hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 03:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,785 Commits 1,685 Branches 158 Tags
113df4ea1db03c8eafd34dad082bb0d2d77dab73
Commit Graph

8785 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
113df4ea1d Merge pull request #2278 from hvitved/csharp/autobuilder/shared-compilation 
C#: Only set `UseSharedCompilation=false` in autobuilder when needed
 2019-11-25 18:37:09 +00:00
Tom Hvitved
fede9aed04 Merge pull request #2355 from cldrn/AspNetMaxRequestLength 
CodeQL query to check for insecure MaxLengthRequest values in ASP.NET applications
 2019-11-25 17:02:22 +01:00
Tom Hvitved
07e18c88a8 C#: Address review comments 2019-11-25 16:51:09 +01:00
semmle-qlci
d58a6b02bf Merge pull request #2396 from hvitved/dataflow/erased-type-class 
Approved by aschackmull, jbj
 2019-11-25 15:22:13 +00:00
Tom Hvitved
795959ef8d C#: Update expected test output 2019-11-25 13:41:12 +01:00
Tom Hvitved
71fd5379c9 C#: Remove tabs from qhelp file 2019-11-25 13:40:44 +01:00
Rasmus Wriedt Larsen
0f91139055 Merge pull request #2419 from tausbn/python-fix-use-of-input-fp 
Python: Fix false positive for `py/use-of-input`.
 2019-11-25 12:08:39 +01:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Jonas Jensen
8f3998915b Merge pull request #2376 from geoffw0/qhelpms2 
CPP: Recommendations and examples for TlsSettingsMisconfiguration.qhelp and UseOfDeprecatedHardCodedProtocol.qhelp
 2019-11-25 08:17:32 +01:00
Rebecca Valentine
a8204385c3 Adds fix for __init_subclass__ bug. (#2390) 
* Adds fix for __init_subclass__ bug.

* Adds test case.

* Move test on name.

I think it makes more sense here, alongside the other "special" method names.
 2019-11-24 12:18:17 +01:00
Geoffrey White
cdbe920067 CPP: Remove second overview paragraph. 2019-11-22 16:22:08 +00:00
Geoffrey White
5a346c357b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-22 16:21:24 +00:00
Geoffrey White
0c07fa44a1 Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:21:05 +00:00
Geoffrey White
ac1010872b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:20:54 +00:00
Geoffrey White
e274e01432 CPP: More consistency. 2019-11-22 16:08:00 +00:00
Geoffrey White
d4f75c1c2a CPP: Consistency. 2019-11-22 16:07:59 +00:00
Geoffrey White
384cf4b233 CPP: Recommendation and example for UseOfDeprecatedHardcodedProtocol.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
8fc59ebac4 CPP: I believe these BUG labels were incorrect. 2019-11-22 16:07:59 +00:00
Geoffrey White
21d8264d80 CPP: Fix typo. 2019-11-22 16:07:59 +00:00
Geoffrey White
a1b603e73c CPP: Add the examples to the test. 2019-11-22 16:07:59 +00:00
Geoffrey White
3cd545d186 CPP: Recommendation and example for TlsSettingsMisconfiguration.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Taus Brock-Nannestad
67647bda66 Python: Fix false positive for py/use-of-input. 
Fixes #1969.

