hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 21:16:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
596 Commits 1,714 Branches 162 Tags
3922082e7dbb02e109ffb4d94d1fa2c1eb4c65ba
Commit Graph

596 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
3922082e7d CPP: Tidy and simplify AV Rule 79.ql. 2018-09-21 19:35:23 +01:00
Geoffrey White
d5a48ad63e CPP: Additional test cases. 2018-09-21 15:55:29 +01:00
Geoffrey White
84f9900c8c CPP: Exclude placement new. 2018-09-21 10:53:42 +01:00
Geoffrey White
c7aa5c169b CPP: Add a test of placement new for AV Rule 79.ql. 2018-09-21 10:47:00 +01:00
Anders Schack-Mulligen
4d46385c51 Merge pull request #206 from yh-semmle/java/codeowners 
Java: add Semmle/java team to `CODEOWNERS`
 2018-09-20 09:24:14 +02:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
semmle-qlci
2f4aa647be Merge pull request #200 from esben-semmle/js/post-polish-167 
Approved by asger-semmle
 2018-09-19 21:43:17 +01:00
Asger F
1d793c0a7b JavaScript: fix expected output 2018-09-19 14:33:23 +01:00
Esben Sparre Andreasen
2cedc81774 JS: polish js/enabling-electron-renderer-node-integration meta info 2018-09-19 13:45:42 +02:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
Jonas Jensen
86fe0ce42e Merge pull request #107 from rdmarsh2/rdmarsh/cpp/HashCons 
C++: HashCons library
 2018-09-18 11:45:26 +02:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Asger F
e2cdf5d7ed JavaScript: add string concatenation library 2018-09-17 12:47:37 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00
semmle-qlci
782e91bb97 Merge pull request #167 from bnxi/NodeIntegration 
Approved by esben-semmle
 2018-09-15 21:35:56 +01:00
Geoffrey White
e4b9d31f8e Merge pull request #194 from raulgarciamsft/overflow_buffer_negindex 
Detect access to an array using a negative index
 2018-09-14 21:56:16 +01:00
Behrang Fouladi Azarnaminy
7071c75567 revert "Chaning EOL in two files" 
This reverts commit ecd08d4560.
 2018-09-14 09:03:48 -07:00
Esben Sparre Andreasen
444a09a17c JS: add models of five file system libraries 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
5781b518bc JS: change notes for js/stored-xss 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
Asger F
a3562aa4a7 Merge pull request #193 from esben-semmle/js/reduce-precision-of-remote-property-injection 
JS: lower @precision of js/remote-property-injection
 2018-09-14 11:14:13 +01:00
Esben Sparre Andreasen
e2fac8a03c JS: introduce concept: FileNameSource 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
6d3c1a1d22 JS: introduce fsModuleMember 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
8de269e1fb JS: add support for fs-extra in NodeJSFileSystemAccess 2018-09-14 11:09:29 +02:00
semmle-qlci
abbadf24f0 Merge pull request #192 from esben-semmle/js/additional-array-taint-steps 
Approved by asger-semmle
 2018-09-14 10:02:36 +01:00
Esben Sparre Andreasen
81aeda69e1 JS: lower @precision of js/remote-property-injection 2018-09-14 07:37:47 +02:00
semmle-qlci
961ecfb43f Merge pull request #187 from esben-semmle/js/additional-whitelisting-form-unbound-event-handlers 
Approved by asger-semmle
 2018-09-14 06:35:39 +01:00
Raul Garcia
28050e1415 Change to cpp/overflow-buffer to detect access to an array using a negative index (static, out of range access, lower bound). 2018-09-13 15:44:32 -07:00
Esben Sparre Andreasen
cb2bd9e0ae JS: change notes for additional array taint steps 2018-09-13 21:36:53 +02:00
Esben Sparre Andreasen
4c13e6b46b JS: add additional array-specific taint steps 2018-09-13 21:36:53 +02:00
Robert Marsh
1a14b13703 C++: migrate change note 2018-09-13 09:53:41 -07:00
semmle-qlci
6266d8bf01 Merge pull request #184 from aschackmull/java/intmulttolong-message 
Approved by yh-semmle
 2018-09-13 15:00:14 +01:00
Esben Sparre Andreasen
763da72ce5 JS: modernize old array taint steps 2018-09-13 15:52:25 +02:00
Esben Sparre Andreasen
ea37665ec6 JS: move array-specific taint steps to separate class 2018-09-13 15:52:25 +02:00
semmle-qlci
3d022298dc Merge pull request #186 from Semmle/rc/1.18 
Approved by esben-semmle
 2018-09-13 12:34:54 +01:00
Anders Schack-Mulligen
b9acdf573a Java: Update qltest. 2018-09-13 10:18:09 +02:00
Esben Sparre Andreasen
52013f3071 JS: change notes for improved js/unbound-event-handler-receiver 2018-09-13 08:43:01 +02:00
Esben Sparre Andreasen
fcc33ce93d JS: whitelist auto-bind methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen
eb10f603ab JS: whitelist decorator-bound methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen
1220b50737 JS: whitelist _.bindAll-methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Behrang Fouladi Azarnaminy
ecd08d4560 Chaning EOL in two files 2018-09-12 12:05:57 -07:00
Geoffrey White
1459b981f3 Merge pull request #183 from jbj/unsafe-strcat-perf 
C++: Restructure UnsafeUseOfStrcat for performance
 2018-09-12 15:16:58 +01:00
Asger F
cc6edd4e23 Merge pull request #182 from felicity-semmle/1.18/js-change-notes 
LGTM 1.18: finalize the JavaScript change notes
 2018-09-12 14:00:42 +01:00
Anders Schack-Mulligen
1bbc67b57c Java: Autoformat query. 2018-09-12 10:14:41 +02:00
Anders Schack-Mulligen
ccbd8aaebc Java: Improve alert message of IntMultToLong. 2018-09-12 10:13:57 +02:00
Jonas Jensen
9fb5fbd995 C++: Restructure UnsafeUseOfStrcat for performance 
This query gets optimized badly, and it has started timing out when we
run it on our own code base. Most of the evaluation time is spent in an
RA predicate named `#select#cpe#1#f#antijoin_rhs#1`, which takes 1m36s a
Wireshark snapshot.

This restructuring of the code makes the problematic RA predicate go
away.
 2018-09-12 09:37:17 +02:00
Felicity Chapman
4d512a5b01 Remove non-LGTM query (see following PR) 2018-09-11 22:54:37 +01:00
Felicity Chapman
7dd891d908 Further updates and addition of query @ids 2018-09-11 22:51:14 +01:00
Felicity Chapman
223bf6cf56 Updates for consistency 2018-09-11 22:31:32 +01:00
semmle-qlci
9e0ba51280 Merge pull request #179 from esben-semmle/js/classify-multi-license-fix 
Approved by asger-semmle
 2018-09-11 21:30:10 +01:00