hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 14:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,135 Commits 1,711 Branches 163 Tags
376245da0631d734b5541682950f158dfa7bf0b7
Commit Graph

1135 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
376245da06 JS: introduce Expr::getUnderlyingReference 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
8fc89e2e36 JS: introduce Expr::getUnderlyingValue 2018-10-29 09:22:53 +01:00
Esben Sparre Andreasen
fbd3a097a2 JS: add misc. tests 2018-10-29 09:22:53 +01:00
semmle-qlci
cbc2d9e257 Merge pull request #361 from aschackmull/java/springweb-servlet-sources 
Approved by yh-semmle
 2018-10-26 02:06:11 +01:00
semmle-qlci
905911014d Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Max Schaefer
b880a60095 Merge pull request #363 from xiemaisi/js/destructuring-assignment-cfg 
JavaScript: Improve handling of destructuring assignments.
 2018-10-25 20:28:53 +01:00
Max Schaefer
38534a6e2f JavaScript: Address review comment. 2018-10-25 15:31:46 +01:00
Max Schaefer
34b33ca04c JavaScript: Recognise rest patterns as lvalues. 2018-10-25 15:31:46 +01:00
Max Schaefer
394d7b7a9b JavaScript: Update expected output of CFG test. 2018-10-25 15:31:46 +01:00
Max Schaefer
8402ee8374 JavaScript: Refactor getDefReachingEndOf to improve performance. 2018-10-25 15:31:46 +01:00
Max Schaefer
09ef1a719a JavaScript: Pull out auxiliary predicates to improve join order in liveAfterDef. 2018-10-25 15:31:46 +01:00
Max Schaefer
59bbd025a5 JavaScript: Pull out auxiliary predicate to improve join order in TPhi. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Pavel Avgustinov
c577f6d9f8 Merge pull request #365 from aschackmull/java/response-splitting-whitelist-cookiename 
Java: Whitelist Cookie::getName for HTTP response splitting.
 2018-10-25 13:18:03 +01:00
Anders Schack-Mulligen
8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen
1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
semmle-qlci
cfe0b8803a Merge pull request #332 from raulgarciamsft/users/raulga/c6293a 
Approved by dave-bartolomeo
 2018-10-25 00:59:35 +01:00
Raul Garcia
e1efcb0b26 Update .gitignore 2018-10-24 15:23:40 -07:00
Raul Garcia
a04eb53189 Documentation bug fix. 
Encoding the "<" character
 2018-10-24 15:22:53 -07:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Anders Schack-Mulligen
1d716ae461 Java: Add remote user input sources for Spring servlets. 2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen
263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
semmle-qlci
21ff87d6a3 Merge pull request #353 from xiemaisi/js/port-tests 
Approved by asger-semmle, esben-semmle
 2018-10-24 12:47:48 +01:00
Tom Hvitved
97904eb202 Revert "JavaScript: Patch CFG to improve support for non-top level import declarations." 
This reverts commit f05e777e64.
 2018-10-24 10:45:57 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
f103b1a371 JavaScript: Copy over a test left in internal repo. 
This test seems to have been accidentally committed into the old location in the internal repo.
 2018-10-24 08:40:54 +01:00
Jonas Jensen
7affbe4a7d Merge pull request #341 from geoffw0/av_114 
CPP: Improve AV Rule 114.ql's understanding of return types.
 2018-10-24 09:39:51 +02:00
Jonas Jensen
640de0c947 Merge pull request #304 from geoffw0/resource-released 
CPP: Fix false positive in AV Rule 79.ql
 2018-10-23 20:24:23 +02:00
semmledocs-ac
1f390f2f77 Merge pull request #326 from rdmarsh2/rdmarsh/cpp/dead-code-goto 
C++: new query for dead code after goto or break
 2018-10-23 16:55:14 +01:00
Geoffrey White
dda7069890 CPP: Look for destructors in the template. 2018-10-23 13:05:43 +01:00
Geoffrey White
76a5072c8b CPP: Change in results presumed to result from discover_walk extractor changes. 2018-10-23 13:05:43 +01:00
Geoffrey White
982fd522f1 CPP: Change note. 2018-10-23 13:05:43 +01:00
Geoffrey White
905336a625 CPP: Refine fix. 2018-10-23 13:05:42 +01:00
Geoffrey White
b861df0887 CPP: Fix issue when destructor body is missing. 2018-10-23 13:05:42 +01:00
Geoffrey White
5931a978dc CPP: Add a test of a template instantiation where the destructor is never called. 2018-10-23 13:05:42 +01:00
Geoffrey White
f20af4906b CPP: Add a test of a Shutdown / Clear method. 2018-10-23 13:05:42 +01:00
semmle-qlci
b1a463bf93 Merge pull request #349 from hvitved/csharp/extractor/no-global-json 
Approved by calumgrant
 2018-10-23 12:00:28 +01:00
Tom Hvitved
a3fafd9ad1 C#: Remove global.json 2018-10-23 11:51:27 +02:00
Aditya Sharad
c88db424fa Merge pull request #343 from geoffw0/av-35-1.18 
CPP: Fix hasXMacro performance.
 2018-10-23 10:24:16 +01:00
Max Schaefer
3522200e90 Merge pull request #342 from xiemaisi/rc/1.18-cherry-picks 
JavaScript: 1.18.1 cherry-picks
 2018-10-22 20:03:22 +01:00
Geoffrey White
de1556042a CPP: Fix hasXMacro performance. 2018-10-22 19:43:04 +01:00
Robert Marsh
f674d43ab1 Merge pull request #329 from geoffw0/overflowdest 
CPP: Improve Overflowdest.ql
 2018-10-22 10:51:41 -07:00
Robert Marsh
7bcc4379fc C++: accept loops with arbitrary labels or cases 2018-10-22 09:59:49 -07:00
Robert Marsh
4bed86f566 Merge pull request #313 from geoffw0/av-35 
CPP: Fix hasXMacro performance.
 2018-10-22 09:33:19 -07:00
Max Schaefer
212edc2e18 Merge pull request #307 from esben-semmle/js/unused-import 
JS: make js/unused-local-variable flag import statements
 2018-10-22 13:13:02 +01:00
Tom Hvitved
135271e9ad Merge pull request #287 from calumgrant/cs/lock-order 
C#: Improvements to cs/inconsistent-lock-sequence
 2018-10-22 14:11:20 +02:00
Max Schaefer
7702b58794 Merge pull request #305 from asger-semmle/json-taint-kind 
JS: Add flow label for tainted objects and sharpen NosqlInjection
 2018-10-22 11:58:50 +01:00
Dave Bartolomeo
dbae5c2d62 Update change-notes/1.19/analysis-cpp.md 
Co-Authored-By: geoffw0 <geoffrey@semmle.com>
 2018-10-22 11:50:18 +01:00
Max Schaefer
25224cc4a0 Revert "TypeScript: disable queries that rely on token information" 
This reverts commit 003b600e24.
 2018-10-22 11:06:11 +01:00
semmle-qlci
c78f3f8edf Merge pull request #336 from aschackmull/java/dataflow-cleanup 
Approved by yh-semmle
 2018-10-20 03:43:49 +01:00