hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,529 Commits 1,712 Branches 163 Tags
db3060d33670891495256fedeb5aee3ecfda4df7
Commit Graph

4529 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
db3060d336 JS: Add missing override 2019-04-26 16:56:04 +01:00
Asger F
a17756c3d5 JS: Fix formatting 2019-04-26 16:56:04 +01:00
Asger F
2f98acaf6e JS: upgrade script 2019-04-26 16:56:04 +01:00
Asger F
f99db08542 JS: Update trap files 2019-04-26 16:56:04 +01:00
Asger F
393a9fd7b0 JS: Add change notes 2019-04-26 16:56:04 +01:00
Asger F
9086dfdc6f JS: TypeAnnotation.getType() for backwards compatibility 2019-04-26 16:56:04 +01:00
Asger F
e9fcb670ff JS: Provide source locations for JSDocTypeExpr 2019-04-26 16:56:04 +01:00
Asger F
cf8c327a10 JS: make TypeAnnotation extend Locatable 2019-04-26 16:56:04 +01:00
Max Schaefer
c44f99a204 Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-04-26 16:56:04 +01:00
Asger F
6eb8c692b1 JS: Add partial backwards compatibility with ASTNode 2019-04-26 16:56:04 +01:00
Asger F
e295c3a224 JS: Add JSDoc test 2019-04-26 16:56:04 +01:00
Asger F
6b2b64cb2e JS: test case with unresolved types in TS 2019-04-26 16:56:04 +01:00
Asger F
c9c9a32a37 JS: hasQualifiedName 2019-04-26 16:56:04 +01:00
Asger F
454fff1398 JS: Implement getAnUnderlyingType(). 2019-04-26 16:56:04 +01:00
Asger F
8458a64642 JS: implement isXXX methods in JSDocTypeExpr classes 2019-04-26 16:56:04 +01:00
Asger F
c92a6b72b5 JS: Update getTypeAnnotation() to return TypeAnnotations 2019-04-26 16:56:04 +01:00
Asger F
be5d90d4e7 JS: Make use of JSDocParamTag 2019-04-26 16:56:04 +01:00
Asger F
967752c6c1 JS: Add TypeAnnotations class 2019-04-26 16:56:04 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Robert Marsh
f5c57b77e6 C++: fix whitespace 2019-04-25 16:16:27 -07:00
Mark Shannon
2db06f9881 Merge pull request #1282 from taus-semmle/python-various-dist-compare-fixes 
Python: Add missing `override` annotations.
 2019-04-25 18:39:01 +01:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Taus Brock-Nannestad
c8cbae37d9 Python: Add missing override annotations. 2019-04-25 16:48:47 +02:00
semmle-qlci
3231b60e6b Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Asger F
47ba7d3004 Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
semmle-qlci
a504ad4261 Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
Taus
0917936100 Merge pull request #1273 from markshannon/python-fix-odasa-7890 
Add test confirming correct handling of zope.interface.Interface in query.
 2019-04-24 11:59:35 +02:00
Asger F
a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Jonas Jensen
1dcfd21a5c Merge pull request #1264 from geoffw0/redundantnullperf 
CPP: Add qhelp for RedundantNullCheckSimple.ql.
 2019-04-24 10:25:23 +02:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
semmle-qlci
060aa8cb6c Merge pull request #1274 from asger-semmle/ts-export-equals 
Approved by xiemaisi
 2019-04-23 17:07:52 +01:00
Asger F
08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00
Robert Marsh
34f8653979 C++: change note for taint def-by-ref 2019-04-22 10:46:36 -07:00
Robert Marsh
262f724235 C++: add taint edges to DefinitionByReferenceNode 2019-04-22 10:39:02 -07:00
Robert Marsh
45a35a8572 Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling 
C++: string pooling in IR value numbering
 2019-04-22 09:29:44 -07:00
Robert Marsh
e7ca6c8bd9 C++: test for value number string pooling 2019-04-19 10:50:52 -07:00
Robert Marsh
3907ef98a3 C++: value number string constants 2019-04-18 16:14:54 -07:00
yh-semmle
04954f77de Merge pull request #1262 from sb-semmle/more-spring-sources 
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
 2019-04-18 18:08:44 -04:00
Sebastian Bauersfeld
734fe542ab Update change notes. 2019-04-18 16:37:08 -04:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00
Geoffrey White
eaed0004a3 CPP: Add qhelp for RedundantNullCheckSimple.ql. 2019-04-18 12:47:07 +01:00
Asger F
f3c80c738e JS: Unify access paths for captured variables 2019-04-18 11:27:15 +01:00
Asger F
e543097c45 JS: Add test 2019-04-18 11:26:39 +01:00
Geoffrey White
56e0adf152 CPP: Change note. 2019-04-18 10:34:20 +01:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Geoffrey White
1ba8364c3b CPP: Add more test cases. 2019-04-18 10:28:34 +01:00