hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
149 Commits 1,746 Branches 166 Tags
a9f1e21363d648256eb49998a0b7c0ea323da655
Commit Graph

149 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Dave Bartolomeo
d975964674 Merge pull request #70 from hvitved/csharp/graph-tests 
C#: Do not use `@kind graph` in ql tests
 2018-08-18 10:04:07 -07:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Robert Marsh
4698d13a0d JavaScript: add change note 2018-08-17 10:16:51 -07:00
Robert Marsh
4da9d6d795 JavaScript: add support for Electron http client 2018-08-17 10:16:51 -07:00
Tom Hvitved
0edd0057fc C#: Do not use @kind graph in ql tests 2018-08-17 17:55:13 +02:00
Robert Marsh
bea298fcab Merge pull request #65 from dave-bartolomeo/dave/Graph 
C++: Make IR dump and AST dump tests use the official graph query format
 2018-08-16 17:33:30 -07:00
semmle-qlci
83c539ace6 Merge pull request #54 from denislevin/denisl/cs/ZipSlip 
Approved by calumgrant
 2018-08-16 20:01:53 +01:00
Dave Bartolomeo
3ebb7938f6 C++: Make IR dump and AST dump tests use the official graph query format 2018-08-16 10:14:56 -07:00
ian-semmle
692f416143 Merge pull request #40 from nickrolfe/dependent_template_alias 
C++: dependent template alias
 2018-08-15 17:41:24 +01:00
Geoffrey White
fdfbfb365f Merge pull request #62 from ian-semmle/302_1_test 
C++: Improve the JSF 3.02 rule 1 message, and add a test
 2018-08-15 17:22:33 +01:00
semmle-qlci
63180d484b Merge pull request #60 from pavgust/imp/c-wrapped-functions 
Approved by dave-bartolomeo, jbj
 2018-08-15 16:44:27 +01:00
Ian Lynagh
d2b4265b73 C++: Improve the JSF 3.02 rule 1 message, and add a test 2018-08-15 15:26:18 +01:00
Jonas Jensen
6225fcf2b8 Merge pull request #12 from pavgust/imp/c-locations 
Simplify C locations handling
 2018-08-15 16:14:31 +02:00
semmle-qlci
6132b2c419 Merge pull request #34 from esben-semmle/js/twitter_text-library 
Approved by xiemaisi
 2018-08-15 14:45:52 +01:00
ian-semmle
6e7b3ad90c Merge pull request #61 from Semmle/cpp-CODEOWNERS 
Remove @Semmle/cpp from CODEOWNERS
 2018-08-15 13:36:59 +01:00
semmle-qlci
12577f0280 Merge pull request #47 from jbj/ir-perf-blocks-etc 
Approved by dave-bartolomeo
 2018-08-15 12:53:43 +01:00
Nick Rolfe
6b6749854e Remove @Semmle/cpp from CODEOWNERS 2018-08-15 12:32:54 +01:00
Nick Rolfe
df1f51463f C++: extend test to cover template aliases 2018-08-15 10:44:51 +01:00
Nick Rolfe
5bef9f7118 C++: test for resolving specialisations dependent on template aliases 2018-08-15 10:44:51 +01:00
Geoffrey White
f904aed016 Merge pull request #57 from jbj/suites-in-ql-repo 
C++: Move C/C++ suites to ql repo
 2018-08-15 10:19:08 +01:00
semmle-qlci
8e5059f43a Merge pull request #58 from xiemaisi/js/demote-heterogeneous-comparison 
Approved by asger-semmle
 2018-08-15 09:01:24 +01:00
Max Schaefer
105b6c9d84 Merge pull request #59 from tibbes/js/fix-qhelp-typo 
JS: fix typo in qhelp (parameter type confusion)
 2018-08-15 08:36:25 +01:00
Esben Sparre Andreasen
a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Denis Levin
a09e7db08d Removing @precision high tag 2018-08-14 18:41:21 -07:00
Denis Levin
cdc065cc38 Merge pull request #1 from calumgrant/cs/ZipSlip 
C#: Fix the unit tests for ZipSlip
 2018-08-14 18:35:48 -07:00
Pavel Avgustinov
d999ada22c FunctionsWithWrappers: Simplify/tidy library. 2018-08-14 17:16:15 -07:00
Pavel Avgustinov
