hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 10:24:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,377 Commits 1,684 Branches 158 Tags
ea3d7b1b2f24ae00a3bb070ec831218a5865ec6a
Commit Graph

1203 Commits

Author SHA1 Message Date
Tom Hvitved
ed2125969e Merge pull request #2568 from calumgrant/cs/assignment-to-_ 
C#: Remove FP in useless assignment to _
 2020-01-06 15:39:45 +01:00
Asger F
79f8d02019 JS: Add change note 2020-01-06 11:38:13 +00:00
semmle-qlci
48deb30756 Merge pull request #2573 from max-schaefer/js/generalise-alert-suppression 
Approved by asgerf
 2020-01-06 10:43:17 +00:00
semmle-qlci
5dcc5b3b1e Merge pull request #2581 from erik-krogh/FlowUselessExpr 
Approved by max-schaefer
 2020-01-06 08:33:36 +00:00
Max Schaefer
8d1ad5c5f3 JavaScript: Alert suppression through single-line /* */ style comments. 2020-01-02 10:45:20 +00:00
Calum Grant
68f42a6f47 C#: Analysis change notes 2019-12-27 12:07:26 +00:00
Jonas Jensen
7e84453ec9 Merge pull request #2542 from geoffw0/datetime 
C++: Sort through the leap year and japanese era queries
 2019-12-23 10:13:12 +01:00
Jonas Jensen
939979ddef Merge branch 'master' into overflowcalc 2019-12-19 14:12:00 +01:00
Erik Krogh Kristensen
0611dc3f60 move change notes to extractor-javascript.md 2019-12-18 14:21:43 +01:00
Erik Krogh Kristensen
807664e545 add change note 2019-12-18 11:35:16 +01:00
Erik Krogh Kristensen
f140820511 fix FP related to block-level flow type annotations 2019-12-17 16:10:20 +01:00
Geoffrey White
a5e10a7ae2 C++: More change notes. 2019-12-17 11:56:23 +00:00
Geoffrey White
19835cd11d C++: Change note. 2019-12-17 10:27:13 +00:00
Geoffrey White
acca39bfc7 C++: Repair following merge. 2019-12-16 14:12:32 +00:00
Geoffrey White
0da826f0c3 Merge branch 'master' into overflowcalc 2019-12-16 13:48:38 +00:00
Calum Grant
a5b2549f6f Merge pull request #2514 from hvitved/csharp/code-contracts 
C#: Recognize Code Contract assertions
 2019-12-16 13:00:01 +00:00
Geoffrey White
91af51cf46 CPP: Change note. 2019-12-13 16:58:37 +00:00
Tom Hvitved
78f63a3679 C#: Add change note 2019-12-11 16:57:35 +01:00
Calum Grant
3049bf2c85 Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest 
Adds CodeQL query to check for Pages with disabled built-in validation
 2019-12-09 13:05:03 +00:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Anders Schack-Mulligen
5a2ed9fd81 Java: Add change note. 2019-12-06 11:50:27 +00:00
james
67eea44678 Merge branch 'rc/1.23' into jf-mergeback-123 2019-12-06 09:16:39 +00:00
Calum Grant
59ce8842bb Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-05 15:58:47 +00:00
Calum Grant
73c8888361 Merge pull request #2356 from cldrn/ASPNetRequestValidationMode 
Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
 2019-12-04 17:02:08 +00:00
Calum Grant
db30947e54 Merge pull request #2490 from felicitymay/1.23/SD-4095-finalize-change-notes-csharp 
1.23/sd 4095 finalize change notes csharp
 2019-12-03 17:38:09 +00:00
Geoffrey White
b752a6c8ed Merge pull request #2381 from jbj/StackVariable 
C++: Add StackVariable class, preferred over LocalScopeVariable
 2019-12-03 10:35:16 +00:00
semmle-qlci
cfcd18b411 Merge pull request #2429 from erik-krogh/typeAheadSink 
Approved by esbena
 2019-12-03 08:07:25 +00:00
Paulino Calderon
24b2471533 Update change-notes/1.24/analysis-csharp.md 
tag update

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-12-02 16:44:25 -05:00
Nick Rolfe
d293418672 Merge pull request #2478 from jbj/mergeback-20191202 
Mergeback from rc/1.23 to master
 2019-12-02 12:28:20 +00:00
Calum Grant
fcd13dc595 Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-02 12:03:11 +00:00
semmle-qlci
dc7a0c1b91 Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator 
Approved by calumgrant
 2019-12-02 11:01:35 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Calum Grant
a4251f67a2 C#: Analysis change notes. 2019-11-29 10:32:04 +00:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Calum Grant
5833b15f0e C#: Analysis change notes. 2019-11-27 17:30:02 +00:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
Felicity Chapman
4070992273 Fix sort order 2019-11-27 12:38:39 +00:00
Felicity Chapman
587dd54a3c Minor text changes 2019-11-27 12:38:38 +00:00
Felicity Chapman
eaf68e86e0 Merge pull request #2443 from tausbn/python-finalise-change-notes 
Python: Update change note for 1.23.
 2019-11-27 11:51:04 +00:00
Taus Brock-Nannestad
b503cdb9d4 Python: Final change note fixes. 
- `false positives` becomes `false positive results`
- Items are listed alphabetically.
- Query IDs are listed.

Also, some of the queries had the wrong name (query message rather than the
actual query name). These have been fixed.
 2019-11-27 12:10:28 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
Taus
8372039205 Apply suggestions from documentation review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-27 11:50:37 +01:00
Erik Krogh Kristensen
6d63d75d87 remove superfluous line break 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-27 10:52:01 +01:00
Anders Schack-Mulligen
42b51d4ebb Merge pull request #2449 from felicitymay/1.23/SD-4095-finalize-change-notes-java2 
Update data-flow note to match that for C/C++
 2019-11-27 08:50:31 +01:00
semmle-qlci
380a5fc166 Merge pull request #2444 from esbena/js/flow-spread-prop-types 
Approved by max-schaefer
 2019-11-26 22:42:23 +00:00