hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
calum
931b6b4ee5 C#: Exclude interfaces and abstract classes from cs/call-to-object-tostring 2019-01-29 18:04:26 +00:00
Taus
83e2689645 Merge pull request #844 from markshannon/python-hide-magic-variables-in-test 
Python tests: Further hiding of special ESSA variables in tests
 2019-01-29 18:51:06 +01:00
Mark Shannon
4c0f123748 Python: switch from '*' to '$' pseudo variable to track module state. 2019-01-29 17:04:08 +00:00
Taus
08fcb984a8 Implement getACall suggestion. 2019-01-29 17:59:45 +01:00
Taus
3d7821c83a Merge pull request #820 from markshannon/python-incomplete-url-sanitize 
Python: Two new queries for URL and hostname sanitization (CWE-020).
 2019-01-29 17:48:42 +01:00
Taus Brock-Nannestad
edd4468d08 Fix tests by stubbing relevant os functions. 2019-01-29 17:27:14 +01:00
Tom Hvitved
16d3399039 C#: Teach guards library about object.GetType() 2019-01-29 16:40:36 +01:00
Tom Hvitved
87bb4a1d56 C#: Add null guard test involving GetType() 2019-01-29 16:32:13 +01:00
Taus
6f7c96db54 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-01-29 16:12:53 +01:00
Taus Brock-Nannestad
de63f01f67 Update change note. 2019-01-29 16:10:46 +01:00
Taus Brock-Nannestad
9a9d902cfb Add support for os.tempnam and os.tmpnam. 2019-01-29 16:08:32 +01:00
Mark Shannon
9820249c71 Python tests: Further hiding of special ESSA variables in tests, to ease transition from '*' to '$' variable. 2019-01-29 15:06:47 +00:00
Mark Shannon
7fe3c3d516 Merge branch 'master' into python-mutating-descriptor 2019-01-29 14:46:33 +00:00
Taus
9adb19f3a9 Merge branch 'master' into python-incomplete-url-sanitize 2019-01-29 14:17:37 +01:00
Max Schaefer
e9500e8b75 JavaScript: Update trap tests. 2019-01-29 13:01:03 +00:00
Max Schaefer
6013b918fc JavaScript: Extract tokens and comments before AST. 
This allows us to discard token/comment information sooner, thereby reducing heap pressure for very large files.
 2019-01-29 13:00:17 +00:00
Max Schaefer
aa54d67301 JavaScript: Update trap tests. 2019-01-29 12:59:42 +00:00
Max Schaefer
99a4f34b7a JavaScript: Omit numlines for functions. 2019-01-29 12:59:33 +00:00
Max Schaefer
a480c6ecaa JavaScript: Implement LoC counting for functions in QL. 2019-01-29 12:58:44 +00:00
Max Schaefer
c09c35a737 JavaScript: Update trap tests. 2019-01-29 12:58:41 +00:00
Max Schaefer
d6c3ae2fb4 JavaScript: Fix bug in extraction of next_token. 2019-01-29 12:58:32 +00:00
Max Schaefer
ea429f4fbe JavaScript: Add test case exposing bug in getNextToken. 2019-01-29 12:50:31 +00:00
Jonas Jensen
d776d9f903 Merge pull request #821 from geoffw0/query-tags-case 
CPP: Improve ArrayArgSizeMismatch.ql
 2019-01-29 03:52:52 -08:00
Asger F
9e87bf37ea JS: make higherOrderCall private 2019-01-29 11:50:46 +00:00
Asger F
60cef60c1d JS: ensure PropWrites exist for all instance members 2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen
5d5900a534 JS: change notes for improved interprocedural type inference 2019-01-29 10:21:36 +01:00
Esben Sparre Andreasen
0d1f4270d6 JS: introduce SsaVarAccessWithNonLocalAnalysis 2019-01-29 10:20:36 +01:00
Esben Sparre Andreasen
2683a9b43a JS: add testss for js/trivial-conditional 2019-01-29 10:19:03 +01:00
Max Schaefer
e2f27014b5 JavaScript: Introduce suspiciousCredentials predicate (from C# library). 2019-01-29 09:14:43 +00:00
Max Schaefer
a8dd97a2c9 JavaScript: Pull reasoning about encode/encrypt-like calls into library. 2019-01-29 09:14:23 +00:00
Max Schaefer
1fe4c44b36 JavaScript: Bring a few doc comments into line with style guide. 2019-01-29 09:13:53 +00:00
semmle-qlci
a5aee9ed0f Merge pull request #833 from esben-semmle/js/sharpen-cond 
Approved by xiemaisi
 2019-01-29 08:03:06 +00:00
Taus
1d28c63703 Merge pull request #810 from markshannon/python-hide-magic-variables 
Python hide magic variables
 2019-01-28 23:21:31 +01:00
Taus
0f5b21e392 Merge pull request #807 from markshannon/python-insecure-file-permission 
Python: Weak file permissions query.
