hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,476 Commits 1,723 Branches 164 Tags
a499009f59d03f883c8fa742811febd5db85ca8a
Commit Graph

1476 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
a499009f59 Merge pull request #395 from esben-semmle/js/useless-defensive-code 
JS: add query: js/useless-defensive-code
 2018-11-13 16:55:59 +00:00
Max Schaefer
4fdfbb77cc Merge pull request #444 from esben-semmle/js/browser-based-client-requests 
JS: add models of $.ajax, $.getJSON and XMLHttpRequst
 2018-11-13 16:53:52 +00:00
Jonas Jensen
cd874f7982 Merge pull request #454 from geoffw0/move-tests 
CPP: Move the tests from library-tests/queries
 2018-11-13 10:19:56 +01:00
semmle-qlci
86e31a584e Merge pull request #447 from esben-semmle/js/indirect-sanitization 
Approved by asger-semmle
 2018-11-13 09:14:28 +00:00
Esben Sparre Andreasen
5666deac14 JS: rename js/useless-defensive-code to js/unneeded-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
1db2e6ca55 JS: add source code examples to docstrings 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
3aae1d17db JS: avoid two uses of getChildExpr(0) 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
15123da0b7 JS: minor fixup: only traverse LogNotExprs 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8ea9fd4cca JS: address review comments 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8b71b25a2a JS: annotate test file with expected results 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
a636319c97 JS: change notes for js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
7d4cf49545 JS: fixup double reporting of alerts 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
f440c9221a JS: replace some Expr.stripParens with Expr.getUnderlyingValue 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
358e6188d9 JS: downgrade other alerts to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
e29c57a58e JS: add whitelist to js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
b073fcfca2 JS: add query: js/useless-defensive-code 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
7b215ecb2b JS: recognize defensive programming patterns using typeof 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
c403416fef JS: recognize defensive expressions that prevents exceptions 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
6e77489a3b JS: add utilities for expression guards to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
a2ecf40878 JS: recognize defensive expressions for null/undefined 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
2b6ef24bc2 JS: add utilities to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
8086e88587 JS: add utilities to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
a5eeba3c3a JS: prepare DefensiveProgramming.qll for additions 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
c2fb14640e JS: move isDefensiveInit to DefensiveProgramming.qll 2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen
37b7b39ec6 JS: change notes for improved js/request-forgery 2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen
577b225429 JS: sort change notes table 2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen
ce0dd241f6 JS: add models of $.ajax, $.getJSON and XMLHttpRequst 2018-11-13 08:14:51 +01:00
semmle-qlci
2f0e693b38 Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options 
Approved by esben-semmle
 2018-11-12 20:32:35 +00:00
Max Schaefer
663bdd60a0 Merge pull request #396 from esben-semmle/js/unconditional-property-override 
JS: add query: js/unconditional-property-override
 2018-11-12 17:10:32 +00:00
Geoffrey White
1d464ae35d CPP: Merge the ExprHasNoEffect tests. 2018-11-12 16:26:50 +00:00
Geoffrey White
1417929cdf CPP: Merge the Todo/FixmeComments tests. 2018-11-12 16:26:50 +00:00
Geoffrey White
03cad6c084 CPP: Move the AV Rule 97 test. 2018-11-12 16:07:03 +00:00
Geoffrey White
2d665e51d0 CPP: Move the BitwiseSignCheck.ql test. 2018-11-12 16:07:03 +00:00
Jonas Jensen
0cb09b113f Merge pull request #251 from rdmarsh2/rdmarsh/cpp/sign-analysis 
C++: Sign analysis library
 2018-11-12 15:23:18 +01:00
Tom Hvitved
dd6fd400aa Merge pull request #335 from calumgrant/cs/cwe-937 
C#: New query VulnerablePackage
 2018-11-12 10:34:53 +01:00
Esben Sparre Andreasen
eaad84bb4f JS: add support for dis- and conjunctions in SanitizingFunction 2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen
ffc3d6ba49 JS: simplify test (move alerts four lines up) 2018-11-12 10:21:41 +01:00
Esben Sparre Andreasen
6d0c93b6a8 JS: introduce TaintTracking::AdditionalSanitizingCall 2018-11-12 10:21:39 +01:00
Esben Sparre Andreasen
2033bf81cc JS: address docstring review comments 2018-11-12 10:03:08 +01:00
Tom Hvitved
40def8d364 Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
semmle-qlci
c9d77a2d6d Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure 
Approved by asger-semmle
 2018-11-12 08:40:26 +00:00
semmle-qlci
bf18175f7a Merge pull request #445 from xiemaisi/js/aliases 
Approved by esben-semmle
 2018-11-12 08:39:11 +00:00
Jonas Jensen
e9dac22cfd Merge pull request #446 from geoffw0/minor-corrections 
CPP: Minor corrections to examples
 2018-11-12 09:30:39 +01:00
Jonas Jensen
0caf0f1f15 Merge pull request #430 from geoffw0/exprtemplate 
CPP: Exclude template code from ExprHasNoEffect.ql
 2018-11-12 09:27:36 +01:00
Robert Marsh
d9495da225 C++: fix test 2018-11-09 10:15:28 -08:00
Geoffrey White
09782d145e CPP: Annotate expr_has_no_effect test. 2018-11-09 17:23:59 +00:00
Geoffrey White
3f0e28aea9 CPP: Fix additional expr_has_no_effect test. 2018-11-09 17:23:59 +00:00
Max Schaefer
63933cdecd JavaScript: Don't extract extens with --experimental turned on. 
There isn't any particularly compelling reason for doing so.
 2018-11-09 16:22:55 +00:00
Max Schaefer
f7d693d06f JavaScript: Make default extractor options more sensible. 
We now use module auto-detection and no TypeScript mode.

This only affects extern extraction in `AutoBuild`, everything else sets these options explicitly.
We currently do not have any ES2015 modules or TypeScript code in our externs, so in practice this is behaviour-preserving.
 2018-11-09 16:21:35 +00:00
Geoffrey White
0e9c7fc085 Merge pull request #416 from raulgarciamsft/users/raulga/c6317 
cpp: Incorrect not operator usage
 2018-11-09 15:59:57 +00:00