The points-to analysis does not know that the assignment `input = raw_input`
cannot fail under Python 2, and so there are two possible values that `input`
could point-to after exiting the exception handler: the built-in `input`, or the
built-in `raw_input`. In the latter case we do not want to report the alert, and
so adding a check that the given function does not point-to the built-in
`raw_input` suffices.
 2019-11-22 16:46:20 +01:00
semmle-qlci
5c3c8eb35d Merge pull request #2406 from erik-krogh/returnlessFp 
Approved by asgerf
 2019-11-22 13:06:03 +00:00
Esben Sparre Andreasen
5d34806e50 Merge pull request #2379 from asger-semmle/typescript-fixes 
TS: A bunch of TypeScript fixes
 2019-11-22 13:31:30 +01:00
Calum Grant
846600e855 Merge pull request #2410 from shati-patel/fix-heading 
C# change notes: Remove duplicated heading
 2019-11-22 11:52:53 +00:00
semmle-qlci
ec9b65ee61 Merge pull request #2369 from max-schaefer/js/odasa-8179 
Approved by esbena
 2019-11-22 11:26:54 +00:00
Rasmus Wriedt Larsen
46b6e6d722 Merge pull request #2409 from tausbn/python-typing-forward-reference-fp 
Python: Support forward references inside return type annotations.
 2019-11-22 11:18:04 +01:00
Rasmus Wriedt Larsen
536c211a73 Merge pull request #2401 from tausbn/python-fix-non-iterable-class-confusion-fp 
Python: Fix false positive in `py/non-iterator-in-for-loop`
 2019-11-22 11:15:16 +01:00
Max Schaefer
a3a46bfdc2 JavaScript: Add change note. 2019-11-22 09:27:14 +00:00
Max Schaefer
83f5b614e9 JavaScript: Switch detection of callback-based string replacement to data flow. 2019-11-22 09:24:34 +00:00
Max Schaefer
1951461f55 JavaScript: Simplify DoubleEscaping. 
Undo previous work on generalising the concept of a replacement, which did not work out.
 2019-11-22 09:24:34 +00:00
Max Schaefer
ff002a7af4 JavaScript: Whitelist more harmless incomplete escapes. 2019-11-22 09:24:34 +00:00
Max Schaefer
659cc812fe JavaScript: Rephrase two predicates to help the optimiser. 2019-11-22 09:24:34 +00:00
Max Schaefer
db3eaa23ef JavaScript: Introduce modelling of String.prototype.replace and use it in two queries. 2019-11-22 09:24:34 +00:00
Max Schaefer
f43e843b20 JavaScript: Introduce class RegExpLiteralNode. 2019-11-22 09:24:34 +00:00
Max Schaefer
12ea81af9c JavaScript: Move getAMatchedConstant(RegExpTerm) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
a5a5debdc7 JavaScript: Move getStringValue(RegExpLiteral) into the library. 2019-11-22 09:24:34 +00:00
Max Schaefer
0edb70f373 JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-11-22 09:24:34 +00:00
Max Schaefer
cb54618a5d JavaScript: Deal with (un-)escaping on captured variables. 2019-11-22 09:24:34 +00:00
Max Schaefer
61aa075e8d JavaScript: Fix regexes for escaping schemes. 2019-11-22 09:24:34 +00:00
Max Schaefer
4f899a9b0d JavaScript: Recognize string escaping using .replace with a callback. 2019-11-22 09:24:34 +00:00
Max Schaefer
5dcf55e113 JavaScript: Refactor DoubleEscaping.ql. 2019-11-22 09:24:34 +00:00
semmle-qlci
62859d140d Merge pull request #2394 from esbena/js/support-getDerivedFromError 
Approved by max-schaefer
 2019-11-22 07:45:45 +00:00
semmle-qlci
2c623372b6 Merge pull request #2405 from esbena/js/another-bind-model 
Approved by asgerf
 2019-11-22 07:35:58 +00:00
Robert Marsh
dbe885fd38 Merge pull request #1926 from jbj/ir-dataflow-toString 
C++: DataFlow::Node.toString consistency
 2019-11-21 10:20:35 -08:00
Geoffrey White
676e8a2c2e Merge pull request #2399 from jbj/ExprHasNoEffect-templates 
C++: Suppress ExprHasNoEffect on template code
 2019-11-21 18:01:41 +00:00
shati-patel
b6a05399da C# change notes: Remove duplicated heading 2019-11-21 16:08:44 +00:00
semmle-qlci
8cca9b05ea Merge pull request #2393 from max-schaefer/js/improve-incomplete-sanitization-docs 
Approved by mchammer01
 2019-11-21 16:04:19 +00:00
Asger F
ec8ced7963 TS: Fix a typos and leftover todo 2019-11-21 15:39:37 +00:00