 2019-01-28 23:21:10 +01:00
semmle-qlci
bf64fee4bd Merge pull request #790 from rdmarsh2/rdmarsh/cpp/futile-params 
Approved by semmledocs-ac
 2019-01-28 22:11:44 +00:00
Robert Marsh
9642a78bde C++: add FutileParams.ql to C++ suite 
In theory this query will produce no results on C++ code; in practice, I
suspect the "cpp" suite is often run on code compiled as C, so it is
likely to be worth running anyways.
 2019-01-28 09:40:19 -08:00
Geoffrey White
b0805f8e79 CPP: Adjust ArithmeticTainted.ql so that it can work on non-VariableAccesses. 2019-01-28 17:36:56 +00:00
Robert Marsh
54fdf9f29d C++/Docs: respond to doc comments on PR 2019-01-28 09:34:45 -08:00
Geoffrey White
f1dc538796 CPP: Add a test using strtoul in a taint query. 2019-01-28 16:59:02 +00:00
Taus
15643d1bb6 Merge pull request #814 from markshannon/python-fix-tornado-request-path 
Python: Fix tornado and twisted request attribute tracking.
 2019-01-28 17:38:34 +01:00
Calum Grant
c86e6bd6ff Merge pull request #826 from hvitved/csharp/autobuild/dotnet-install-script-cleanup 
C#: Cleanup dotnet install script after installation in autobuilder
 2019-01-28 16:33:55 +00:00
Calum Grant
eef1abfa69 Merge pull request #743 from hvitved/csharp/dataflow-splitting 
C#: Teach data flow library about CFG splitting
 2019-01-28 16:31:24 +00:00
Asger F
5815aa1e8b JS: add test case to PropWrite tests 2019-01-28 15:43:52 +00:00
Asger F
383cadb25b JS: add PropWrite for instance fields with initializer 2019-01-28 15:40:30 +00:00
Asger F
7a4af4af6d JS: add PropWrite instance for parameter fields 2019-01-28 15:40:30 +00:00
Asger F
dacde5da12 JS: restrict ClassMemberAsPropWrite to static members 2019-01-28 15:40:25 +00:00
Taus
c503ec4608 Merge pull request #806 from markshannon/python-points-to-remove-some-negation 
Python: Remove some negation from points-to, in preparation for ADT Objects.
 2019-01-28 16:25:18 +01:00
Taus
f61e7b66cc Merge pull request #835 from markshannon/python-compare-is-enum 
Python: Fix 'comparison using is' query to account for enum members.
 2019-01-28 16:22:57 +01:00
Mark Shannon
39705cf733 Python: Clarify predicate a bit. 2019-01-28 14:33:39 +00:00
Mark Shannon
6d553ae2be Python: Check os.open as well as os.chmod for weak file permissions. 2019-01-28 14:26:16 +00:00