codeql

mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00

Author	SHA1	Message	Date
Max Schaefer	b265ff7cdf	JavaScript: Delete stray `.expected` file.	2019-03-01 09:39:31 +00:00
semmle-qlci	bc8906ba82	Merge pull request #1009 from xiemaisi/js/reformat-extractor Approved by asger-semmle	2019-03-01 08:20:59 +00:00
Max Schaefer	8dcd8715b9	Merge pull request #889 from jcreedcmu/jcreed/tarslip JavaScript: Add new query for ZipSlip (CWE-022).	2019-03-01 08:16:35 +00:00
Jason Reed	86bbb5fb18	JS: Add ZipSlip query to security suite	2019-02-28 15:46:34 -05:00
Jason Reed	c1b218a5ff	JS: Documentation fixes	2019-02-28 15:46:19 -05:00
Jason Reed	c5e57dacf8	JS: Actually use fileName in examples	2019-02-28 15:46:14 -05:00
Jason Reed	674d2790b4	JS: Address review comments	2019-02-28 15:46:07 -05:00
Jason Reed	caebdd2f68	JS: Fix incorrect sample link	2019-02-28 15:46:00 -05:00
Jason Reed	2fc2a393b7	JS: Address review comments	2019-02-28 15:45:52 -05:00
Jason Reed	09b9a57783	JS: More efficient reasoning through pipe	2019-02-28 15:45:38 -05:00
Jason Reed	b0636dd410	JS: Better local flow through `.pipe` chaining	2019-02-28 15:45:33 -05:00
Jason Reed	23d37c7167	JS: Unbreak TaintedPath	2019-02-28 15:45:26 -05:00
Jason Reed	32d48ba98b	JS: Run auto-formatter	2019-02-28 15:45:20 -05:00
Jason Reed	abd2644af7	JS: Address review comments	2019-02-28 15:45:13 -05:00
Jason Reed	baa4f08259	JS: Add new query for ZipSlip (CWE-022)	2019-02-28 15:45:08 -05:00
Geoffrey White	28304e4fde	Merge pull request #1005 from jbj/dataflow-Node-cached C++: Cache TNode and localFlowStep	2019-02-28 17:43:14 +00:00
Taus	f91e06b5a8	Merge pull request #1002 from markshannon/python-cherrypy Python: CherryPy support	2019-02-28 18:12:20 +01:00
Asger F	8dfec58428	JS: Update test	2019-02-28 16:49:35 +00:00
Asger F	47b5f34870	JS: shift line numbers in test output	2019-02-28 16:48:47 +00:00
Asger F	2bfb015218	JS: Add closure string ops	2019-02-28 16:47:53 +00:00
Asger F	2dc7f32ca3	JS: add Express to list of updated frameworks	2019-02-28 15:28:42 +00:00
Ian Lynagh	a709a2d0f3	C++: Add Variable.isConstexpr()	2019-02-28 15:26:15 +00:00
Mark Shannon	af2680729f	Python: Fix qldoc.	2019-02-28 15:25:43 +00:00
Mark Shannon	faf9b4886d	Python: Add change note for CherryPy support.	2019-02-28 15:25:41 +00:00
Mark Shannon	2df718d632	Python: Make bottle response logic consistent with other frameworks.	2019-02-28 15:25:15 +00:00
Mark Shannon	91a1cc9f0b	Python: Add cherrypy handler function return values as taint sinks.	2019-02-28 15:25:13 +00:00
Mark Shannon	6c82be8bda	Python: CherryPy web framework support -- requests.	2019-02-28 15:24:58 +00:00
Mark Shannon	e933ba28d5	Python: Add basic support for stdlib cookie objects.	2019-02-28 15:24:36 +00:00
Geoffrey White	832a436a49	Revert "C++: Revert doc-related changes to dbscheme" This reverts commit `e81d197ebd`.	2019-02-28 14:50:49 +00:00
Geoffrey White	e55dc43111	CPP: Consistency changes suggested by Dave.	2019-02-28 14:50:49 +00:00
Geoffrey White	b1bf1b8f1c	CPP: More annotations.	2019-02-28 14:50:49 +00:00
