hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-16 02:11:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,891 Commits 1,785 Branches 169 Tags
bee2ddaf266e475da7053bfdddf0b9ebc7ca9bca
Commit Graph

316 Commits

Author SHA1 Message Date
Jonas Jensen
a4b3b1e8c8 Merge pull request #653 from geoffw0/ex-ch-notes 
CPP: Additional change notes (for 1.20)
 2018-12-10 16:59:12 +01:00
Geoffrey White
709fd6382a CPP: Change note for #562. 2018-12-10 13:51:15 +00:00
Geoffrey White
6b7337d766 CPP: Change note for #540. 2018-12-10 13:42:17 +00:00
Geoffrey White
d3c6d83786 CPP: Change note. 2018-12-07 18:43:27 +00:00
calumgrant
67d4099e3f Merge pull request #593 from hvitved/csharp/nullness 
C#: Rewrite nullness queries
 2018-12-07 15:57:27 +00:00
semmle-qlci
9e73ed71b9 Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization 
Approved by mc-semmle
 2018-12-06 20:46:37 +00:00
Esben Sparre Andreasen
56fb63adbc JS: change notes for js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
semmle-qlci
3397533045 Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Geoffrey White
f6a87574f0 CPP: Add query ID to change note. 2018-12-05 13:55:46 +00:00
Geoffrey White
d0a0d2300e CPP: Change note. 2018-12-05 10:03:21 +00:00
Max Schaefer
3c00d4be6d Merge pull request #607 from esben-semmle/js/more-react-methods 
JS: model additional React component methods
 2018-12-05 08:00:16 +00:00
semmle-qlci
d05b11f00d Merge pull request #587 from asger-semmle/incorrect-suffix-check 
Approved by mc-semmle, xiemaisi
 2018-12-04 16:18:42 +00:00
yh-semmle
0ba7633e4d Merge pull request #553 from aschackmull/java/double-checked-locking 
Java: Add two double-checked-locking queries.
 2018-12-04 10:23:46 -05:00
Tom Hvitved
3bb3de23ce C#: Update change note 2018-12-04 16:08:41 +01:00
Asger F
7121a18eba JS: address comments 2018-12-04 10:40:43 +00:00
Esben Sparre Andreasen
b418968efb JS: add change note for improved React model 2018-12-04 10:55:24 +01:00
semmle-qlci
b58c263fd0 Merge pull request #602 from esben-semmle/js/additional-route-handlers-from-context 
Approved by xiemaisi
 2018-12-03 14:31:10 +00:00
Asger F
0462eb4b50 JS: add IncorrectSuffixCheck query 2018-12-03 11:23:02 +00:00
Esben Sparre Andreasen
88c69e2c9c JS: change note for tracked Hapi route handlers 2018-12-03 09:24:55 +01:00
Max Schaefer
52b8a6bb56 Merge branch 'master' into js/invalid-entity-transcoding 2018-11-30 16:49:20 +00:00
Tom Hvitved
d25bd598db C#: Add change note 2018-11-30 17:44:48 +01:00
Max Schaefer
10166be535 JavaScript: Add new query DoubleEscaping. 2018-11-30 09:39:00 +00:00
Max Schaefer
3ed40d5da1 Merge branch 'master' into range-analysis 2018-11-30 09:36:40 +00:00
semmle-qlci
1c5322274a Merge pull request #557 from esben-semmle/js/unused-react-variable 
Approved by xiemaisi
 2018-11-30 09:35:36 +00:00
Asger F
d4023fe95a JS: address review 2018-11-29 11:37:38 +00:00
Asger F
b2a82ae598 JS: add 1.20 change note 2018-11-29 11:26:31 +00:00
calum
f2d7b6ebe9 C#: Change notes. 2018-11-28 20:21:34 +00:00
Anders Schack-Mulligen
e2dd0ea083 Java: Add 2 double-checked-locking queries. 2018-11-28 13:52:34 +01:00
Esben Sparre Andreasen
72092529d1 JS: add change note for js/unused-local-variable 2018-11-28 13:25:26 +01:00
Esben Sparre Andreasen
f3c90114df JS: add empty 1.20 change note 2018-11-28 13:24:26 +01:00
Tom Hvitved
e069041bd5 Merge pull request #431 from calumgrant/cs/extractor/fsharp-core 
C#: Fix extraction of method signatures
 2018-11-26 15:07:33 +01:00
yh-semmle
f4ec168666 Merge pull request #533 from aschackmull/java/inherit-bugfix-changenote 
Java: Add change note for #459.
 2018-11-23 10:53:44 -05:00
Anders Schack-Mulligen
d24145831b Java: Add change note for #459. 2018-11-23 14:21:30 +01:00
Aditya Sharad
10dc183495 Merge pull request #512 from hvitved/csharp/autobuilder/dirs-proj 
C#: Recognize `.proj` files in autobuilder
 2018-11-23 13:18:04 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
calum
051dd191ac C#: Change notes. 2018-11-23 12:11:10 +00:00
Tom Hvitved
836daaf07b C#: Recognize .proj files in autobuilder 
When determining the target of `msbuild` or `dotnet build`, first look for `.proj`
files, then `.sln` files, and finally `.csproj`/`.vcxproj` files. In all three cases,
choose the project/solution file closest to the root.
 2018-11-23 09:32:12 +01:00
Geoffrey White
16be502d61 CPP: Add change note. 2018-11-22 15:50:13 +00:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
Jonas Jensen
1739cab896 Merge pull request #504 from geoffw0/more-change-notes 
CPP: Change notes
 2018-11-22 08:30:20 +01:00
semmle-qlci
62db19bee7 Merge pull request #492 from geoffw0/offsetuse 
Approved by dave-bartolomeo
 2018-11-21 17:26:48 +00:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
semmle-qlci
746b13a1bc Merge pull request #510 from xiemaisi/js/exclude-minified 
Approved by asger-semmle
 2018-11-21 16:06:22 +00:00
Geoffrey White
1b69006c20 CPP: Combine two of the Missing return statement change notes. 2018-11-21 15:09:09 +00:00
Geoffrey White
cab6f1e87c CPP: Backticks. 2018-11-21 14:39:22 +00:00
Jonas Jensen
4e2d40aad8 Merge pull request #484 from geoffw0/limitedscopefile 
CPP: Fix Limitedscopefile.ql
 2018-11-21 14:30:48 +01:00
Max Schaefer
19aa12106c JavaScript: Teach AutoBuild to exclude minified files from extraction by default . 
This adds default exclusion filters for `**/*.min.js` and `**/*-min.js` to the JavaScript auto-builder, meaning that files matching these patterns will no longer be extracted,
unless they are re-included in the `.lgtm.yml` file.

Alerts in minified code aren't shown by default anyway, so we can save ourselves some work by not analyzing them in the first place.

While including minified files in the snapshot can in theory improve analysis results in non-minified files, this is likely to be rare in practice.
 2018-11-21 12:27:39 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00