hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,115 Commits 1,671 Branches 157 Tags
c91cdb519453af9945c232753e827d16dcfa0d60
Commit Graph

17115 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
c91cdb5194 JS: Address review comments 2020-10-20 12:00:02 +01:00
Asger Feldthaus
8779b7c1ce JS: Update expected output after rebase 2020-10-20 11:10:30 +01:00
Asger Feldthaus
aee970bee7 JS: Change note 2020-10-20 10:54:02 +01:00
Asger Feldthaus
28a73c1e18 JS: Add test case 2020-10-20 10:53:15 +01:00
Asger Feldthaus
6aac353777 JS: Update test output 2020-10-20 10:53:12 +01:00
Asger Feldthaus
50a015c73e JS: Move $() sink into separate dataflow config 2020-10-20 10:52:33 +01:00
CodeQL CI
4cc7138784 Merge pull request #4507 from erik-krogh/template 
Approved by asgerf
 2020-10-20 02:45:00 -07:00
Dave Bartolomeo
3587235b4f Merge pull request #4471 from github/igfoo/unnamed 
C++: Be more consistent about unnamed entities
 2020-10-19 15:18:34 -04:00
Ian Lynagh
987c16ed53 Merge remote-tracking branch 'upstream/main' into igfoo/unnamed 2020-10-19 19:09:41 +01:00
Geoffrey White
a426412b4e Merge pull request #4497 from vadi2/patch-1 
Add modern C++ variant
 2020-10-19 19:09:23 +01:00
CodeQL CI
4c5ecb4093 Merge pull request #4478 from erik-krogh/homegrownCsrf 
Approved by asgerf
 2020-10-19 11:04:10 -07:00
CodeQL CI
502faa7d1c Merge pull request #4494 from erik-krogh/callLimit 
Approved by asgerf
 2020-10-19 11:03:25 -07:00
Robert Marsh
5d9f54e797 Merge pull request #4502 from dbartol/dbartol/PrintLoadStoreTargets 
C++: Print target variable name for `Load` and `Store`, if known
 2020-10-19 13:30:39 -04:00
Vadim Peretokin
aa578ed334 Update cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-10-19 16:58:17 +02:00
Anders Schack-Mulligen
4ce41854a4 Merge pull request #4508 from smowton/smowton/fix/droid-webview-test-data 
Fix test data for WebView experimental query
 2020-10-19 16:29:20 +02:00
CodeQL CI
5ead4244fe Merge pull request #4450 from asgerf/js/angular 
Approved by erik-krogh
 2020-10-19 07:25:59 -07:00
Chris Smowton
4fa2a79b41 Fix test data for WebView experimental query 2020-10-19 14:57:18 +01:00
Erik Krogh Kristensen
ce95676130 add express.csrf as an CSRF protecting middleware 2020-10-19 15:39:02 +02:00
CodeQL CI
d644a30b19 Merge pull request #4434 from erik-krogh/printAST 
Approved by asgerf
 2020-10-19 04:42:42 -07:00
Vadim Peretokin
f403c9d02c Update cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-10-19 12:49:32 +02:00
Erik Krogh Kristensen
ca0870da53 update expected output from InterfaceDefinition -> InterfaceDeclaration change 2020-10-19 12:36:48 +02:00
CodeQL CI
2e52cbeb4a Merge pull request #4499 from max-schaefer/js/module_compile 
Approved by asgerf
 2020-10-19 03:06:21 -07:00
Erik Krogh Kristensen
8f6165cd5f print synthetic constructors in PrintAst.ql 2020-10-19 11:10:14 +02:00
Erik Krogh Kristensen
5b1ed97d68 Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-19 11:01:06 +02:00
Erik Krogh Kristensen
8c44392638 add local dataflow to js/template-syntax-in-string-literal 2020-10-19 10:58:40 +02:00
Max Schaefer
e1d90e90ad JavaScript: Add modelling for Module.prototype._compile. 2020-10-19 09:42:17 +01:00
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Mathias Vorreiter Pedersen
7942d7332a Merge pull request #4501 from dbartol/dbartol/PrintPartialFlow 
C++: Annotate IR with partial flow info
 2020-10-18 17:48:54 +02:00
Dave Bartolomeo
a80c6fbf97 C++: Print target variable name for Load and Store, if known 
Now that we've started printing the targets of `Call` instructions in the IR dumps, I figured I might as well print the names of the variable being loaded or stored as well. We could potentially extend this to match fields, array elements, etc., but that's quite a bit more work.
 2020-10-17 14:21:27 -04:00
Dave Bartolomeo
100f13f202 C++: Annotate IR with partial flow info 
I've added one more property to the annotations provided by `PrintIRLocalFlow.qll`: The `pflow` property will now be emitted for any operand or instruction for which `configuration.hasPartialFlow` determines that there is partial flow to that node. This requires that partial flow be enabled via overriding `Configuration::explorationLimit()` in order to display. Otherwise, you'll still just get the local flow info as before.
 2020-10-17 13:17:08 -04:00
Robert Marsh
7f2aa81d0b Merge pull request #4498 from dbartol/dbartol/PrintCallTargets 
C++: Print static call target for `Call` instruction in dumps
 2020-10-16 16:46:33 -04:00
Asger Feldthaus
f0034138ce JS: Fix DefaultFlowLabels test 2020-10-16 18:13:13 +01:00
Asger Feldthaus
4137d3f971 JS: Split CWE-079 tests into their own folders 2020-10-16 17:32:36 +01:00
Dave Bartolomeo
6a6eadcf50 C++: Print static call target for Call instruction in dumps 2020-10-16 11:53:27 -04:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
Vadim Peretokin
8933bbd672 Add modern C++ variant 2020-10-16 17:11:41 +02:00
Erik Krogh Kristensen
8cf21e3b2b autoformat 2020-10-16 16:56:35 +02:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Tom Hvitved
d91ea55f0c Merge pull request #4440 from aschackmull/dataflow/adaptive-field-precision 
Dataflow: Adaptive field flow precision
 2020-10-16 15:08:56 +02:00
Erik Krogh Kristensen
27a2cd310d inline value in nodeLeadingToCsrfWrite 2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen
017c73dce3 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen
c2338b218f Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:12:36 +02:00
CodeQL CI
1d9b0ce059 Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths 
Approved by asgerf
 2020-10-16 05:05:29 -07:00
Anders Schack-Mulligen
2b19a48030 Merge pull request #3880 from hvitved/dataflow/precise-aps 
Data flow: Precise access paths
 2020-10-16 13:54:35 +02:00
Anders Schack-Mulligen
b352605d12 Dataflow: Code review fixes. 2020-10-16 13:45:51 +02:00
Erik Krogh Kristensen
7598d31fc1 add change note 2020-10-16 13:35:31 +02:00
Erik Krogh Kristensen
b3d5f9c4dd support throttle like calls as partial calls 2020-10-16 13:33:02 +02:00
Anders Schack-Mulligen
664f04020f Revert "Dataflow: Count callables instead of nodes for fieldFlowBranchLimit." 
This reverts commit 1501a40de8.
 2020-10-16 12:51:50 +02:00
Anders Schack-Mulligen
1501a40de8 Dataflow: Count callables instead of nodes for fieldFlowBranchLimit. 2020-10-16 12:51:17 +02:00
Anders Schack-Mulligen
6aae51fa4f Dataflow: Sync. 2020-10-16 12:51:17 +02:00