hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,371 Commits 1,747 Branches 166 Tags
945fe45b6f0a9872e8fa6bf020862f2b06d40525
Commit Graph

12371 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
semmle-qlci
b2f1008a00 Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick 
Approved by asgerf
 2020-05-06 13:52:18 +01:00
Asger F
5725814774 Merge pull request #3403 from asger-semmle/js/getcontainer 
JS: Move getContainer to single rootdef (+fixes)
 2020-05-06 12:06:44 +01:00
Max Schaefer
9335a6cb79 JavaScript: Fix missing triple backtick in qldoc comment. 2020-05-06 11:40:00 +01:00
Anders Schack-Mulligen
3b3ca6d41e Merge pull request #3214 from aibaars/base64 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
 2020-05-06 09:21:18 +02:00
Jonas Jensen
63f04afa8d Merge pull request #3312 from hvitved/dataflow/impl-no-postupdate 
Data flow: Support stores into nodes that are not `PostUpdateNode`s
 2020-05-06 09:09:31 +02:00
semmle-qlci
9210660ea0 Merge pull request #3401 from erik-krogh/jsonLike 
Approved by esbena
 2020-05-06 08:00:44 +01:00
Asger F
b2da4fe491 Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 07:59:04 +01:00
Asger Feldthaus
926e79d272 JS: Autoformat 2020-05-06 07:59:04 +01:00
Asger Feldthaus
f51e846439 JS: Fix ClosureModule implementation 2020-05-06 07:59:04 +01:00
Asger Feldthaus
0f870a4992 JS: Use TCapturedVariableNode as starting point of callInputStep 2020-05-06 07:59:04 +01:00
Asger Feldthaus
4d6da19173 JS: Improve performance of getExceptionTarget 2020-05-06 07:59:04 +01:00
Asger Feldthaus
639f04386c JS: Avoid bad join ordering in ClosureModule 2020-05-06 07:59:04 +01:00
Asger Feldthaus
e52e1b26c6 JS: Upgrade script 2020-05-06 07:59:04 +01:00
Asger Feldthaus
5f710bc881 JS: Move definition of getContainer() to a single rootdef 2020-05-06 07:59:04 +01:00
semmle-qlci
86c5b38d62 Merge pull request #3341 from hvitved/csharp/generics-nested-types 
Approved by calumgrant
 2020-05-06 07:16:37 +01:00
Erik Krogh Kristensen
52392f2a6d autoformat 2020-05-05 22:33:53 +02:00
Robert Marsh
78d2ac1ff4 Merge pull request #3368 from Cornelius-Riemenschneider/local-ala 
C++: Add experimental Array Length Tracking library
 2020-05-05 13:05:52 -07:00
Felicity Chapman
0e0d0499bb Merge pull request #3413 from felicitymay/update-docs-reviews 
Update requirements for docs review
 2020-05-05 19:05:57 +01:00
Mathias Vorreiter Pedersen
114310700a Merge pull request #3414 from geoffw0/issue3356 
C++: Fix error in QLDoc.
 2020-05-05 18:07:49 +02:00
Anders Schack-Mulligen
11ffcc4378 Merge pull request #2912 from Mithrilwoodrat/master 
Add check for disabled HTTPOnly setting in Tomcat
 2020-05-05 14:39:32 +02:00
Geoffrey White
27490a35ae C++: Fix error in QLDoc. 2020-05-05 13:37:14 +01:00
Tom Hvitved
e8e27e0e00 C#: Address review comments 2020-05-05 14:28:13 +02:00
Tom Hvitved
3d37a49ccd C#: Add change note 2020-05-05 14:28:13 +02:00
Tom Hvitved
19c3e6a58d C#: Add DB upgrade script 2020-05-05 14:28:13 +02:00
Tom Hvitved
c324c388d0 C#: Refine UnboundGeneric and ConstructedGeneric 2020-05-05 14:28:13 +02:00
Tom Hvitved
8a01023dee C#: Add more generics tests 2020-05-05 14:28:13 +02:00
Tom Hvitved
4f7743058a C#: Restructure existing generics tests 2020-05-05 14:28:13 +02:00
Felicity Chapman
c0ebf12ab0 Update requirements for docs review 2020-05-05 13:25:19 +01:00
Erik Krogh Kristensen
a4eee7e88e more -> additional 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-05 14:01:39 +02:00
Tom Hvitved
e95cc24b3f Data flow: Support stores into nodes that are not PostUpdateNodes 2020-05-05 14:01:04 +02:00
Erik Krogh Kristensen
bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen
38db731e0b add change note and new test for js/incomplete-url-scheme-check 2020-05-05 13:38:27 +02:00
Erik Krogh Kristensen
f56915d99f add change note for js/xss 2020-05-05 13:36:50 +02:00
Erik Krogh Kristensen
3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen
8711a8744c update expected output 2020-05-05 13:27:32 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Erik Krogh Kristensen
4a26c293c1 fix number of arguments for String.prototype.split 2020-05-05 13:22:35 +02:00
Erik Krogh Kristensen
f586639703 change getSplitAt to getSeparator 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-05 13:22:21 +02:00
Matthew Gretton-Dann
52d8acc1a1 Merge pull request #3404 from nickrolfe/field_attrs 
C++: add test for attributes on fields
 2020-05-05 12:12:28 +01:00
Erik Krogh Kristensen
4b8b0cb379 update expected output 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
7af19559d4 add test case for location.split("?")[0] for DomBasedXss 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
4dcf944ccd use StringSplitCall in TaintedPath 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
22ec12b130 use split("?")[0] sanitizer is both DomBasedXSS and ClientSideUrlRedirect 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
Cornelius Riemenschneider
264763080e Autoformat, address review. 2020-05-05 08:52:52 +02:00
Erik Krogh Kristensen
eb7e0d6a62 still flag single-expression files that contain a function 2020-05-04 18:37:26 +02:00
Nick Rolfe
ae913fbf56 C++: update expected output to include field attribute 2020-05-04 16:17:59 +01:00