hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

210 Commits

Author SHA1 Message Date
Robert Marsh
fd88f7a3ce Merge pull request #1884 from jbj/dataflow-addressof 
C++: Data flow through address-of operator (&)
 2019-09-19 09:15:43 -07:00
semmle-qlci
6f2e485ace Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible 
Approved by esben-semmle
 2019-09-19 12:45:45 +01:00
Erik Krogh Kristensen
3ef187f7f2 Add external/cwe/cwe-834 tag in change notes for js/loop-bound-injectoin 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-19 11:30:15 +02:00
Esben Sparre Andreasen
b631bfc8eb Merge branch 'master' into node-js-classification 2019-09-19 09:42:26 +02:00
semmle-qlci
57a6c0c20d Merge pull request #1918 from esben-semmle/js/improve-getAResponseDataNode 
Approved by asger-semmle
 2019-09-18 14:03:45 +01:00
semmle-qlci
479fca9e30 Merge pull request #1946 from xiemaisi/js/top-level-await 
Approved by asger-semmle
 2019-09-18 12:32:09 +01:00
Max Schaefer
3970ead7ab JavaScript: Add support for rate-limiter-flexible package. 2019-09-18 12:25:33 +01:00
Max Schaefer
9ff5c7007a JavaScript: Add support for top-level await. 2019-09-18 09:56:21 +01:00
Esben Sparre Andreasen
ac6554b7da Merge branch 'master' into js/improve-getAResponseDataNode 2019-09-17 13:18:41 +02:00
Jonas Jensen
fd6d06fe6f C++: Data flow through address-of operator (&) 
The data flow library conflates pointers and their objects in some
places but not others. For example, a member function call `x.f()` will
cause flow from `x` of type `T` to `this` of type `T*` inside `f`. It
might be ideal to avoid that conflation, but that's not realistic
without using the IR.

We've had good experience in the taint tracking library with conflating
pointers and objects, and it improves results for field flow, so perhaps
it's time to try it out for all data flow.
 2019-09-17 13:16:34 +02:00
Asger F
f8eff06aa1 JS: Change note 2019-09-17 11:20:39 +01:00
Esben Sparre Andreasen
c9d31e90fe JS: add change notes 2019-09-16 10:11:43 +02:00
Erik Krogh Kristensen
3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen
17a71a97c5 add loop-bound-injection to change-notes 2019-09-12 15:28:14 +01:00
Calum Grant
e330d5a6c6 Merge pull request #1549 from hvitved/csharp/cfg/loop-unrolling 
C#: Loop unrolling for `foreach` statements
 2019-09-12 10:24:26 +01:00
semmle-qlci
72db219c13 Merge pull request #1910 from xiemaisi/js/unused-index-variable 
Approved by esben-semmle, shati-semmle
 2019-09-11 14:33:32 +01:00
Max Schaefer
500cde68c3 JavaScript: Add new query UnusedIndexVariable. 2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen
086c473c18 JS: sharpen js/http-to-file-access 2019-09-11 12:05:33 +02:00
semmle-qlci
16c95d8c5e Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting 
Approved by xiemaisi
 2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00
Asger F
194a1c3530 JS: Change note 2019-09-09 15:42:43 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
semmle-qlci
89cba089b4 Merge pull request #1892 from asger-semmle/event-handler-sink 
Approved by esben-semmle
 2019-09-09 15:33:21 +01:00
Asger F
b6690bb644 JS: Add change note 2019-09-09 12:45:03 +01:00
Calum Grant
3734552081 C#: Add change note for datetime queries. 2019-09-06 16:45:02 +01:00
Asger F
dfd18a51ee JS: Change note 2019-09-06 16:03:16 +01:00
Robert Marsh
94c625f03f Merge pull request #1777 from jbj/ast-field-flow-defbyref 
C++: Don't use definitionByReference for data flow
 2019-09-05 10:23:28 -07:00
semmle-qlci
fd2e8486e4 Merge pull request #1862 from asger-semmle/prototype-pollution-angular-merge 
Approved by esben-semmle
 2019-09-05 12:50:58 +01:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Jonas Jensen
114c2fe0d4 Merge remote-tracking branch 'upstream/master' into ast-field-flow-defbyref 2019-09-05 09:33:45 +02:00
Robert Marsh
a3290503ec Merge pull request #1806 from jbj/localExprFlow 
C++: Add localExprFlow and localExprTaint
 2019-09-04 10:38:46 -07:00
Asger F
93a3f571ec JS: Add change note 2019-09-04 16:14:51 +01:00
Jonas Jensen
cdcc716675 Merge pull request #1867 from geoffw0/erafix9 
CPP: Add date to JapaneseEraDate.ql
 2019-09-04 13:16:04 +02:00
Jonas Jensen
3ba650911c Merge pull request #1847 from geoffw0/erafix8 
CPP: Deal with two very similar Japanese era queries
 2019-09-04 09:57:10 +02:00
Geoffrey White
84112d3630 CPP: Change note. 2019-09-03 18:30:24 +01:00
semmle-qlci
6778f28424 Merge pull request #1854 from asger-semmle/prototype-pollution-precision 
Approved by esben-semmle, xiemaisi
 2019-09-03 10:50:24 +01:00
Jonas Jensen
d7681bf122 C++: Don't use definitionByReference for data flow 
The data flow library conflates pointers and objects enough for the
`definitionByReference` predicate to be too strict in some cases. It was
too permissive in other cases that are now (or will be) handled better
by field flow.

See also the change note entry.
 2019-09-03 11:49:01 +02:00
Tom Hvitved
4b32ee77e6 C#: Add change note 2019-09-03 09:35:58 +02:00
Asger F
c71a66a045 JS: Add change note 2019-09-02 11:05:07 +01:00
Max Schaefer
91e46cd6fd JavaScript: Fix parsing of asynchronous generator methods. 2019-09-02 09:56:42 +01:00
semmle-qlci
6d55d1f7c0 Merge pull request #1707 from asger-semmle/canonical-name-call-graph 
Approved by xiemaisi
 2019-09-02 09:45:24 +01:00
Max Schaefer
742c9708a9 Merge pull request #1828 from asger-semmle/jsdoc-relation 
JS: Make getDocumentation handle chain assignments
 2019-09-02 08:43:40 +01:00
Jonas Jensen
63311739a5 C++: Add localExprFlow and localExprTaint 
This is for ODASA-8053.
 2019-09-02 09:29:10 +02:00
yh-semmle
f54545522e Merge pull request #1759 from aschackmull/java/flow-exploration 
Java/C++/C#: Add support for dataflow exploration by partial paths.
 2019-08-30 17:00:17 -04:00
Asger F
45941869ad JS: Change note 2019-08-30 18:25:39 +01:00
Asger F
9533ca0926 JS: Change note 2019-08-30 18:19:49 +01:00
Asger F
3186942906 JS: Add change note 2019-08-30 16:05:13 +01:00
semmle-qlci
a97aefe0c3 Merge pull request #1835 from xiemaisi/js/dom-fixes 
Approved by asger-semmle
 2019-08-30 14:45:06 +01:00
Taus
a2841b4245 Merge pull request #1763 from markshannon/python-cwe-312 
Python: Two new queries for CWE-312.
 2019-08-30 15:28:56 +02:00