hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,133 Commits 1,673 Branches 157 Tags
deedc8c2d709e6313d11239b80892dfd3da35128
Commit Graph

17133 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
deedc8c2d7 aggregate the tests in library-tests/TypeScript/TypeParameters into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
c9a0179f42 aggregate the tests in library-tests/TypeScript/Enums into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
fcee5fa960 aggregate the tests in library-tests/TypeScript/Modifiers into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
1e76471791 aggregate the tests in library-tests/TypeScript/TypeVariableTypes into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
a667b69d91 aggregate the tests in library-tests/NodeJS into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
c8af1d15ab aggregate the tests in library-tests/TypeScript/Types into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
69093629e9 aggregate the tests in library-tests/XML into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
4f28b6ddd8 aggregate the tests in frameworks/UrlLibraries into a single .ql file 2020-10-20 14:08:53 +02:00
Erik Krogh Kristensen
3e532c235b aggregate the tests in library-tests/DataFlow into a single .ql file 2020-10-20 14:08:53 +02:00
CodeQL CI
8b084ffe22 Merge pull request #4518 from asgerf/js/fix-oom 
Approved by erik-krogh
 2020-10-20 03:37:00 -07:00
Mathias Vorreiter Pedersen
528afc55ab Merge pull request #3788 from geoffw0/callderef 
C++: Add bcopy to models and use it.
 2020-10-20 12:15:23 +02:00
CodeQL CI
4cc7138784 Merge pull request #4507 from erik-krogh/template 
Approved by asgerf
 2020-10-20 02:45:00 -07:00
Geoffrey White
f9987cff64 C++: Update QLDoc comment. 2020-10-20 09:36:33 +01:00
Asger Feldthaus
78c85775e3 JS: Do not extend AdditionalTaintStep in the ldap library 2020-10-20 09:07:12 +01:00
Dave Bartolomeo
3587235b4f Merge pull request #4471 from github/igfoo/unnamed 
C++: Be more consistent about unnamed entities
 2020-10-19 15:18:34 -04:00
Ian Lynagh
987c16ed53 Merge remote-tracking branch 'upstream/main' into igfoo/unnamed 2020-10-19 19:09:41 +01:00
Geoffrey White
a426412b4e Merge pull request #4497 from vadi2/patch-1 
Add modern C++ variant
 2020-10-19 19:09:23 +01:00
CodeQL CI
4c5ecb4093 Merge pull request #4478 from erik-krogh/homegrownCsrf 
Approved by asgerf
 2020-10-19 11:04:10 -07:00
CodeQL CI
502faa7d1c Merge pull request #4494 from erik-krogh/callLimit 
Approved by asgerf
 2020-10-19 11:03:25 -07:00
Robert Marsh
5d9f54e797 Merge pull request #4502 from dbartol/dbartol/PrintLoadStoreTargets 
C++: Print target variable name for `Load` and `Store`, if known
 2020-10-19 13:30:39 -04:00
Geoffrey White
8646d5c811 C++: Fix test failure (we no longer have taint flow from the size parameter). 2020-10-19 17:37:11 +01:00
Geoffrey White
541a449bc4 Merge branch 'main' into callderef 2020-10-19 17:15:33 +01:00
Vadim Peretokin
aa578ed334 Update cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-10-19 16:58:17 +02:00
Anders Schack-Mulligen
4ce41854a4 Merge pull request #4508 from smowton/smowton/fix/droid-webview-test-data 
Fix test data for WebView experimental query
 2020-10-19 16:29:20 +02:00
CodeQL CI
5ead4244fe Merge pull request #4450 from asgerf/js/angular 
Approved by erik-krogh
 2020-10-19 07:25:59 -07:00
Chris Smowton
4fa2a79b41 Fix test data for WebView experimental query 2020-10-19 14:57:18 +01:00
Erik Krogh Kristensen
ce95676130 add express.csrf as an CSRF protecting middleware 2020-10-19 15:39:02 +02:00
CodeQL CI
d644a30b19 Merge pull request #4434 from erik-krogh/printAST 
Approved by asgerf
 2020-10-19 04:42:42 -07:00
Vadim Peretokin
f403c9d02c Update cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-10-19 12:49:32 +02:00
Erik Krogh Kristensen
ca0870da53 update expected output from InterfaceDefinition -> InterfaceDeclaration change 2020-10-19 12:36:48 +02:00
CodeQL CI
2e52cbeb4a Merge pull request #4499 from max-schaefer/js/module_compile 
Approved by asgerf
 2020-10-19 03:06:21 -07:00
Erik Krogh Kristensen
8f6165cd5f print synthetic constructors in PrintAst.ql 2020-10-19 11:10:14 +02:00
Erik Krogh Kristensen
5b1ed97d68 Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-19 11:01:06 +02:00
Erik Krogh Kristensen
8c44392638 add local dataflow to js/template-syntax-in-string-literal 2020-10-19 10:58:40 +02:00
Max Schaefer
e1d90e90ad JavaScript: Add modelling for Module.prototype._compile. 2020-10-19 09:42:17 +01:00
Chris Smowton
3e03db178f Merge pull request #4483 from smowton/smowton/admin/droid-webview-pr-rebase 
Rebase of #3706
 2020-10-19 09:29:04 +01:00
Mathias Vorreiter Pedersen
7942d7332a Merge pull request #4501 from dbartol/dbartol/PrintPartialFlow 
C++: Annotate IR with partial flow info
 2020-10-18 17:48:54 +02:00
Dave Bartolomeo
a80c6fbf97 C++: Print target variable name for Load and Store, if known 
Now that we've started printing the targets of `Call` instructions in the IR dumps, I figured I might as well print the names of the variable being loaded or stored as well. We could potentially extend this to match fields, array elements, etc., but that's quite a bit more work.
 2020-10-17 14:21:27 -04:00
Dave Bartolomeo
100f13f202 C++: Annotate IR with partial flow info 
I've added one more property to the annotations provided by `PrintIRLocalFlow.qll`: The `pflow` property will now be emitted for any operand or instruction for which `configuration.hasPartialFlow` determines that there is partial flow to that node. This requires that partial flow be enabled via overriding `Configuration::explorationLimit()` in order to display. Otherwise, you'll still just get the local flow info as before.
 2020-10-17 13:17:08 -04:00
Robert Marsh
7f2aa81d0b Merge pull request #4498 from dbartol/dbartol/PrintCallTargets 
C++: Print static call target for `Call` instruction in dumps
 2020-10-16 16:46:33 -04:00
Asger Feldthaus
f0034138ce JS: Fix DefaultFlowLabels test 2020-10-16 18:13:13 +01:00
Asger Feldthaus
4137d3f971 JS: Split CWE-079 tests into their own folders 2020-10-16 17:32:36 +01:00
Dave Bartolomeo
6a6eadcf50 C++: Print static call target for Call instruction in dumps 2020-10-16 11:53:27 -04:00
Chris Smowton
5a480bfb13 Give query an id and PathGraph query predicates 2020-10-16 16:19:58 +01:00
Vadim Peretokin
8933bbd672 Add modern C++ variant 2020-10-16 17:11:41 +02:00
Erik Krogh Kristensen
8cf21e3b2b autoformat 2020-10-16 16:56:35 +02:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Tom Hvitved
d91ea55f0c Merge pull request #4440 from aschackmull/dataflow/adaptive-field-precision 
Dataflow: Adaptive field flow precision
 2020-10-16 15:08:56 +02:00
Erik Krogh Kristensen
27a2cd310d inline value in nodeLeadingToCsrfWrite 2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen
017c73dce3 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-16 14:20:40 +02:00