hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,476 Commits 1,712 Branches 163 Tags
455dbccd056ac3c19a38c45a4a6876842e416f7e
Commit Graph

4476 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
455dbccd05 JavaScript: Fix definitions of SourcePathNode and SinkPathNode. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Geoffrey White
c674f54129 Merge pull request #1259 from xiemaisi/cpp/typo-fix 
CPP: Fix two doc comments.
 2019-04-17 16:48:23 +01:00
ian-semmle
ff574e56be Merge pull request #1260 from nickrolfe/qltest_verbosity 
C++: update expected extractor arguments to match qltest runner changes
 2019-04-17 15:56:22 +01:00
Max Schaefer
a61ca489f1 Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
Nick Rolfe
bf204ecdf8 C++: update expected extractor arguments to match qltest runner changes 2019-04-17 12:30:04 +01:00
Max Schaefer
599185e125 CPP: Fix two doc comments. 2019-04-17 10:49:38 +01:00
Geoffrey White
f33b24c917 Merge pull request #1239 from jbj/qlformat-1 
C++: Autoformat QL code in Architecture and Best Practices
 2019-04-17 09:56:29 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00
Calum Grant
d8b47c8337 Merge pull request #1225 from hvitved/csharp/cfg/dynamic-accessor-calls 
C#: Improve CFG for (potential) dynamic accessor calls
 2019-04-16 17:53:12 +01:00
Asger F
48ca4ae0d8 JS: prototype pollution query template 2019-04-16 17:40:41 +01:00
Asger F
e88e5cf4d7 Merge pull request #1256 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-04-16 16:10:36 +01:00
Geoffrey White
2d15163e30 CPP: Test of a comment inside #if 0. 2019-04-16 15:37:21 +01:00
Arthur Baars
4e10e285a2 Merge pull request #1253 from asger-semmle/rc-tscrash 
TS: Dont extract redirect SourceFiles
v1.20.1 		2019-04-16 14:01:25 +02:00
Asger F
fafdd5bbcd TS: Dont extract redirect SourceFiles 2019-04-16 10:17:45 +01:00
semmle-qlci
ff25a3ee5a Merge pull request #1243 from asger-semmle/access-path-refinements 
Approved by xiemaisi
 2019-04-16 09:57:51 +01:00
Max Schaefer
65e508ae3b Merge pull request #1252 from esben-semmle/mb/1.20-master 
Mergeback: rc/1.20 into Semmle/master
 2019-04-16 09:27:50 +01:00
semmle-qlci
aeebc3692d Merge pull request #1247 from asger-semmle/tscrash 
Approved by xiemaisi
 2019-04-16 07:59:02 +01:00
semmle-qlci
97018f7c3a Merge pull request #1248 from asger-semmle/ts-full-default 
Approved by xiemaisi
 2019-04-16 07:56:50 +01:00
Max Schaefer
7af4baf57f Merge pull request #1220 from esben-semmle/js/another-getAPropertyAttribut-performance-fix 
JS: inline CallToObjectDefineProperty::getAPropertyAttribute
 2019-04-16 07:55:53 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Asger F
abbfe2d5ce TS: Dont extract redirect SourceFiles 2019-04-15 18:57:02 +01:00
Max Schaefer
faba019a29 Merge pull request #1229 from esben-semmle/js/whitelist-unwrappind 
JS: whitelilist delimiter unwrapping for js/incomplete-sanitization
 2019-04-15 12:20:12 +01:00
Max Schaefer
4c9edafef3 Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp 
JS: type tracking for js/incomplete-hostname-regexp
 2019-04-15 12:19:46 +01:00
Asger F
b6ea121808 TS: Make full TS extraction the default in AutoBuild 2019-04-15 12:11:05 +01:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Max Schaefer
ce53a7d575 Merge pull request #1175 from psygnisfive/NullSensitiveContext 
[JS] Null Sensitive Context (new library)
 2019-04-15 08:50:14 +01:00
Rebecca Valentine
fb40548be5 fixes semicolon issues 2019-04-12 10:56:31 -07:00
Rebecca Valentine
a66d1c0e09 fixes test errors 2019-04-12 10:39:34 -07:00
Rebecca Valentine
d4f2172bdc void exprs are also ok 2019-04-12 10:39:20 -07:00
Asger F
b8ec7083d4 JS: Update isBarrier test output 2019-04-12 16:35:01 +01:00
Taus
ae6c768db8 Merge pull request #1244 from markshannon/fix-semantic-merge-conflict 
Python: Fix semantic merge conflict between #1206 and #1240.
 2019-04-12 14:49:24 +02:00
Mark Shannon
d6ba729dce Python: Fix semantic merge conflict between #1206 and #1240. 2019-04-12 12:32:41 +01:00
Asger F
b36075ca46 JS: step through refinements in AccessPaths 2019-04-12 11:12:50 +01:00
Asger F
720555be45 JS: Add test case 2019-04-12 11:11:26 +01:00
Taus
707b73c3d0 Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests 
Python: Remove callsite refinement ESSA definition in tests
 2019-04-12 12:05:40 +02:00
Taus
607b5fb077 Merge pull request #1206 from markshannon/python-taint-flow-classless 
Python taint-tracking: Better flow for "generic" taint.
 2019-04-12 11:54:52 +02:00
Jonas Jensen
29aa5f550c C++: Tidy up code so it looks good after qlformat 2019-04-12 10:43:24 +02:00
Esben Sparre Andreasen
2d66069d60 JS: change notes for js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
cf7d0a7ea5 JS: fixup qhelp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
74144b0271 JS: make RegExpPatterns::commonTLD more robust 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
9eb039038e JS: update docstring example for TypeBackTracker 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
1f565bd49c JS: Introduce TypeBackTracker::step and TypeBackTracker::smallstep 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
ian-semmle
a84a921730 Merge pull request #1241 from nickrolfe/category_changes 
C++: change expected test output following extractor frontend upgrade
 2019-04-11 23:27:31 +01:00
Nick Rolfe
baf091235c C++: change expected test output following extractor frontend upgrade 2019-04-11 17:45:35 +01:00