hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,971 Commits 1,679 Branches 158 Tags
40db92bfd134e9b7c307ce488eb27caaebb5ce39
Commit Graph

10971 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
40db92bfd1 C++: Change note. 2020-03-16 13:22:00 +00:00
Geoffrey White
2cee756587 C++: Support the mirror case with <=. 2020-03-16 13:22:00 +00:00
Geoffrey White
3c96b09d47 C++: Behaviour preserving transform. 2020-03-16 13:22:00 +00:00
Geoffrey White
dcf2f7f19c C++: Add some test cases for the mirror case, with <=. 2020-03-16 13:22:00 +00:00
Geoffrey White
3d8633f701 C++: Additional test cases for the recursive bit of UnsignedGEZero. 2020-03-16 13:22:00 +00:00
Nick Rolfe
17c57dcb4c Merge pull request #2971 from matt-gretton-dann/codeql-c-extractor/40-spaceship 
C++20 Add DB Support for the <=> operator
 2020-03-16 12:07:58 +00:00
semmle-qlci
eb7d8092a6 Merge pull request #3064 from asger-semmle/js/typescript-semantic-errors 
Approved by erik-krogh
 2020-03-16 11:57:55 +00:00
Matthew Gretton-Dann
3465c96c12 C++: Update DB Stats 2020-03-16 09:58:02 +00:00
Matthew Gretton-Dann
b325bce4c6 C++: Add upgrade script 2020-03-16 09:58:02 +00:00
Matthew Gretton-Dann
06accfe72b C++: Add support for the spaceship operator 2020-03-16 09:58:02 +00:00
Matthew Gretton-Dann
c5b3df1eb2 C++: Update expression precedences 
The spaceship (<=>) operator adds a new row to the C++ precendence
table.  In preparation for that shift the necessary precedences up one
to create a suitable hole.

Note: In investigations I belive precedence 14 was not used.  However,
in order to make review easier I have kept that gap.
 2020-03-16 09:54:59 +00:00
Jonas Jensen
5b20133415 Merge pull request #3067 from theopolis/cpp-additional-commandexec-apis 
Add execve to CommandExecution
 2020-03-16 10:33:20 +01:00
Ted Reed
429b07a95d Add execve to CommandExecution 2020-03-15 20:35:46 -04:00
semmle-qlci
1d4dd2b2f7 Merge pull request #3057 from esbena/js/infer-this-as-exports 
Approved by asgerf
 2020-03-15 12:55:12 +00:00
Asger Feldthaus
b2f008ea9e JS: Dont report TypeScript diagnostics by default 2020-03-15 12:06:08 +00:00
semmle-qlci
7e093a8e5c Merge pull request #3041 from erik-krogh/JQueryAjax 
Approved by esbena
 2020-03-14 22:31:59 +00:00
semmle-qlci
ff03478ae8 Merge pull request #3049 from asger-semmle/js/fix-cyclic-join 
Approved by erik-krogh
 2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen
486efbab77 refactor based on review 2020-03-14 14:53:38 +01:00
semmle-qlci
20cae302fd Merge pull request #3054 from erik-krogh/NoDeferred 
Approved by asgerf
 2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen
4d6aa20990 Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks 
JS: Mongoose and MongoDB improvements
 2020-03-14 12:31:43 +01:00
Robert Marsh
e9459992a1 Merge pull request #3061 from MathiasVP/fix-constant-comparison 
C++: Fix getValue in SimpleRangeAnalysis
 2020-03-13 11:13:22 -07:00
Mathias Vorreiter Pedersen
09984a4068 C++: The extractor already provides the getValue result when the variable is a local variable. Thus we can simplify the QL code. 2020-03-13 17:57:01 +01:00
Mathias Vorreiter Pedersen
e1942bbee1 C++: Fix false positives 2020-03-13 17:09:57 +01:00
Mathias Vorreiter Pedersen
cc25298f67 C++: Demonstrate false positives when a const variable is initialized in a parameter list 2020-03-13 17:00:54 +01:00
Esben Sparre Andreasen
2fac7434df JS: infer this to be module.exports in node modules 2020-03-13 14:10:35 +01:00
Esben Sparre Andreasen
ae8d38236b JS: add some tests for this 2020-03-13 14:09:23 +01:00
Anders Schack-Mulligen
9fc75f1f92 Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen
2a2484ee0f Merge pull request #2800 from SpaceWhite/CWE-643 
CWE-643 XPathInjection on java
 2020-03-13 13:40:17 +01:00
semmle-qlci
25b9fcfafd Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix 
Approved by max-schaefer
 2020-03-13 11:49:49 +00:00
Felicity Chapman
d7f37056a6 Merge pull request #3042 from felicitymay/merge-123-master-2 
Merge rc/1.23 into master
 2020-03-13 11:18:43 +00:00
Rasmus Wriedt Larsen
b45f8ff41d Merge pull request #3053 from tausbn/python-make-test-not-depend-on-minor-version 
Python: Make two tests not depend on minor Python version.
 2020-03-13 10:56:40 +01:00
Felicity Chapman
7779862671 Merge pull request #3052 from felicitymay/2176-cobol 
Remove information about COBOL analysis
 2020-03-13 08:50:35 +00:00
yo-h
5104fd8692 Merge pull request #3051 from aschackmull/java/queue-taint-steps 
Java: Add taint steps for java.util.Queue methods.
 2020-03-12 20:54:11 -04:00
Felicity Chapman
9d32ae7fc1 Apply suggestions from code review 
Replace COBOL with Go

