hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-08 04:00:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,842 Commits 1,681 Branches 157 Tags
61c4d30dd676cf5c01fa5c19d9b0239ebd2378e0
Commit Graph

6842 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
61c4d30dd6 JS: Use express module instead 2019-09-05 12:09:24 +01:00
Asger F
9f8bf90424 JS: Update Express test 2019-09-04 11:43:21 +01:00
Asger F
744f0b1aa3 JS: Use type info to recognize routers 2019-09-04 11:43:21 +01:00
Asger F
c06fd451d6 JS: Handle router chaining in type tracking predicate 2019-09-04 11:43:21 +01:00
Asger F
f3aea0706a JS: Use type info in Express Request/Response 2019-09-04 11:43:21 +01:00
Nick Rolfe
641232a9d7 Merge pull request #1855 from mgrettondann/cpp-343-lambda-names-simplification 
C++: Update tests for lambda description changes
 2019-09-03 11:45:50 +01:00
semmle-qlci
6778f28424 Merge pull request #1854 from asger-semmle/prototype-pollution-precision 
Approved by esben-semmle, xiemaisi
 2019-09-03 10:50:24 +01:00
semmle-qlci
e4d59c361a Merge pull request #1856 from asger-semmle/ts-base-types 
Approved by xiemaisi
 2019-09-03 10:12:30 +01:00
Geoffrey White
d092905c66 Merge pull request #1772 from jbj/ast-field-flow-nested 
C++: Support nested field flow
 2019-09-03 09:12:47 +01:00
Jonas Jensen
d3a6ae5657 C++: Support nested field flow 
This is the C/C++ side of PR #1766.
 2019-09-03 08:50:15 +02:00
semmle-qlci
c8ffbf3b87 Merge pull request #1852 from xiemaisi/js/async-generator-methods 
Approved by esben-semmle
 2019-09-02 16:18:04 +01:00
Matthew Gretton-Dann
03eb1ff785 C++: Update taint-tests for changed lambda support 2019-09-02 15:18:27 +01:00
Asger F
8737dbb73d JS: Add test 2019-09-02 14:31:40 +01:00
Asger F
54d47f60da JS: Include base types in TypeName 2019-09-02 14:18:48 +01:00
Asger F
e9159acecb TS: Fix skewed arrays due to recursive call 2019-09-02 13:03:25 +01:00
Geoffrey White
aa009d07fd Merge pull request #1787 from jbj/ast-field-flow-local-fields 
C++: Local field flow using global library
 2019-09-02 11:17:37 +01:00
Asger F
c71a66a045 JS: Add change note 2019-09-02 11:05:07 +01:00
Asger F
a41a23fdba JS: Raise precision of prototype-pollution query 2019-09-02 11:00:24 +01:00
Jonas Jensen
e9a029cba3 C++: Local field flow using global library 
This commit removes fields from the responsibilities of `FlowVar.qll`.
The treatment of fields in that file was slow and imprecise.

It then adds another copy of the shared global data flow library, used
only to find local field flow, and it exposes that local field flow
through `localFlow` and `localFlowStep`.

This has a performance cost. It adds two cached stages to any query that
uses `localFlow`: the stage from `DataFlowImplCommon`, which is shared
with all queries that use global data flow, and a new stage just for
`localFlowStep`.
 2019-09-02 11:17:27 +02:00
Jonas Jensen
4f57f37b31 C++: Test to show false flow through object copy 2019-09-02 11:16:48 +02:00
Max Schaefer
91e46cd6fd JavaScript: Fix parsing of asynchronous generator methods. 2019-09-02 09:56:42 +01:00
semmle-qlci
6d55d1f7c0 Merge pull request #1707 from asger-semmle/canonical-name-call-graph 
Approved by xiemaisi
 2019-09-02 09:45:24 +01:00
Max Schaefer
742c9708a9 Merge pull request #1828 from asger-semmle/jsdoc-relation 
JS: Make getDocumentation handle chain assignments
 2019-09-02 08:43:40 +01:00
semmle-qlci
0cf872ed32 Merge pull request #1846 from hvitved/csharp/autoformat 
Approved by jbj
 2019-09-02 08:31:43 +01:00
semmle-qlci
00fe4734ac Merge pull request #1850 from hvitved/csharp/remove-ref-equal 
Approved by calumgrant
 2019-09-01 09:31:50 +01:00
yh-semmle
c359675fa9 Merge pull request #1802 from aschackmull/java/taint-step-extension-point 
Java: Add a global extension point for taint steps.
 2019-08-30 17:19:58 -04:00
yh-semmle
f54545522e Merge pull request #1759 from aschackmull/java/flow-exploration 
Java/C++/C#: Add support for dataflow exploration by partial paths.
 2019-08-30 17:00:17 -04:00
Asger F
45941869ad JS: Change note 2019-08-30 18:25:39 +01:00
Asger F
89b91af6db JS: Make getDocumentation handle chain assignments 2019-08-30 18:20:54 +01:00
Asger F
9533ca0926 JS: Change note 2019-08-30 18:19:49 +01:00
Asger F
3926436bd4 JS: Explain use of t.call() 2019-08-30 18:19:19 +01:00
Asger F
d6578e10c8 JS: Handle constructor calls to avoid regression 2019-08-30 18:19:19 +01:00
Asger F
1b6cc4ebcc JS: Update test 2019-08-30 18:19:19 +01:00
Asger F
a13fb8e2ba JS: Handle RHS in more cases 2019-08-30 18:19:19 +01:00
Asger F
1e5f0a4e2f JS: Update DataFlow tests 2019-08-30 18:19:19 +01:00
Asger F
5512846e6f JS: Update TypeTracking test 2019-08-30 18:19:19 +01:00
Asger F
bd6768e2c8 JS: Fix closure namespace prefix and update tests 2019-08-30 18:19:19 +01:00
Asger F
b1f9db9145 JS: Make getAFunctionValue follow global access paths 2019-08-30 18:19:19 +01:00
Asger F
8d59df229a JS: Allow calls to externs 2019-08-30 18:19:19 +01:00
Asger F
cfa2ec1084 JS: Remove fake JSONType from es5.js externs 2019-08-30 18:19:19 +01:00
Asger F
e7166c2a1c JS: Workaround for JSON externs 2019-08-30 18:19:19 +01:00
Asger F
221d94961a JS: Resolve simple calls based on qualified name 2019-08-30 18:19:19 +01:00
Asger F
ca71d3117e JS: Use access paths from Closure module 2019-08-30 18:19:19 +01:00
Asger F
8c5b6b256b JS: Remove globalFlowPred() 2019-08-30 18:19:18 +01:00
Asger F
96d9e66ced JS: cache things 2019-08-30 18:19:18 +01:00
Asger F
313579c258 JS: Restrict flow to access paths assigned in a unique file 2019-08-30 18:19:18 +01:00
Asger F
48b70c4f1d JS: Add type-tracking test case 2019-08-30 18:19:18 +01:00
Asger F
7315a2baee JS: Make type tracking work through access paths 2019-08-30 18:19:18 +01:00
Asger F
2105e0bdee JS: use JSDoc types in class tracking 2019-08-30 18:19:18 +01:00
Asger F
6b05aa129c JS: Use global access paths to recognize .prototype 2019-08-30 18:19:18 +01:00