hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,008 Commits 1,741 Branches 166 Tags
495a1fcf3bb302164a8a59caaf89149b277883e8
Commit Graph

2008 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
b155a0f5fb C#: Avoid computing CIL strings and non-PDB locations in data flow library 
Computing strings and locations for CIL instructions can be quite time consuming.
The CIL `toString()`s are not very helpful in path explanations, and their locations
are only useful when a PDB source file exists. Therefore, produce a simple constant
`toString()`, and restrict locations to those in PDB files.
 2018-12-12 21:58:16 +01:00
Tom Hvitved
344466a8c1 C#: Cache DataFlow::Node::getEnclosingCallable() 2018-12-12 21:49:21 +01:00
Aditya Sharad
41a48078f7 Merge pull request #673 from calumgrant/cs/sync-files 
C#: Sync samples and qltest cases
 2018-12-12 17:10:00 +00:00
calumgrant
8e546a30b0 Merge pull request #637 from hvitved/csharp/cfg/throwing-callable 
C#: Fix a bug in `ThrowingCallable`
 2018-12-12 16:58:28 +00:00
calum
2bbd55519b C#: Add tests for C# 7.3 features. 2018-12-12 16:44:55 +00:00
Asger F
635a3cb1ec JS: add FunctionNode.getThisParameter 2018-12-12 16:26:02 +00:00
calum
5596bc8827 C#: Add change note. 2018-12-12 16:16:07 +00:00
Anders Schack-Mulligen
12bc1fc656 Merge pull request #581 from jf205/metadata-guide 
Query metadata style guide: add to ql/docs
 2018-12-12 12:55:20 +00:00
Asger F
a96c53f9b8 JS: restrict when a variable reference is considered a source 2018-12-12 12:28:26 +00:00
Asger F
14621760bb JS: add window.name as DOM-based remote flow source 2018-12-12 12:22:39 +00:00
Tom Hvitved
74167e478a C#: Cache NamedElement::getLabel() 2018-12-12 13:16:28 +01:00
Tom Hvitved
6918dad1db C#: Refactor localFlowStep() 
Using the `forceCachingInSameStage()` trick, we can get rid of the non-cached version
of local flow, while still computing it in the same stage.
 2018-12-12 13:14:22 +01:00
Tom Hvitved
1366638f06 C#: Fix whitespaces 2018-12-12 13:13:13 +01:00
calum
3037b2b197 C#: Sync the -Good and -Bad files in the qltest to match the sample. 2018-12-12 11:36:00 +00:00
calum
1df1b0c28e C#: Refactor ArrayCreations to allow stackalloc arrays to have initializers (C# 7.3). 2018-12-12 11:05:34 +00:00
Max Schaefer
faaca21996 JavaScript: Avoid more unhelpful magic. 2018-12-12 08:40:21 +00:00
Max Schaefer
4fc27aaa51 Merge branch 'master' into pseudo-random-bytes 2018-12-12 08:19:57 +00:00
semmle-qlci
06dd5f3616 Merge pull request #656 from xiemaisi/js/unused-local-underscore 
Approved by esben-semmle
 2018-12-12 08:11:37 +00:00
semmle-qlci
9df5d4b0c2 Merge pull request #660 from esben-semmle/js/angularjs-alert-locations 
Approved by xiemaisi
 2018-12-12 08:05:19 +00:00
yh-semmle
14488cb62e Merge pull request #652 from aschackmull/java/constant-loop-cond-alert-pos 
Java: Change alert location for ConstantLoopCondition.
 2018-12-11 21:26:14 -05:00
Esben Sparre Andreasen
fac638ffab JS: improve alert location of js/angular/unused-dependency 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
b5bbf990b0 JS: improve alert location of js/angular/repeated-dependency-injection 2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen
5acd1ca26d JS: improve alert location of js/angular/duplicate-dependency 2018-12-11 21:47:08 +01:00
Robert Marsh
98005edd9d Merge pull request #641 from geoffw0/exprnoeffect2 
CPP: More tests of isSideEffectFree() / ExprHasNoEffect.ql
 2018-12-11 12:17:30 -08:00
Tom Hvitved
7422947e78 C#: Improve performance of cs/useless-upcast 2018-12-11 17:48:04 +01:00
Asger F
a01a9dc5cc JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql 2018-12-11 16:06:22 +00:00
Tom Hvitved
e80837681f C#: Refactor LINQ logic 
Factor `ClauseCall` out into three classes to make it clear when the fields
`operand` and `declaration` can be `null`.
 2018-12-11 16:04:25 +01:00
Esben Sparre Andreasen
376ed7a4d2 JS: generalize js/command-line-injection to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
a1d92bfa50 JS: generalize js/incomplete-sanitization to handle ConstantString 2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen
1bc73ab592 JS: address review comments 2018-12-11 13:03:17 +01:00
calum
f0fb47cde0 C#: Update change notes. 2018-12-11 10:31:45 +00:00
calum
8d072863df C#: Reorder for statements to ensure variables declared in the condition are declared before they are used. 2018-12-11 10:31:45 +00:00
Esben Sparre Andreasen
7cc6f2f4d8 JS: add test case 2018-12-11 10:17:25 +01:00
Esben Sparre Andreasen
36e36a414e JS: change notes for improve file classification 2018-12-11 10:01:54 +01:00
Esben Sparre Andreasen
73aa223b08 JS: handle additional multi-license file patterns 2018-12-11 09:55:38 +01:00
Max Schaefer
4d186e0edc JavaScript: Teach Unused{Variable,Parameter} to ignore variables with leading underscore. 2018-12-11 08:50:50 +00:00
Esben Sparre Andreasen
edbef289a7 JS: improve whitespace handling for multi-license file recognition 2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen
e016098f86 JS: support purs classification 2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen
3879e57f18 JS: support <meta name="generator"/> classification 2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen
a295dfd2c5 JS: support AutoRest classification 2018-12-11 08:54:19 +01:00
Esben Sparre Andreasen
09e7124bb1 JS: update change notes for renamed query 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
ab519d4abf JS: rename query 
"Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".
 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
7c6e28d917 JS: introduce near-empty RegularExpressions.qll 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen
994fe1bea5 JS: address non-semantic review comments 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
d4e4bc6a0b JS: sharpen js/incomplete-url-regexp by not matching .* or .+ 2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen
c65c7e700e JS: change notes for js/incomplete-url-regexp 2018-12-10 22:21:01 +01:00
Esben Sparre Andreasen
52ca696ff4 JS: add query js/incomplete-url-regexp 2018-12-10 22:20:29 +01:00
Esben Sparre Andreasen
6d6379fc09 JS: address review comments 2018-12-10 22:03:52 +01:00
Jonas Jensen
a4b3b1e8c8 Merge pull request #653 from geoffw0/ex-ch-notes 
CPP: Additional change notes (for 1.20)
 2018-12-10 16:59:12 +01:00
Geoffrey White
709fd6382a CPP: Change note for #562. 2018-12-10 13:51:15 +00:00