hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

29908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
56fb63adbc JS: change notes for js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen
229eea00dc JS: add query js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
semmle-qlci
3397533045 Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen
bf048e7e49 JS: change notes for persistent storage taint step and cookie models 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
45b207c21b JS: introduce models of three cookie libraries 2018-12-06 14:53:22 +01:00
Esben Sparre Andreasen
28b4a78430 JS: introduce DOM::PersistentWebStorage 2018-12-06 14:53:22 +01:00
Jonas Jensen
0a496c1d3d Merge pull request #617 from geoffw0/unusedstatic 
CPP: Fix false positives in UnusedStaticVariables.ql
 2018-12-06 14:09:52 +01:00
Taus
cb93017d98 Merge pull request #606 from markshannon/python-fix-regex-fp 
Python: Fix off-by-one error in regex parsing.
 2018-12-06 12:59:44 +01:00
Ian Lynagh
8d655c74ae C++: Follow range for statement test output changes 2018-12-06 11:12:46 +00:00
Esben Sparre Andreasen
7fb752784a JS: introduce persistent read/write pairs as a taint step 2018-12-06 10:36:10 +01:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Felicity Chapman
6a7b528280 1.19: Finalize change notes for JavaScript 2018-12-06 08:44:35 +00:00
semmle-qlci
bc91e0f53b Merge pull request #624 from Semmle/xiemaisi-patch-2 
Approved by esben-semmle
 2018-12-06 08:04:37 +00:00
Max Schaefer
305b8a6723 Merge pull request #620 from xiemaisi/js/qhelp-for-ms-queries 
JavaScript: Add query help for two externally contributed queries.
 2018-12-06 08:04:13 +00:00
Max Schaefer
75842fec1c Merge pull request #627 from samlanning/inconsistentStateExample 
JS: Fix syntax error in js/react/inconsistent-state-update example
 2018-12-06 08:03:32 +00:00
Sam Lanning
2ea148016c JS: Fix syntax error in js/react/inconsistent-state-update example 2018-12-05 16:44:40 -08:00
Dave Bartolomeo
2b80aee557 C++: Use getConvertedResultExpr in IR-based dataflow 
This sort of fixes one FP and causes a new FN, but for the wrong reasons. The IR dataflow is tracking the reference itself, rather than the referred-to object. Once we can better model indirections, we can make this work correctly.

This change is still the right thing to do, because it ensures that the dataflow is looking at actual expression being computed by the instruction.
 2018-12-05 12:34:44 -08:00
Dave Bartolomeo
e8efb32156 C++: Remove StoreDestinationAsPostUpdateNode 2018-12-05 11:33:48 -08:00
Dave Bartolomeo
65360b23f9 C++: Change model API based on feedback 
I've separated the model interface for memory side effects from the model for escaped addresses. It will be fairly common for a given model to extend both interfaces, but they are used for two different purposes.

