codeql

mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	078b6a8df2	autoformat	2020-07-03 00:21:55 +02:00
Erik Krogh Kristensen	261821b32c	Merge remote-tracking branch 'upstream/master' into queryStuff	2020-07-02 16:08:05 +02:00
semmle-qlci	b5c8f2238b	Merge pull request #3805 from esbena/js/seal-freeze-flow Approved by asgerf	2020-07-02 13:54:54 +01:00
Erik Krogh Kristensen	2b0a091921	split out type-tracking into two predicates, to avoid catastrophic join-order	2020-07-02 14:28:28 +02:00
Taus	eecc3ca5dd	Merge pull request #3503 from RasmusWL/python-fix-django-taint-sinks Python: Fix django taint sinks	2020-07-02 13:32:35 +02:00
semmle-qlci	97128b1475	Merge pull request #3829 from asger-semmle/js/xss-substr Approved by erik-krogh	2020-07-02 11:58:32 +01:00
Tom Hvitved	d01904d404	Merge pull request #3846 from hvitved/csharp/autobuilder-refactor C#: Factor C++ parts out of autobuilder	2020-07-02 12:02:04 +02:00
Rasmus Wriedt Larsen	67be45f045	Merge branch 'master' into python-fix-django-taint-sinks	2020-07-02 11:55:42 +02:00
Rasmus Wriedt Larsen	9a82927187	Python: Autoformat	2020-07-02 11:54:41 +02:00
Rasmus Wriedt Larsen	a947d151e5	Python: Django changes now backwards compatible deprecation	2020-07-02 11:53:25 +02:00
Rasmus Wriedt Larsen	4a7bfbe091	Python: Use .matches instead of .indexOf() = 0	2020-07-02 11:43:23 +02:00
Anders Schack-Mulligen	50fee5c4a1	Merge pull request #3817 from Marcono1234/patch-1 Fix outdated query console link	2020-07-02 11:41:19 +02:00
semmle-qlci	0bf1f75274	Merge pull request #3850 from aschackmull/dataflow/doc Approved by hvitved	2020-07-02 09:04:35 +01:00
semmle-qlci	bfb734e1d7	Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 Approved by erik-krogh	2020-07-02 08:30:45 +01:00
Anders Schack-Mulligen	c78427569e	Update docs/ql-libraries/dataflow/dataflow.md Co-authored-by: Tom Hvitved <hvitved@github.com>	2020-07-02 09:24:33 +02:00
Jonas Jensen	2bd84a3a5e	Merge pull request #3865 from geoffw0/bufferwrite-fixup C++: 'modelling' -> 'modeling' part 2.	2020-07-02 08:37:19 +02:00
Jonas Jensen	62a656de0f	Merge pull request #3860 from dbartol/codeql-c-analysis-team/40/2 C++: QLDoc cleanup	2020-07-02 08:32:44 +02:00
semmle-qlci	45ef3ec4a8	Merge pull request #3619 from erik-krogh/CWE022-Correctness Approved by asgerf	2020-07-01 20:07:58 +01:00
Tom Hvitved	398a95c65f	C#: Remove unused field	2020-07-01 20:06:46 +02:00
Tom Hvitved	498ee9b5f5	C#: Factor C++ parts out of autobuilder	2020-07-01 20:06:46 +02:00
Geoffrey White	a260df9035	C++: 'modelling' -> 'modeling'.	2020-07-01 17:49:22 +01:00
Mathias Vorreiter Pedersen	bb9c8881d6	Merge pull request #3786 from geoffw0/bufferwritecleanup C++: Clean up BufferWrite.qll	2020-07-01 18:33:26 +02:00
Dave Bartolomeo	f0215d1748	C++: Fix typo	2020-07-01 11:57:56 -04:00
Geoffrey White	8d8e47dc29	C++: QLDoc other straightforward model implementations.	2020-07-01 16:25:24 +01:00
Geoffrey White	e39c115746	C++: QLDoc Strcpy (as demanded by the tests).	2020-07-01 16:23:50 +01:00
semmle-qlci	66a6fe7317	Merge pull request #3853 from max-schaefer/js/canonical-names Approved by asgerf	2020-07-01 16:08:59 +01:00
Dave Bartolomeo	566d7fad63	C++: Autoformat some more	2020-07-01 10:14:35 -04:00