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-03-12 19:32:30 +00:00
Taus Brock-Nannestad
3d0ee90880 Python: Make two tests not depend on minor Python version. 
For syntax errors, we simply report the major version.

For unused imports, we were getting a result for `typing.py` when run under
Python 3.7.3. To prevent this import from being considered, I've set the maximum
import depth to `0`.
 2020-03-12 18:19:53 +01:00
Felicity Chapman
8c931bfc66 Remove information about COBOL analysis 2020-03-12 16:37:29 +00:00
Asger Feldthaus
2bdf26a8f1 JS: Remove unneeded forwarding method 2020-03-12 15:48:47 +00:00
Asger Feldthaus
788c0f9037 JS: Refactor metadata class a bit 2020-03-12 15:45:22 +00:00
Erik Krogh Kristensen
799c3eb06c remove model of Deferred 2020-03-12 16:38:20 +01:00
Asger Feldthaus
ddab13ab44 JS: Add a comment 2020-03-12 15:29:51 +00:00
Anders Schack-Mulligen
99c55b6edb Java: Add taint steps for java.util.Queue methods. 2020-03-12 15:02:06 +01:00
Taus
099997088a Merge pull request #3005 from RasmusWL/python-modernise-string-taint 
Python: Modernise StringKind files
 2020-03-12 15:01:18 +01:00
Asger Feldthaus
4391b70b5f JS: Fix perf issue in mayReceiveArgument 2020-03-12 13:45:34 +00:00
Jonas Jensen
917b984909 Merge pull request #3050 from geoffw0/mismatching_placement_new 
C++: Fix mismatching new/free FP in template code.
 2020-03-12 12:42:29 +01:00
SpaceWhite
300aee39be nit: add dot to qhelp 2020-03-12 20:38:03 +09:00
SpaceWhite
bb1ea94c54 Nit: Fix qhelp and ql autoformat 2020-03-12 20:35:01 +09:00
SpaceWhite
822bfcd36c Nit: fix qhelp 2020-03-12 20:25:23 +09:00
Erik Krogh Kristensen
172c5ccaca changes based on review 2020-03-12 11:04:33 +01:00
semmle-qlci
4355f8d2b4 Merge pull request #3023 from erik-krogh/RedundantUpdate 
Approved by esbena
 2020-03-12 09:34:53 +00:00
Pavel Avgustinov
ecded4c11c Merge pull request #3048 from jbj/desemmlify 
Docs: Remove some Semmle references
 2020-03-12 09:27:36 +00:00