codeql

mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00

Author	SHA1	Message	Date
Max Schaefer	60a1357092	JavaScript: Make all taint-based security queries have `@kind path-problem`.	2018-11-14 09:16:40 +00:00
Max Schaefer	65bcf0f526	JavaScript: Refactor security queries for uniformity.	2018-11-14 09:16:40 +00:00
Max Schaefer	9b4ae9e4d3	JavaScript: Refactor `HostHeaderPoisoningInEmailGeneration` query.	2018-11-14 09:16:40 +00:00
Max Schaefer	c51cd50133	JavaScript: Remove a few unnecessary imports.	2018-11-14 09:16:40 +00:00
semmle-qlci	d83381918d	Merge pull request #458 from xiemaisi/js/more-externs Approved by asger-semmle	2018-11-14 08:31:15 +00:00
Arthur Baars	969c2796a0	Merge pull request #457 from adityasharad/merge/1.18-master-131118 Merge rc/1.18 into master.	2018-11-13 22:25:03 +01:00
yh-semmle	758e74a8f9	Merge pull request #455 from felicity-semmle/java/SD-2779-qhelp-updates Java: Update qhelp for queries with CWE tags (SD-2779)	2018-11-13 14:49:32 -05:00
Max Schaefer	a499009f59	Merge pull request #395 from esben-semmle/js/useless-defensive-code JS: add query: js/useless-defensive-code	2018-11-13 16:55:59 +00:00
Max Schaefer	4fdfbb77cc	Merge pull request #444 from esben-semmle/js/browser-based-client-requests JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 16:53:52 +00:00
Felicity Chapman	fe15159756	Update for feedback	2018-11-13 16:34:06 +00:00
Aditya Sharad	bc06831d01	Merge rc/1.18 into master.	2018-11-13 10:55:08 +00:00
Jonas Jensen	cd874f7982	Merge pull request #454 from geoffw0/move-tests CPP: Move the tests from library-tests/queries	2018-11-13 10:19:56 +01:00
semmle-qlci	86e31a584e	Merge pull request #447 from esben-semmle/js/indirect-sanitization Approved by asger-semmle	2018-11-13 09:14:28 +00:00
Max Schaefer	79a6cfdf38	JavaScript: Add generic externs for BDD/TDD-style testing frameworks.	2018-11-13 08:30:35 +00:00
Esben Sparre Andreasen	5666deac14	JS: rename js/useless-defensive-code to js/unneeded-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	1db2e6ca55	JS: add source code examples to docstrings	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	3aae1d17db	JS: avoid two uses of `getChildExpr(0)`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	15123da0b7	JS: minor fixup: only traverse `LogNotExpr`s	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8ea9fd4cca	JS: address review comments	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8b71b25a2a	JS: annotate test file with expected results	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a636319c97	JS: change notes for js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7d4cf49545	JS: fixup double reporting of alerts	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	f440c9221a	JS: replace some `Expr.stripParens` with `Expr.getUnderlyingValue`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	358e6188d9	JS: downgrade other alerts to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	e29c57a58e	JS: add whitelist to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	b073fcfca2	JS: add query: js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7b215ecb2b	JS: recognize defensive programming patterns using `typeof`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c403416fef	JS: recognize defensive expressions that prevents exceptions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	6e77489a3b	JS: add utilities for expression guards to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a2ecf40878	JS: recognize defensive expressions for null/undefined	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	2b6ef24bc2	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8086e88587	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a5eeba3c3a	JS: prepare DefensiveProgramming.qll for additions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c2fb14640e	JS: move isDefensiveInit to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	37b7b39ec6	JS: change notes for improved js/request-forgery	2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen	577b225429	JS: sort change notes table	2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen	ce0dd241f6	JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 08:14:51 +01:00
semmle-qlci	2f0e693b38	Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options Approved by esben-semmle	2018-11-12 20:32:35 +00:00
Felicity Chapman	fa8fd0513c	Update qhelp for queries with CWE tags	2018-11-12 18:00:17 +00:00
Max Schaefer	663bdd60a0	Merge pull request #396 from esben-semmle/js/unconditional-property-override JS: add query: js/unconditional-property-override	2018-11-12 17:10:32 +00:00
Geoffrey White	1d464ae35d	CPP: Merge the ExprHasNoEffect tests.	2018-11-12 16:26:50 +00:00
Geoffrey White	1417929cdf	CPP: Merge the Todo/FixmeComments tests.	2018-11-12 16:26:50 +00:00
Geoffrey White	03cad6c084	CPP: Move the AV Rule 97 test.	2018-11-12 16:07:03 +00:00
Geoffrey White	2d665e51d0	CPP: Move the BitwiseSignCheck.ql test.	2018-11-12 16:07:03 +00:00
Arthur Baars	effabc667c	Merge pull request #452 from adityasharad/version/1.18.3-dev Version: Bump to 1.18.3 dev.	2018-11-12 16:01:22 +01:00
Aditya Sharad	271628c280	Version: Bump to 1.18.3 dev.	2018-11-12 14:55:26 +00:00
Jonas Jensen	0cb09b113f	Merge pull request #251 from rdmarsh2/rdmarsh/cpp/sign-analysis C++: Sign analysis library	2018-11-12 15:23:18 +01:00
Max Schaefer	2c1a37c652	JavaScript: Add WebRTC externs.	2018-11-12 12:25:32 +00:00
Tom Hvitved	dd6fd400aa	Merge pull request #335 from calumgrant/cs/cwe-937 C#: New query VulnerablePackage	2018-11-12 10:34:53 +01:00
Esben Sparre Andreasen	eaad84bb4f	JS: add support for dis- and conjunctions in SanitizingFunction	2018-11-12 10:23:52 +01:00

1 2 3 4 5 ...

1504 Commits