hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5849 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
924272a7a5 insert placeholder qhelp 2020-02-20 14:35:26 +01:00
Erik Krogh Kristensen
b2ccec28e0 require the file to be non-empty 2020-02-20 14:34:50 +01:00
Erik Krogh Kristensen
b1cbfce50b use SystemCommandExecution and a few small fixes 2020-02-20 14:17:37 +01:00
Erik Krogh Kristensen
03e295ef11 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:19:32 +01:00
semmle-qlci
f6af5da7f7 Merge pull request #2778 from erik-krogh/FalsySanitizer 
Approved by asgerf
 2020-02-20 11:17:03 +00:00
Erik Krogh Kristensen
63036aa444 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74 2020-02-20 12:09:06 +01:00
semmle-qlci
8b277f7226 Merge pull request #2868 from asger-semmle/js/missing-await-void 
Approved by max-schaefer
 2020-02-20 10:56:47 +00:00
Asger Feldthaus
6448acfa88 TS: Depend on TypeScript 3.7.5 2020-02-20 10:53:17 +00:00
Erik Krogh Kristensen
12c0291dde require that an options object has a known set of properties 2020-02-20 11:35:11 +01:00
Erik Krogh Kristensen
b5ef45e6c2 add isSync predicate to SystemCommandExecution 2020-02-20 11:30:23 +01:00
Erik Krogh Kristensen
a193cb110e support arrow functions in the callbacks 2020-02-20 11:13:39 +01:00
Erik Krogh Kristensen
558beb7255 simplify the output file argument 2020-02-20 10:57:33 +01:00
semmle-qlci
091c6c063c Merge pull request #2856 from esbena/js/fix-RegExp-getPredecessor-getSuccessor 
Approved by max-schaefer
 2020-02-20 09:50:52 +00:00
Erik Krogh Kristensen
a5fdcb67f9 restricts alerts to the first line 2020-02-20 10:43:41 +01:00
Erik Krogh Kristensen
d4e73df92f remove dead predicate 2020-02-20 10:39:16 +01:00
Erik Krogh Kristensen
56f3e431f9 update expected output 2020-02-20 10:28:53 +01:00
Erik Krogh Kristensen
80962803b0 update doc for VarAccessBarrier, and make the class private 2020-02-20 10:09:32 +01:00
Erik Krogh Kristensen
2d437efdfd corrections on qldoc 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-20 09:54:11 +01:00
Asger Feldthaus
479770dc07 JS: Recognize class members in more cases 2020-02-19 17:04:41 +00:00
Erik Krogh Kristensen
bdab9ee12b change useless cat query to only flag instances that can be re-written to 2020-02-19 16:59:28 +01:00
Asger Feldthaus
77105f6572 JS: Do not flag void operands MissingAwait 2020-02-19 09:30:03 +00:00
Erik Krogh Kristensen
344060e139 accept IO redirections as OK 2020-02-19 10:12:24 +01:00
Max Schaefer
4346691cdc JavaScript: Distinguish {lo} and {lo,} in the regular expression parser. 2020-02-19 08:26:14 +00:00
Erik Krogh Kristensen
73a7d406a5 add query for useless use of cat 2020-02-18 19:18:45 +01:00
Erik Krogh Kristensen
e359e1a373 use a barrier directly instead of a barrier guard 2020-02-18 10:57:28 +01:00
Esben Sparre Andreasen
abe7aeef7c Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
Esben Sparre Andreasen
e8938fb466 JS: introduce RegExpSequence::nextElement and previousElement 2020-02-17 23:20:25 +01:00
Erik Krogh Kristensen
56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Asger Feldthaus
9249b92d85 JS: Fix typo in comment 2020-02-17 12:48:13 +00:00
Esben Sparre Andreasen
8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
b07f3d36d8 qldoc on splitPath 2020-02-17 13:17:12 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Esben Sparre Andreasen
c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen
3855268201 use RegExpCreationNode 2020-02-17 13:02:47 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Erik Krogh Kristensen
a6d644bac0 add support for path.normalize(path.realtive(...)) 2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen
94814fa721 fix typos in the test 2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen
d765a33b8d add support for "../" prefixes in sanitizer 2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen
9d61004128 remove redundant constructor on sink 2020-02-14 12:31:12 +01:00
Max Schaefer
f181111886 JavaScript: Add model of http2 compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
Erik Krogh Kristensen
3a146514ce add sanitizer for relative ".." in js/path-injection 2020-02-14 10:51:48 +01:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci
769dce511b Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen
1ab5ca4e64 typo in docstring 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-13 14:15:28 +01:00
Erik Krogh Kristensen
d6afd438ba add model for chrome-remote-interface as a ClientRequest 2020-02-13 10:58:07 +01:00
Erik Krogh Kristensen
35d8151374 add a few arrary methods to TaintedPath.qll 2020-02-11 12:23:51 +01:00