hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 17:50:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,404 Commits 1,673 Branches 157 Tags
deae9256ddbcbf2e47ed22a1d5df26e906bfd519
Commit Graph

16404 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
deae9256dd add convenience method to API graphs 2020-09-29 17:08:00 +02:00
yoff
60c310d1bf Merge pull request #4361 from RasmusWL/python-new-flask-perf-fix 
Python: Hotfix performance problem with flask methods
 2020-09-29 15:41:14 +02:00
CodeQL CI
d7add29dc2 Merge pull request #4359 from erik-krogh/cookieWrites 
Approved by esbena
 2020-09-29 06:32:01 -07:00
CodeQL CI
910c19e613 Merge pull request #4348 from erik-krogh/needle 
Approved by esbena
 2020-09-29 02:57:32 -07:00
Erik Krogh Kristensen
51f1f03f5f add change note for js/missing-token-validation 2020-09-29 11:56:10 +02:00
CodeQL CI
11f39a9d88 Merge pull request #4342 from erik-krogh/track-where-prop 
Approved by asgerf
 2020-09-29 02:09:53 -07:00
Rasmus Wriedt Larsen
fee279f952 Python: Hotfix performance problem with flask methods 
This improves runtime for command injection query on
https://lgtm.com/projects/g/alibaba/funcraft from +200 seconds (I did not care
to wait more) down to ~55 seconds on my machine.

This type of tracking predicate with string as additional argument apparently
causes trouble :|
 2020-09-29 11:00:57 +02:00
Erik Krogh Kristensen
89195d7ada add change note for needle 2020-09-29 10:13:48 +02:00
Erik Krogh Kristensen
52d94f6177 use getABoundCallbackParameter instead of getCallback and getParameter. 2020-09-29 10:12:46 +02:00
CodeQL CI
060c19a063 Merge pull request #4352 from erik-krogh/destructing-redirect 
Approved by esbena
 2020-09-28 12:31:42 -07:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00
Ian Lynagh
8a76195f04 Merge pull request #4356 from github/igfoo/front_end 
C++: accept test changes from extractor frontend upgrade
 2020-09-28 17:27:37 +01:00
Tom Hvitved
93edaa75eb Merge pull request #4309 from tamasvajk/feature/enum-value-init 
Extract constant value of enum member equal clauses
 2020-09-28 16:18:10 +02:00
CodeQL CI
75262ddace Merge pull request #4328 from erik-krogh/indirect-fix2 
Approved by esbena
 2020-09-28 04:55:19 -07:00
Jonas Jensen
165779ea09 Merge pull request #4343 from rdmarsh2/rdmarsh2/cpp/ir-construction-qldoc 
C++: Add some IR QLDoc
 2020-09-28 13:37:12 +02:00
Nick Rolfe
7609ce2d47 C++: accept test changes from extractor frontend upgrade 2020-09-28 12:23:26 +01:00
CodeQL CI
18bdc054cd Merge pull request #4347 from max-schaefer/js/handle-empty-pkgjson 
Approved by asgerf
 2020-09-28 02:42:21 -07:00
Joe Farebrother
274147c87a Merge pull request #4339 from joefarebrother/printAST-java-var-decls 
Java: Add synthetic nodes for `LocalVariableDeclExpr`s in the AST view
 2020-09-28 10:21:25 +01:00
Tamas Vajk
a635503be0 Add test cases to UselessCastToSelf 2020-09-28 11:04:22 +02:00
Tamas Vajk
3577b27f49 Fix to not report on enum member initialization 2020-09-28 11:04:22 +02:00
Tamas Vajk
77bb1b2cd9 C#: Extract constant value of enum member equal clauses 2020-09-28 11:04:22 +02:00
Tamas Vajk
a6b62a3838 C#: Add enum init value test 2020-09-28 10:56:50 +02:00
Tamás Vajk
20c4d94ccc Merge pull request #4318 from tamasvajk/feature/pointer-cast 
C#: Add implicit cast from array to pointer
 2020-09-28 09:34:54 +02:00
Erik Krogh Kristensen
664342dd0f change SimpleParameter to Parameter in the express model to support destructuring parameters 2020-09-26 21:31:06 +02:00
Robert Marsh
713bdae77a C++: sync identical files 2020-09-25 13:54:58 -07:00
Taus
fc84286b56 Merge pull request #3830 from yoff/SharedDataflow_FieldFlow 
Python: Shared dataflow: Field flow
 2020-09-25 14:53:57 +02:00
CodeQL CI
ea5feb2b0a Merge pull request #4331 from erik-krogh/DVNA-files 
Approved by esbena
 2020-09-25 05:21:03 -07:00
Erik Krogh Kristensen
6b9aea82ca model method calls in the needle library 2020-09-25 14:13:31 +02:00
Erik Krogh Kristensen
a22ddb145b model calls to needle 2020-09-25 13:53:22 +02:00
Rasmus Lerchedahl Petersen
4621e6d8c0 Python: fix QL format 2020-09-25 13:37:39 +02:00
Rasmus Lerchedahl Petersen
88bba46698 Python: Modify tests based on review 
The extra hist in `test.py` seen in `globalStep.expected`
are due to the removal of manual filtering code.