628edc9577 definitions.qll: Tidy up handling of type mentions 2018-08-14 16:38:57 -07:00
Pavel Avgustinov
3bc06627e1 Simplify definitions.qll for C++. 2018-08-14 16:38:56 -07:00
Pavel Avgustinov
382ae85431 Simplify location handling for C++ locations. 2018-08-14 16:38:56 -07:00
Max Schaefer
303b0a0027 JavaScript: Demote HeterogenousComparison to warning level. 2018-08-14 15:54:07 +01:00
Geoffrey White
031964e853 Merge pull request #30 from jbj/incomplete-parity-check-medium 
C++: Downgrade cpp/incomplete-parity-check from high to medium precision [CPP-236]
 2018-08-14 15:19:02 +01:00
semmle-qlci
8323a77a48 Merge pull request #56 from xiemaisi/js/import-globals 
Approved by asger-semmle
 2018-08-14 14:45:40 +01:00
Jonas Jensen
dc22833259 C++: Factor out IRBlock.qll differences 
All three `IRBlock.qll` files are now identical again, and they are just
a thin object-oriented layer on top of the three
`IRBlockConstruction.qll` files, two of which are identical.
 2018-08-14 14:12:26 +02:00
Julian Tibble
5456ffb64c JS: fix typo in qhelp (parameter type confusion) 2018-08-14 13:07:20 +01:00
calum
fc5963b831 C#: Rename filename in expected test output. 2018-08-14 13:00:25 +01:00
calum
82f0c389c7 C#: Update test references to use .NET Core, and change relative directory of moved test file. 2018-08-14 12:52:26 +01:00
Jonas Jensen
da02c45102 Merge pull request #36 from rdmarsh2/rdmarsh/cpp/add-security-tags 
C++: add security tags to more queries
 2018-08-14 12:07:28 +02:00
Jonas Jensen
3e1247257f C++: Move C/C++ suites to ql repo 
As the queries live here, it makes sense for the suites to be versioned
together with them. The LGTM suite has already been moved. This commit
moves the actively-maintained non-LGTM suites.
 2018-08-14 11:41:31 +02:00
Geoffrey White
58a2639518 Merge pull request #53 from pavgust/imp/no-macro-getenclosingelement 
Element::getEnclosingElement: Skip macro information.
 2018-08-14 09:43:23 +01:00
Max Schaefer
886329689f JavaScript: Teach globalVarRef about top-level this and the global npm package. 2018-08-14 09:15:15 +01:00
Max Schaefer
9de527fbe2 Merge pull request #49 from asger-semmle/array-map-taint 
JavaScript: add taint steps through Array 'join' and 'map' methods
 2018-08-14 08:07:54 +01:00
Max Schaefer
8a98e3cc56 Merge pull request #50 from xiemaisi/js/node-detector-test-output 
JavaScript: Update expected test output due to changes in Node.js detector.
 2018-08-14 08:07:33 +01:00
Denis Levin
cee996c543 Adding .expected file to QLTest 2018-08-13 15:04:15 -07:00
Denis Levin
242fba3fd2 cs: Query for ZipSlip vulnerability (CVE-2018-1002200) 
Initial check in to validate the tests
 2018-08-13 14:56:45 -07:00
Pavel Avgustinov
64338b0581 Element::getEnclosingElement: Skip macro information. 
Previously, we would try to find an element enclosing each macro
access. This is not in general well-defined, especially in the
context of template instantiations -- macros are a lexing-time
concept, and don't map cleanly onto AST elements.
 2018-08-13 22:16:49 +01:00
Robert Marsh
9cf599fb59 C++: remove some tags in response to PR comments 2018-08-13 10:25:10 -07:00
Tom Hvitved
9d2dd97f18 Merge pull request #51 from calumgrant/cs/lgtm-query-suites-submodule 
C#: Move query suite files into submodule
 2018-08-13 17:21:58 +02:00
calum
9d010775b8 C#: Move query suite files into submodule. 2018-08-13 15:03:37 +01:00