codeql

mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	f0343d0678	JS: use `isUserControlledObject` in js/type-confusion-through-parameter-tampering	2018-11-07 12:18:46 +01:00
Esben Sparre Andreasen	a2df4f9bfe	JS: mark Koa params as user-controlled objects	2018-11-07 12:18:46 +01:00
Tom Hvitved	5d8162cc8b	C#: Improve `AccessorCall::getArgument()` - Handle tuple assignments. - Handle compound `+=` assignments.	2018-11-07 11:30:04 +01:00
Tom Hvitved	48634d4c9a	Merge pull request #391 from calumgrant/cs/extractor/dump-args C#: Reduce extractor log size	2018-11-07 11:17:21 +01:00
Tom Hvitved	7423916214	C#: Add tests for calls to accessors with arguments	2018-11-07 10:38:36 +01:00
Max Schaefer	22640f891e	JavaScript: Make lodash/underscore recognition extensible.	2018-11-07 09:02:17 +00:00
Esben Sparre Andreasen	e6a190c06e	JS: replace .stripParens query uses w. .getUnderlyingReference	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	f04293f73c	JS: replace .stripParens library uses w. .getUnderlyingReference	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	43e215c7af	JS: replace .stripParens query uses w. .getUnderlyingValue	2018-11-07 09:32:02 +01:00
Esben Sparre Andreasen	030d9202de	JS: replace .stripParens library uses w. .getUnderlyingValue	2018-11-07 09:32:02 +01:00
semmle-qlci	4225e0bb44	Merge pull request #356 from asger-semmle/parameter-node Approved by xiemaisi	2018-11-07 08:31:05 +00:00
semmle-qlci	2457eb98df	Merge pull request #166 from asger-semmle/documentable-self-assign Approved by esben-semmle, xiemaisi	2018-11-07 08:30:17 +00:00
semmle-qlci	c20e24d549	Merge pull request #385 from asger-semmle/async-model Approved by xiemaisi	2018-11-07 08:28:37 +00:00
semmle-qlci	282d1e2096	Merge pull request #404 from asger-semmle/useless-conditional2 Approved by xiemaisi	2018-11-07 08:28:01 +00:00
Max Schaefer	212a78b5fc	Merge pull request #323 from esben-semmle/js/always-return-type-inference JS: additional return type inference	2018-11-07 08:25:28 +00:00
Jonas Jensen	6f2fd05480	Merge pull request #354 from geoffw0/return-exception CPP: Remove successor edges after calls to non-returning functions	2018-11-07 09:24:41 +01:00
Anders Schack-Mulligen	268de8de4f	Style guide: Fix whitespace.	2018-11-07 09:12:55 +01:00
Anders Schack-Mulligen	92f265844b	Java: Fix mixed tabs/spaces in qhelp examples.	2018-11-07 09:02:41 +01:00
Tom Hvitved	67e64f21d8	C#: Fix whitespaces	2018-11-07 08:52:38 +01:00
Max Schaefer	f75ce7a6ef	JavaScript: Fix project layout for trap tests.	2018-11-07 07:48:25 +00:00
Max Schaefer	afe271c679	JavaScript: Update file classification in `.lgtm.yml`.	2018-11-07 07:48:25 +00:00
Max Schaefer	52e5879a2d	JavaScript: Move extractor change notes.	2018-11-07 07:48:25 +00:00
Max Schaefer	4c4920c3a9	JavaScript: Open-source extractor.	2018-11-07 07:48:25 +00:00
Max Schaefer	5ffe45a80b	JavaScript: Fix mixed tabs/spaces in qhelp.	2018-11-07 07:40:51 +00:00
semmle-qlci	b38effd55b	Merge pull request #402 from geoffw0/tag-typos Approved by dave-bartolomeo	2018-11-07 00:59:21 +00:00
Raul Garcia	5212aa0911	Update .gitignore	2018-11-06 12:51:56 -08:00
Raul Garcia	5a35edfbe2	cpp: Incorrect not opeartor usage Marked as Low precision as Linux kernel code mix the usage of logical operators and bit-wise opeartors. warning C6317: incorrect operator: logical-not (!) is not interchangeable with ones-complement (~)	2018-11-06 12:49:33 -08:00
