codeql

mirror of https://github.com/github/codeql.git synced 2026-01-16 16:04:45 +01:00

Author	SHA1	Message	Date
Geoffrey White	7d630c458e	Merge branch 'master' into fp2762	2020-05-19 11:43:50 +01:00
semmle-qlci	6041d52936	Merge pull request #3424 from asger-semmle/js/express-param-handler Approved by esbena	2020-05-18 08:48:24 +01:00
semmle-qlci	135eae9895	Merge pull request #3483 from esbena/js/fix-qhelp-FNs Approved by asgerf	2020-05-18 08:47:05 +01:00
semmle-qlci	0230b79efc	Merge pull request #3391 from erik-krogh/SplitFPs Approved by esbena	2020-05-18 08:46:26 +01:00
semmle-qlci	8d41ce1630	Merge pull request #3480 from erik-krogh/moreSlip Approved by esbena	2020-05-16 21:17:27 +01:00
Mathias Vorreiter Pedersen	a42d80aa14	Merge pull request #3481 from dbartol/github/codeql-c-analysis-team/69 C++/C#: Allow memory operands to lack a definition	2020-05-16 11:53:00 +02:00
Asger Feldthaus	0171c9e10c	JS: Autoformat	2020-05-16 09:25:18 +01:00
Asger Feldthaus	d279845a43	JS: Minor fixes	2020-05-16 09:24:53 +01:00
yo-h	4f00e40257	Merge pull request #3474 from aschackmull/java/string-formatted Java: Add taint steps for String.formatted.	2020-05-15 22:04:36 -04:00
yo-h	69ab158910	Merge pull request #3473 from aschackmull/java/switchexpr Java: Extend library support for switch expressions.	2020-05-15 20:46:37 -04:00
Dave Bartolomeo	96c87b309b	C++/C#: Use `unique` to get a better join order The previous changes made the optimizer choose a bad join order for the RHS of the antijoin in `addressOperandAllocationAndOffset`. Once again, `unique` to the rescue.	2020-05-15 17:36:43 -04:00
Geoffrey White	edd09f09cd	C++: Add test cases where several specific values are permitted.	2020-05-15 17:01:23 +01:00
Jonas Jensen	b08de6c051	Merge pull request #3482 from MathiasVP/getlim-taint-source C++: Add GetDelim as taint step	2020-05-15 15:54:29 +02:00
Calum Grant	5787871734	Merge pull request #3351 from hvitved/csharp/unification-nested-types C#: Teach unification library about nested types	2020-05-15 14:11:00 +01:00
Calum Grant	cc844648ff	Merge pull request #3365 from hvitved/csharp/format-queries-path-problem C#: Convert `string.format()` queries to path queries	2020-05-15 14:08:54 +01:00
Rasmus Wriedt Larsen	061f318576	Merge pull request #3460 from yoff/boolDefault Python: __bool__ does not raise TypeError by default	2020-05-15 15:07:45 +02:00
Dave Bartolomeo	89ec60c948	C++/C#: Add missing QLDoc	2020-05-15 09:01:16 -04:00
Dave Bartolomeo	bcddaf4c29	C++/C#: Fix formatting	2020-05-15 08:56:32 -04:00
Mathias Vorreiter Pedersen	7502c6f821	Set `mustWrite` to `false` in response to PR feedback Co-authored-by: Jonas Jensen <jbj@github.com>	2020-05-15 14:32:46 +02:00
Asger Feldthaus	e311cc7689	JS: Change note	2020-05-15 13:06:37 +01:00
Rasmus Lerchedahl Petersen	60d5ba23b3	Python: Move test into appropriate class. Also update test expectations with changed line numbers.	2020-05-15 13:51:51 +02:00
Rasmus Lerchedahl Petersen	1b0687e2f2	Python: update expectations correctly	2020-05-15 13:25:20 +02:00
Esben Sparre Andreasen	1c5bffc095	JS: fix some FNs in the qhelp examples	2020-05-15 12:40:38 +02:00
Jonas Jensen	8a0af0bcac	Merge pull request #3465 from MathiasVP/remove-abstract-from-access-and-cast C++: Remove abstract keyword from `Access` and `Cast` classes	2020-05-15 12:25:34 +02:00
Mathias Vorreiter Pedersen	866b1361ec	C++: Accept tests	2020-05-15 11:12:47 +02:00
Mathias Vorreiter Pedersen	e70f22c753	C++: Model getdelim and friends	2020-05-15 11:05:57 +02:00
Mathias Vorreiter Pedersen	90d473d886	C++: Demonstrate lack of taint through getdelim	2020-05-15 11:01:27 +02:00
Asger Feldthaus	d84f1b47c2	JS: Refactor RequestInputAccess to use source nodes	2020-05-15 09:59:28 +01:00
Asger Feldthaus	da974f1527	JS: Add test with dynamic access to req.query	2020-05-15 09:59:28 +01:00
Asger Feldthaus	659e2ff709	JS: Tweak evaluation of route handler params	2020-05-15 09:59:27 +01:00
Asger F	b9995b784d	Update javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-15 09:59:27 +01:00
Asger Feldthaus	a982cdc39c	JS: Autoformat	2020-05-15 09:59:27 +01:00
Asger Feldthaus	bfbe70a7a9	JS: Fixes	2020-05-15 09:59:27 +01:00
Asger Feldthaus	82d3a7eb23	JS: Go back to disjunction 😭	2020-05-15 09:59:27 +01:00
Asger Feldthaus	c45d84f8f3	JS: Update getRouteHandlerParameter and router tracking	2020-05-15 09:59:27 +01:00
Asger Feldthaus	9cacfab7c6	JS: Recognize Express param value callback as RemoteFlowSource	2020-05-15 09:59:26 +01:00
Geoffrey White	48f3db3fbe	Merge branch 'master' into fp2762	2020-05-15 09:55:30 +01:00
Erik Krogh Kristensen	6d79bab7e4	rename Fs to FS	2020-05-15 10:54:08 +02:00
Erik Krogh Kristensen	7df35a6bab	update change note	2020-05-15 09:52:59 +02:00
semmle-qlci	a536069059	Merge pull request #3408 from esbena/js/unsafe-html-expansion Approved by asgerf, mchammer01	2020-05-15 08:24:12 +01:00
Tom Hvitved	01102b309b	C#: Rename predicates	2020-05-15 09:06:12 +02:00
Dave Bartolomeo	4614372873	C++/C#: Add QLDoc	2020-05-14 17:49:23 -04:00
Dave Bartolomeo	6c12b59f0f	C++/C#: Allow non-Phi memory operands to have no definition	2020-05-14 17:22:23 -04:00
Erik Krogh Kristensen	e7d1b12ac8	add test	2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen	6d2bffef72	add fs.open/openSync as ZipSlip sinks	2020-05-14 20:31:13 +02:00
Erik Krogh Kristensen	2d675262b2	use the generalized fs module in more places	2020-05-14 20:31:00 +02:00
Geoffrey White	6579c71866	C++: Change note.	2020-05-14 18:44:06 +01:00
Geoffrey White	df5e16c45d	C++: Add a 1.25 change note file (didn't we used to have templates for these?).	2020-05-14 18:41:14 +01:00
Geoffrey White	4a6021fb61	C++: Allow equality checking to block taint flow.	2020-05-14 18:32:38 +01:00
semmle-qlci	c06680a496	Merge pull request #3470 from asger-semmle/js/cache-module-import Approved by esbena	2020-05-14 17:20:04 +01:00

1 2 3 4 5 ...

12675 Commits