hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,299 Commits 1,741 Branches 166 Tags
d9bdb2cd4e40e5185f201d30390915eb95c3eee3
Commit Graph

8299 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felicity Chapman
458108f66b Make 'open source' consistent on the page and with other docs 2019-11-01 14:08:50 +00:00
Felicity Chapman
692e977a71 Update docs/query-metadata-style-guide.md 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-11-01 13:44:23 +00:00
Felicity Chapman
236e1f7955 Update change notes for name change 2019-11-01 12:27:43 +00:00
Felicity Chapman
570e55190d Update style guides for name change 2019-11-01 12:22:05 +00:00
Felicity Chapman
02bb142e7c Update repository artifacts for name change 2019-11-01 12:21:24 +00:00
Shati Patel
bd08e8baaf Docs: Rename Sphinx project to "Learning CodeQL" 2019-11-01 11:22:36 +00:00
shati-patel
d94e91b39b Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-01 11:03:12 +00:00
semmle-qlci
e8e2f7bb20 Merge pull request #2240 from max-schaefer/js/indirect-command-argument-data-flow 
Approved by esbena
 2019-11-01 11:00:22 +00:00
Ziemowit Laski
3e1fd4a737 [CPP-434] Add table of constructs to Qhelp. Rewrite examples section. 2019-10-31 18:03:34 -07:00
Dave Bartolomeo
ea23c2daac Merge pull request #2188 from jbj/printast-override 
C++: Add a sample class in PrintAST.ql
 2019-10-31 17:02:20 -07:00
Dave Bartolomeo
e6f632b44e Merge pull request #2228 from jbj/DefaultTaintTracking-getASTVariable 
C++: Use getASTVariable in DefaultTaintTracking
 2019-10-31 17:00:49 -07:00
Dave Bartolomeo
2f63ab0250 Merge pull request #2150 from rdmarsh2/rdmarsh/cpp/ir-buffer-read-call-se 
C++: buffer read side effects on unmodeled funcs
 2019-10-31 16:59:51 -07:00
Rachel Mant
413f49bba5 Query cpp/unused-static-variable was producing incorrect results for constexpr variables 2019-10-31 22:50:44 +00:00
Robert Marsh
9477bd5698 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-buffer-read-call-se 2019-10-31 11:00:01 -07:00
semmle-qlci
d03aecaa98 Merge pull request #2235 from max-schaefer/js/issue-2233 
Approved by esbena
 2019-10-31 14:17:58 +00:00
Max Schaefer
03c9a40ba3 JavaScript: Add libraries for forward and backward data-flow exploration. 2019-10-31 12:37:31 +00:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
Max Schaefer
311cbd824c JavaScript: Recognize ":" pseudo-directive. 2019-10-31 11:39:09 +00:00
Tom Hvitved
ceea96e03f C#: Update change note 2019-10-31 12:00:16 +01:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
Robert Marsh
24c9b8b9b1 C++: fix unbound variables 2019-10-30 14:06:19 -07:00
Geoffrey White
ee3b49af3a Merge pull request #2219 from jbj/rangeanalysis-best-bound 
C++: Restrict the output of IR Range Analysis to the best bounds
 2019-10-30 17:18:59 +00:00
alistair
27d0b51c6b CPP & C#: Review of qhelp 
PR #2151 got merged without a review of the qhelp
by a technical writer.
The current PR makes changes I would have suggested on that PR.
 2019-10-30 16:10:03 +00:00
yh-semmle
8620b0513e Java: move UnsafeDeserialization.qll to standard library location 2019-10-30 11:18:36 -04:00
Max Schaefer
3bbded57d3 JavaScript: Autoformat. 2019-10-30 14:49:18 +00:00
Max Schaefer
bb0771b36c JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-10-30 14:49:01 +00:00
Max Schaefer
8c133ff61d JavaScript: Deal with (un-)escaping on captured variables. 2019-10-30 14:46:50 +00:00
Max Schaefer
a8214ce7ee JavaScript: Fix regexes for escaping schemes. 2019-10-30 14:15:59 +00:00
Max Schaefer
5349e0f881 JavaScript: Recognise wrapped chains of replacements. 2019-10-30 13:14:38 +00:00
Max Schaefer
02d16b1dc9 JavaScript: Recognise wrapped string replacement functions. 2019-10-30 13:01:17 +00:00
Max Schaefer
aaeca32519 JavaScript: Recognize string escaping using .replace with a callback. 2019-10-30 12:45:32 +00:00
Jonas Jensen
1e6c983d62 C++: Use getASTVariable in DefaultTaintTracking 
This library is not yet used in a query or test, so it broke silently
when `VariableAddressInstruction.getVariable` was removed.
 2019-10-30 13:42:17 +01:00
Max Schaefer
bd1c99d8a4 JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper. 2019-10-30 12:38:05 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
63f24476e9 JavaScript: Refactor DoubleEscaping.ql. 2019-10-30 10:59:14 +00:00
Aditya Sharad
ecd4c08cb4 Merge pull request #2225 from hvitved/csharp/autobuilder-tests 
C#: Update autobuilder tests
 2019-10-29 12:21:04 -07:00
Luke Cartey
d9d4aa30a9 Merge pull request #2214 from hmakholm/pr/upgrade-packs 
Make each upgrade directory a QL pack
 2019-10-29 16:45:02 +00:00
semmle-qlci
fde56cf290 Merge pull request #2223 from hvitved/csharp/autobuilder-curl-redirect 
Approved by jbj
 2019-10-29 15:38:02 +00:00
Rasmus Wriedt Larsen
87ec58aff1 Merge pull request #2221 from tausbn/python-unreachable-catch-all-assert 
Python: Do not report unreachable "catch-all" cases in `elif`-chains.
 2019-10-29 16:36:51 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
530fa2c11c JavaScript: Collapse edges instead of hiding nodes. 
Instead of skipping over initial and final nodes, we now introduce edges from source and to sink nodes that circumvent these nodes entirely.
 2019-10-29 15:30:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
278ea90049 JavaScript: Collapse flow labels at start/end nodes to avoid duplication. 2019-10-29 15:24:40 +00:00
Max Schaefer
316962233c JavaScript: Factor out MidPathNode into its own class. 2019-10-29 15:24:40 +00:00
Max Schaefer
7c56c9f999 JavaScript: Move suppression of hidden nodes into edges predicate. 
They should really only be hidden for display purposes.
 2019-10-29 15:19:26 +00:00
Max Schaefer
3373742077 JavaScript: Turn PathNode::getASuccessorInternal and PathNode::getAHiddenSuccessor into top-level predicates. 2019-10-29 15:19:26 +00:00
Max Schaefer
b6f4785645 JavaScript: Rename MkPathNode to MkMidNode. 2019-10-29 15:19:26 +00:00
Max Schaefer
d71faaa5f9 JavaScript: Introduce PathNode::wraps. 2019-10-29 15:19:26 +00:00
Max Schaefer
98e0932de5 JavaScript: Make Configuration::isLive nullary. 
This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.
 2019-10-29 15:19:26 +00:00
Tom Hvitved
edbdfdfa27 C#: Update autobuilder tests 2019-10-29 16:14:58 +01:00