57 -07:00
semmle-qlci
9653fbd4f7 Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca
893f62f334 Stylistic issue: replace \"eg\" by \"example\", as requested 2019-05-09 09:30:12 +01:00
Ellen Arteca
a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Max Schaefer
c16e9a77f3 JavaScript: Fix a few false positives in PasswordInConfigurationFile. 2019-05-08 08:26:05 +01:00
Jonas Jensen
98657ebea7 C++: Change note for hasGlobalName 2019-05-06 10:14:44 +02:00
Nick Rolfe
324e59d5fd C++: change note for new FoldExpr class 2019-05-02 11:16:21 +01:00
Jonas Jensen
399b64b9a6 C++: Enable cpp/alloca-in-loop on LGTM 
Now that the query has both tests and qhelp, we can use it on LGTM. This
commit also adds a change note.

I renamed the query to reduce confusion from the lower-case unquoted
word "alloca".
 2019-05-01 08:33:32 +02:00
Jonas Jensen
54091e87fa Merge pull request #1136 from zlaski-semmle/cpp340a 
[CPP-340] Refinements to FutileParams.ql etc.
 2019-05-01 08:21:35 +02:00
Ziemowit Laski
d14696729b [CPP-340] Fix end-of-line formatting for our change notes. 
Bring back entry accidentally deleted during previous merge.
 2019-04-29 14:05:58 -07:00
Max Schaefer
7ca5cc22d8 Merge pull request #1257 from asger-semmle/jsdoc 
JS: Add common interface between TypeExpr and JSDocTypeExpr
 2019-04-29 16:20:17 +01:00
Tom Hvitved
58babdd425 Merge pull request #1187 from calumgrant/cs/expression-null 
C#: Fix FP in cs/constant-condition
 2019-04-29 09:37:30 +02:00
semmle-qlci
52d6626547 Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Asger F
393a9fd7b0 JS: Add change notes 2019-04-26 16:56:04 +01:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Esben Sparre Andreasen
f064ba0c55 JS: change notes for newline whitelist in js/incomplete-sanitization 2019-04-23 08:38:26 +02:00
Robert Marsh
34f8653979 C++: change note for taint def-by-ref 2019-04-22 10:46:36 -07:00
yh-semmle
04954f77de Merge pull request #1262 from sb-semmle/more-spring-sources 
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
 2019-04-18 18:08:44 -04:00
Sebastian Bauersfeld
734fe542ab Update change notes. 2019-04-18 16:37:08 -04:00
Geoffrey White
56e0adf152 CPP: Change note. 2019-04-18 10:34:20 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
calum
b628060ddd C#: Address review comments. 2019-04-16 17:38:55 +01:00
calum
e16cbe0ca1 C#: Analysis change notes. 2019-04-16 16:45:49 +01:00
Max Schaefer
4c9edafef3 Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp 
JS: type tracking for js/incomplete-hostname-regexp
 2019-04-15 12:19:46 +01:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Esben Sparre Andreasen
2d66069d60 JS: change notes for js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00