Shati Patel	6429fe48aa	Merge pull request #3862 from shati-patel/shati-patel-patch-1 Small terminology update	2020-07-01 14:58:50 +01:00
Max Schaefer	a6d8073987	JavaScript: Make `getADefinition` and `getAnAccess` available on all `CanonicalName`s.	2020-07-01 14:42:03 +01:00
Esben Sparre Andreasen	3ca6031ae5	JS: rename predicate	2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen	75451e349a	JS: teach the dataflow library identity functions Object.freeze/seal	2020-07-01 15:27:28 +02:00
Esben Sparre Andreasen	33c52761d4	JS: more dataflow and global access path testing	2020-07-01 15:26:25 +02:00
Anders Schack-Mulligen	20aed81476	Merge pull request #3863 from intrigus-lgtm/patch-2 Fix typo, add Oxford comma	2020-07-01 15:01:49 +02:00
intrigus-lgtm	cabd275baa	Fix typo, add Oxford comma	2020-07-01 14:49:09 +02:00
Anders Schack-Mulligen	4aac70d3da	Dataflow: update doc based on review.	2020-07-01 14:45:49 +02:00
Shati Patel	5af5f40ae1	Small terminology update	2020-07-01 13:41:50 +01:00
Anders Schack-Mulligen	7d057598d8	Merge pull request #3857 from jbj/flowthrough-bigstep-perf C++: Remove big-step relation in flow-through code	2020-07-01 14:23:23 +02:00
Jonas Jensen	50cd759718	Merge pull request #3733 from geoffw0/models5 C++: Constructor and assignment models	2020-07-01 13:58:27 +02:00
Erik Krogh Kristensen	3157cd724d	add noSQL tests for type-tracking req.query	2020-07-01 11:45:09 +02:00
Erik Krogh Kristensen	bace2994c3	add test for type-tracking req.params	2020-07-01 11:38:54 +02:00
Anders Schack-Mulligen	38b73ff684	Merge pull request #3854 from hvitved/dataflow/node-type-interface Data flow: Replace `getErasedRepr()` and `Node::getTypeBound()` with `getNodeType()`	2020-07-01 11:37:19 +02:00
Erik Krogh Kristensen	8227010463	also use new type-tracking in isUserControlledObject	2020-07-01 11:32:51 +02:00
semmle-qlci	ef109d91ed	Merge pull request #3842 from hvitved/csharp/dataflow/remove-viable-impl Approved by aschackmull	2020-07-01 08:14:57 +01:00
Tom Hvitved	ed2077b2f4	Merge pull request #3841 from gavinl/master QHELP: Encryption using ECB.qhelp grammar	2020-07-01 08:45:35 +02:00
Dave Bartolomeo	10bbd566d4	C++: Autoformat	2020-07-01 02:28:53 -04:00
Robert Marsh	e9777913a3	Merge pull request #3856 from geoffw0/qldoc5follow C++: Make getSecureAlgorithmRegex() work as expected.	2020-06-30 16:17:37 -07:00
Dave Bartolomeo	6592f8c1bb	C++: QLDoc cleanup This PR just fixes a few bits of PR feedback from my previous QLDoc PR.	2020-06-30 17:33:52 -04:00
Jonas Jensen	cff0f48d34	C++: Work around join-order issue in flow-through In this non-linear recursion, a `#prev` relation was joined earlier than the `#prev_delta` relation. As a result, each iteration of the predicate processes every tuple from previous iterations. This quadratic behavior caused severe slowdowns on oneapi-src/oneDNN.	2020-06-30 21:12:57 +02:00
Jonas Jensen	17beb2d867	C++: Remove big-step relation in flow-through code This relation was originally introduced to improve performance but may no longer be necessary. The `localFlowStepPlus` predicate had an explosion of tuples on oneapi-src/oneDNN for C++.	2020-06-30 21:06:45 +02:00
Geoffrey White	8bdcc47a50	C++: Add a test.	2020-06-30 17:46:08 +01:00

1 2 3 4 5 ...

14112 Commits