I've also put each model interface and the non-member predicates that query it into a named module, which seemed cleaner than having predicates named `functionModelReadsMemory()` and `getFunctionModelParameterAliasBehavior()`.
 2018-12-05 10:58:46 -08:00
Taus
a8354b98d9 Merge pull request #626 from felicity-semmle/1.19/python-change-notes 
Update logging information based on 'extractor-python.md'
 2018-12-05 17:42:56 +01:00
Felicity Chapman
c735043772 Update for feedback 2018-12-05 16:36:34 +00:00
Felicity Chapman
9ef50a7876 Update logging information based on 'extractor-python.md' 2018-12-05 16:13:05 +00:00
Nick Rolfe
d577ee8849 Merge pull request #613 from ian-semmle/catch 
C++: Test output changes following CatchAny fix
 2018-12-05 16:02:43 +00:00
Ian Lynagh
7d8a8de53d C++: Test output changes following CatchAny fix 2018-12-05 15:35:54 +00:00
Max Schaefer
13a9903c21 JavaScript: Remove redundant conjunct in MixedStaticInstanceThisAccess. 
Minor cleanup, but might as well go into the release.
 2018-12-05 15:11:32 +00:00
Max Schaefer
a1f210df67 JavaScript: Address review comments. 2018-12-05 14:10:06 +00:00
calum
919d7cbf01 C#: Fix [INVALID_KEY] errors. 2018-12-05 13:55:55 +00:00
Geoffrey White
f6a87574f0 CPP: Add query ID to change note. 2018-12-05 13:55:46 +00:00
Max Schaefer
22502e7a10 JavaScript: Add query help for FileAccessToHttp query. 2018-12-05 13:12:52 +00:00
Max Schaefer
92c1e655dd JavaScript: Add query help for HttpToFileAccess query. 2018-12-05 12:58:38 +00:00
Tom Hvitved
733c7b0a8f Merge pull request #616 from felicity-semmle/1.19/c#-finalize-release-notes 
1.19: Finalize release notes for C#
 2018-12-05 11:17:19 +01:00
Aditya Sharad
7d3e637eb0 Merge pull request #618 from xiemaisi/js/fix-test-output 
JavaScript: Fix expected test output.
 2018-12-05 10:15:59 +00:00
Max Schaefer
7ee0ba36af JavaScript: Fix expected test output. 2018-12-05 10:14:25 +00:00
Geoffrey White
d0a0d2300e CPP: Change note. 2018-12-05 10:03:21 +00:00
Geoffrey White
d85f4b540c CPP: Fix false positive. 2018-12-05 10:01:54 +00:00
Geoffrey White
e7f19e97cb CPP: Add a test of UnusedStaticVariable.ql. 2018-12-05 10:01:54 +00:00
Anders Schack-Mulligen
697fd96ed7 Merge pull request #614 from felicity-semmle/1.19/java-finalize-change-notes 
1.19: Finalize change notes for Java
 2018-12-05 10:56:13 +01:00
Felicity Chapman
d3baa8917e Prepare for publication 2018-12-05 09:44:59 +00:00
Jonas Jensen
54d001e562 Merge pull request #612 from felicity-semmle/1.19/c++-finalize-release-notes 
1.19: Finalize release notes for C/C++
 2018-12-05 09:28:36 +01:00
Max Schaefer
3c00d4be6d Merge pull request #607 from esben-semmle/js/more-react-methods 
JS: model additional React component methods
 2018-12-05 08:00:16 +00:00
yh-semmle
00779c518c Merge pull request #611 from aschackmull/java/usessl-fp-fix 
Java: Fix FP in `UseSSL.ql`.
 2018-12-04 19:31:53 -05:00
Esben Sparre Andreasen
d63d838534 JS: add regression test for ODASA-7506 2018-12-04 22:22:46 +01:00
Arthur Baars
d1cc53cd36 Merge pull request #588 from adityasharad/merge/1.19-next-301118 
Merge rc/1.19 into next.
 2018-12-04 22:16:37 +01:00
Felicity Chapman
f64bfb5caf Remove template text, sort rows 2018-12-04 17:43:19 +00:00
Felicity Chapman
a144fe8a07 Update with missing ids and move one query 2018-12-04 17:40:09 +00:00
Felicity Chapman
d63b5ac1bd Updates for consistency 2018-12-04 17:34:20 +00:00
Taus
08b1431fc5 Merge pull request #600 from markshannon/python-fix-performance-refinement-edge 
Python ESSA: Fix performance of PythonSsaSourceVariable.hasRefinementEdge()
 2018-12-04 18:07:21 +01:00
Felicity Chapman
a9ad9399f5 Add a couple more missing identifiers 2018-12-04 16:55:00 +00:00
Anders Schack-Mulligen
d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Felicity Chapman
0c283c024d Split query changes into LGTM/non-LGTM queries 2018-12-04 16:43:57 +00:00