(That code was from when dataflow had many strange things in it.)
 2020-09-25 13:35:30 +02:00
Max Schaefer
0ccbaf9e88 JavaScript: Handle empty package.json files gracefully. 2020-09-25 12:12:39 +01:00
Joe
5256c0ba39 Java: Improve PrintAst tests and rename things 
Add tests for `EnhcancedForStmt`s and `InstanceOfExpr`s.
Rename LocalVarDeclParent to SingleLocalVarDeclParent
 2020-09-25 11:31:56 +01:00
yoff
c56ff986d4 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-25 11:56:50 +02:00
CodeQL CI
4deb43f361 Merge pull request #4323 from RasmusWL/python-new-command-injection-query 
Approved by tausbn
 2020-09-25 02:39:46 -07:00
CodeQL CI
7b1dbb4364 Merge pull request #4337 from max-schaefer/js/fix-indirect-command-injection 
Approved by asgerf
 2020-09-25 00:18:55 -07:00
Robert Marsh
1445b31864 C++: QLDoc for Operand 2020-09-24 16:34:16 -07:00
Robert Marsh
e51b9215e4 C++: QLDoc for Overlap in IR construction 2020-09-24 15:56:29 -07:00
Robert Marsh
e9b1d817c7 C++: QLDoc for VirtualVariable in IR construction 2020-09-24 15:55:57 -07:00
Erik Krogh Kristensen
b8154d41b1 type-track objects where the "$where" property has been written 2020-09-24 20:55:25 +02:00
CodeQL CI
19316930cd Merge pull request #4310 from asgerf/js/extract-xml-with-codeql 
Approved by aibaars, esbena
 2020-09-24 10:14:46 -07:00
Jonas Jensen
e012dce755 Merge pull request #4334 from github/faster-skip-copy-value-instructions 
C++: Manual recursion in `skipCopyValueInstructions`
 2020-09-24 16:43:25 +02:00
Anders Schack-Mulligen
3ef3e6e140 Merge pull request #4319 from hvitved/python-java-block-precedes-var 
Java/Python: Reduce size of `blockPrecedesVar`
 2020-09-24 16:07:49 +02:00
Joe
9c8a468237 Java: PrintAst: Add synthetic nodes for other declarations 2020-09-24 14:31:24 +01:00
Joe
3e960c1e0b Java: PrintAst: Refactor exceptions to the usual AST of expressions and statements using dispatch 2020-09-24 14:31:24 +01:00
Joe
1f99607624 Java: PrintAst: Improve test 2020-09-24 14:31:24 +01:00
Joe
45651cf123 Java: PrintAst: Add a synthetic node for the initialisers of for statements 2020-09-24 14:31:24 +01:00
Anders Schack-Mulligen
d4d4c0f3f9 Merge pull request #4325 from aibaars/hibernate-changenote 
Java: change note for Hiberate ORM improvements
 2020-09-24 12:58:45 +02:00
Erik Krogh Kristensen
6163e6cf5f adjust test case for XML entity expansion 2020-09-24 09:53:06 +02:00
Mathias Vorreiter Pedersen
780a07e89c Merge pull request #4332 from jbj/ExtendedRangeAnalysis-stub 
C++: ExtendedRangeAnalysis stub implementation
 2020-09-24 09:01:06 +02:00