hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 22:43:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
637 Commits 1,690 Branches 160 Tags
e78a4e9f10b56f2ad771e7a5ce040bfca9bc9077
Commit Graph

637 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
e78a4e9f10 JS: update output from other Express tests 2018-09-26 07:58:44 +01:00
Asger F
ce11b5330d JS: recognize Express headers as RequestInputAccess 2018-09-26 07:58:44 +01:00
semmle-qlci
7f56be6fe2 Merge pull request #216 from asger-semmle/lusca-csrf 
Approved by esben-semmle
 2018-09-24 11:34:24 +01:00
semmle-qlci
46178271d1 Merge pull request #213 from asger-semmle/sendfile 
Approved by xiemaisi
 2018-09-24 11:32:46 +01:00
Jonas Jensen
d2f11dc18c Merge pull request #209 from dave-bartolomeo/dave/CNewLines 
LF all the things
 2018-09-24 09:02:54 +02:00
Dave Bartolomeo
396d7ea928 Mark several known binary extensions as -text 2018-09-23 16:24:32 -07:00
Dave Bartolomeo
1f36f5552f Normalize all text files to LF 
Use `* text=auto eol=lf`
 2018-09-23 16:24:31 -07:00
Dave Bartolomeo
26abf5d4a2 Force LF for basically everything. 2018-09-23 16:24:31 -07:00
Dave Bartolomeo
aa267c8302 C++: Force LF for .c,.cpp,.h,.hpp 2018-09-23 16:23:52 -07:00
Jonas Jensen
caf4a767ad Merge pull request #219 from geoffw0/resource-not-released 
C++: Exclude placement new from AV Rule 79.ql
 2018-09-22 17:41:36 +02:00
Geoffrey White
492d79ea53 CPP: Change note. 2018-09-21 21:13:37 +01:00
Geoffrey White
3922082e7d CPP: Tidy and simplify AV Rule 79.ql. 2018-09-21 19:35:23 +01:00
Nick Rolfe
e21a5e4b4c Merge pull request #214 from jbj/mergeback-20180921_104253 
Mergeback rc/1.18 -> master
 2018-09-21 17:54:28 +01:00
semmle-qlci
d281558fb1 Merge pull request #218 from yh-semmle/java/query-severities 
Approved by aschackmull
 2018-09-21 16:59:03 +01:00
Geoffrey White
d5a48ad63e CPP: Additional test cases. 2018-09-21 15:55:29 +01:00
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
d2a04d32be JS: add change note 2018-09-21 13:20:02 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
Asger F
6f109a742f JS: add a test case for res.sendfile 2018-09-21 11:04:33 +01:00
Geoffrey White
84f9900c8c CPP: Exclude placement new. 2018-09-21 10:53:42 +01:00
Geoffrey White
c7aa5c169b CPP: Add a test of placement new for AV Rule 79.ql. 2018-09-21 10:47:00 +01:00
Jonas Jensen
e2a17e9740 Merge remote-tracking branch 'upstream/rc/1.18' into mergeback-20180921_104253 2018-09-21 10:45:54 +02:00
Robert Marsh
69962bd06c Merge pull request #203 from dave-bartolomeo/dave/GVN 
C++: Initial attempt at IR-based value numbering
 2018-09-20 10:00:45 -07:00
Dave Bartolomeo
5a25602c28 C++: Move GVN out of "internal" directory 2018-09-20 08:21:15 -07:00
Dave Bartolomeo
27cee9bd80 C++: Handle inheritance conversions in IR GVN 2018-09-20 08:00:38 -07:00
semmle-qlci
f146e34e26 Merge pull request #207 from dave-bartolomeo/dave/JSNewlines 
Approved by esben-semmle
 2018-09-20 14:49:54 +01:00
Anders Schack-Mulligen
4d46385c51 Merge pull request #206 from yh-semmle/java/codeowners 
Java: add Semmle/java team to `CODEOWNERS`
 2018-09-20 09:24:14 +02:00
Dave Bartolomeo
e06969ddb4 JavaScript: Normalize .mjs files to LF 2018-09-19 21:33:39 -07:00
Dave Bartolomeo
524c67c3fb JavaScript: Normalize .ts line endings to LF 2018-09-19 21:33:35 -07:00
Dave Bartolomeo
2b9f42b308 JavaScript: Force LF for .json and .yml 2018-09-19 21:33:32 -07:00
Dave Bartolomeo
b12c739915 JavaScript: Normalize line endings of .js and .html files 
Added .gitattributes files for the two directories where we intentionally have line endings other than LF
 2018-09-19 21:33:27 -07:00
Dave Bartolomeo
bd156757d3 C++: Remove accidental add of IR.md 2018-09-19 14:26:17 -07:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
semmle-qlci
2f4aa647be Merge pull request #200 from esben-semmle/js/post-polish-167 
Approved by asger-semmle
 2018-09-19 21:43:17 +01:00
yh-semmle
7d69c84453 Java: tweak some query metadata 
The severity of four queries is reduced to `warning`.
 2018-09-19 11:04:21 -04:00
Asger F
1d793c0a7b JavaScript: fix expected output 2018-09-19 14:33:23 +01:00
Esben Sparre Andreasen
2cedc81774 JS: polish js/enabling-electron-renderer-node-integration meta info 2018-09-19 13:45:42 +02:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
ian-semmle
4b0ab602e7 Merge pull request #202 from jbj/resolveClass-conservative 
C++: more conservative resolveClass
 2018-09-19 11:35:45 +01:00
Dave Bartolomeo
43f0289f0f C++: Remove Phi instructions from previous IR generations 
It turns out that when building aliased SSA IR, we were still keeping around the Phi instructions from unaliased SSA IR. These leftover instructions didn't show up in dumps because they were not assigned to a block. However, when dumping additional instruction properties, they would show up as a top-level node in the dump, without a label.
 2018-09-18 11:28:09 -07:00
Jonas Jensen
86fe0ce42e Merge pull request #107 from rdmarsh2/rdmarsh/cpp/HashCons 
C++: HashCons library
 2018-09-18 11:45:26 +02:00
Jonas Jensen
dca93f58cc Merge pull request #196 from pavgust/fix/param-effective-decl-entry 
Parameter.qll: Tweak how effective declaration entries are computed
 2018-09-18 09:37:23 +02:00
Dave Bartolomeo
46b2c19c66 C++: Initial attempt at IR-based value numbering 2018-09-17 17:19:05 -07:00
Jonas Jensen
a7d897108a C++: Exclude non-toplevel items from resolveClass 
Also exclude templates as their names are not canonical.

The test changes in `isfromtemplateinstantiation/` are the inverses of
what we got in 34c9892f7, which should be a good thing.
 2018-09-17 15:55:34 +02:00
Jonas Jensen
d7f442b042 C++: Force unique resolveClass results 2018-09-17 15:52:38 +02:00
Jonas Jensen
b633ee1bc4 C++: Add more tests of resolveClass 
These tests exercise the problematic cases where a variable can appear
to have multiple types because of how we fail to account for qualified
names when comparing type names.
 2018-09-17 15:48:02 +02:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Asger F
e2cdf5d7ed JavaScript: add string concatenation library 2018-09-17 12:47:37 +01:00
Asger F
b20fd3c084 JS: recognize res.sendfile as alias for res.sendFile in Express 2018-09-17 11:31:10 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00