Jonas Jensen	e03b4f0cb6	Merge pull request #293 from geoffw0/zerosizebuffer CPP: Better handling of zero-sized buffers	2018-11-06 20:08:39 +01:00
semmle-qlci	33c02fe928	Merge pull request #355 from hvitved/csharp/guards-logic Approved by calumgrant	2018-11-06 19:06:30 +00:00
Dave Bartolomeo	62a5aef0de	Merge pull request #410 from jbj/range-analysis-tests C++: Tests for two range analysis bugs	2018-11-06 10:51:12 -08:00
Geoffrey White	b671ef504d	Merge pull request #413 from jbj/return-this-getblock C++: Restore `exists(getBlock())` in AV Rule 82	2018-11-06 17:04:05 +00:00
Geoffrey White	9c97176896	CPP: Tabs/spaces.	2018-11-06 17:01:30 +00:00
Anders Schack-Mulligen	fa3fa33c51	Java: Don't construct nonsense SSA for unreachable code.	2018-11-06 16:43:08 +01:00
Anders Schack-Mulligen	2004445817	Merge pull request #409 from yh-semmle/java/move-tests Java: move/tweak some tests	2018-11-06 16:38:03 +01:00
Jonas Jensen	9382c9d528	C++: Regression tests for AV Rule 82 Without the last commit, this addition to the test gives the following results: ``` +\| AV Rule 82.cpp:176:14:176:22 \| operator= \| Assignment operator in class Forgivable does not return a reference to this. \| +\| AV Rule 82.cpp:181:14:181:22 \| operator= \| Assignment operator in class Forgivable does not return a reference to this. \| ```	2018-11-06 16:13:44 +01:00
Esben Sparre Andreasen	e396a55653	JS: change notes for type inference improvements	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	a79a6a07b8	JS: stop tracking properties of object literals	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	a07c094437	JS: introduce TypeInferredCalleeWithAnalyzedReturnFlow	2018-11-06 16:04:46 +01:00
Esben Sparre Andreasen	fef3573152	JS: use global layer in AnalyzedNode::getABooleanValue and -getAType	2018-11-06 16:04:46 +01:00
Geoffrey White	792369917a	CPP: Fix CWE tags.	2018-11-06 14:36:12 +00:00
Geoffrey White	698f8953c7	CPP: Change note.	2018-11-06 14:29:08 +00:00
Geoffrey White	dd8aa5a8d9	CPP: Fix StrncpyFlippedArgs.ql as well.	2018-11-06 14:29:08 +00:00
Geoffrey White	ad44416189	CPP: Move the fix into Buffer.qll so that it applies to other queries.	2018-11-06 14:29:08 +00:00
Sauyon Lee	f99f44a571	If a destination buffer has size 0, there's probably some hackery going on	2018-11-06 14:29:08 +00:00
Jonas Jensen	da73a033e5	C++: Restore `exists(getBlock())` in AV Rule 82 I removed this condition in #362, thinking it was covered by the new conditions on return statements, but it turns out it wasn't in at least the following cases. 1. Assignment operators that are deleted or marked private in order to make them inaccessible. 2. Templates whose body was not extracted. While some of these results are technically valid, they are not nearly as interesting as the results that this query was designed to produce.	2018-11-06 13:42:20 +01:00
Asger F	1252cde7f3	JS: remove a comma	2018-11-06 12:24:34 +00:00
Asger F	dcf6218d1d	JS: update test expectations	2018-11-06 12:22:05 +00:00
Asger F	799cd33b88	JS: add change note	2018-11-06 12:13:34 +00:00
Asger F	c991d67fcb	JS: fix typos	2018-11-06 12:12:43 +00:00
Asger F	460521616c	JS: rename getIteratee to getIteratorCallback	2018-11-06 12:12:43 +00:00

1 2 3 4 5 ...

1415 Commits