Geoffrey White	dd271f1c93	CPP: Fix type 'diagnosstic'.	2019-02-28 14:50:49 +00:00
Geoffrey White	0c84e06234	CPP: Fix typo.	2019-02-28 14:50:49 +00:00
Geoffrey White	6398298bea	CPP: Add keyset annotations to the CPP dbscheme.	2019-02-28 14:50:49 +00:00
Taus	b8b4216352	Merge pull request #979 from markshannon/python-falcon Python: Add support for falcon web API framework.	2019-02-28 15:47:35 +01:00
Max Schaefer	c4fa29dd0f	JavaScript: Autoformat extractor sources using `google-java-format`. No special settings; command: find javascript/extractor/src -name "*.java" \| xargs java -jar /path/to/google-java-format-1.7-all-deps.jar --replace	2019-02-28 14:30:06 +00:00
Asger F	5478e0da62	Merge pull request #998 from xiemaisi/js/autobuild-file-types JavaScript: Make file types customisable in AutoBuild.	2019-02-28 15:26:35 +01:00
Max Schaefer	2ecabad553	Merge pull request #1004 from asger-semmle/suffix-check-bug JS: Recognize '+' in suffix check	2019-02-28 14:23:26 +00:00
Jonas Jensen	40f3fecb00	C++: Simplify stubs in DataFlowDispatch.qll Some of these stubs were quite slow to evaluate. It's possible they could be optimised, but it seems pointless as long as we don't have call-context-sensitive virtual dispatch in the C++ library.	2019-02-28 14:38:29 +01:00
Mark Shannon	1444b3976c	Python: Add wsgi.environment as a kind of taint, and add suuport for `env` attribute of falcon request objects.	2019-02-28 13:06:11 +00:00
Asger F	03ef167c56	JS: Treat res.end() as alias for res.send() in Express	2019-02-28 12:37:11 +00:00
semmle-qlci	edba24129d	Merge pull request #1003 from xiemaisi/js/fix-test Approved by esben-semmle	2019-02-28 12:05:44 +00:00
Jonas Jensen	264301be66	C++: Cache TNode and localFlowStep These two elements weren't cached, which meant that local data flow was recalculated in every query that used data flow. They are also cached in the Java version of `DataFlowUtil.qll`.	2019-02-28 11:41:51 +01:00
Asger F	8e8085ea1f	JS: add test	2019-02-28 10:09:36 +00:00
Max Schaefer	c8a37297f3	Merge pull request #997 from asger-semmle/closure-promise JS: model of closure Promises	2019-02-28 10:05:12 +00:00
Taus	a83f33be33	Merge pull request #1001 from markshannon/python-delete-internal-tests Python delete extractor tests. Duplicates of internal tests.	2019-02-28 11:04:52 +01:00
Max Schaefer	1b5887014b	Merge pull request #988 from asger-semmle/spread-taint-step JS: add taint step through object/array spread operators	2019-02-28 09:58:23 +00:00
Calum Grant	c945b7793c	Merge pull request #944 from hvitved/csharp/cfg/accessor-call C#: Improve CFG for assignments	2019-02-28 09:34:56 +00:00
Jonas Jensen	7afb4898e6	C++: Change note for def-by-ref data flow	2019-02-28 09:39:51 +01:00
Jonas Jensen	8e6daafd7c	C++: Add DefinitionByReferenceNode.getParameter This commits also adds a test that uses `getParameter`. The new tests demonstrate that support for array-to-pointer decay works, but we get data flow to the array rather than its contents.	2019-02-28 09:39:51 +01:00

... 524 525 526 527 528 ...

29908 Commits