hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,041 Commits 1,712 Branches 163 Tags
f3de75ae072b98ea2f8ff6a7f3bcabbac8e52c43
Commit Graph

7041 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
f3de75ae07 JS: update a js/code-injection test 2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen
e41080fb40 JS: add RemoteServerResponse as a heuristic remote flow source 2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen
3e42b078e8 JS: minor additions to ClientRequest::getAResponseDataNode 2019-09-11 09:24:59 +02:00
Robert Marsh
6d8a4388cb Merge pull request #1883 from jbj/partial-definitions-const 
C++: Don't create partial defs for calls to const functions
 2019-09-10 12:46:39 -07:00
semmle-qlci
05247849b0 Merge pull request #1913 from xiemaisi/csharp/update-a-qlref 
Approved by hvitved
 2019-09-10 16:04:19 +01:00
Max Schaefer
ea81531a7b C#: Update a .qlref. 
This currently relies on the fact that qltest includes `ql/csharp/ql/src/Metrics` in addition to `ql/csharp/ql/src` on its search path when run internally, which is inconsistent with the other languages. Since this is the only test that relies on it, I'd like to update it and get rid of the extra search root eventually.
 2019-09-10 13:01:04 +01:00
semmle-qlci
df1bf4a95b Merge pull request #1907 from asger-semmle/mongoose-types 
Approved by xiemaisi
 2019-09-10 12:05:57 +01:00
Sam Lanning
2f54437c10 Merge pull request #1889 from AlexTereshenkov/master 
Add a new issue template for false positive in LGTM.com
 2019-09-10 11:33:09 +01:00
AlexTereshenkov
49ee205b46 Update issue templates 2019-09-10 11:02:02 +01:00
AlexTereshenkov
77871f6d51 Update .github/ISSUE_TEMPLATE/lgtm-com---false-positive.md 
Co-Authored-By: Sam Lanning <sam@lanni.ng>
 2019-09-10 10:25:03 +01:00
Jonas Jensen
d6fba0ef46 C++: Don't create partial defs for calls to const 
These partial defs don't do any harm, but they could hurt performance.
In typical C++ snapshots, between 5% and 20% of all calls are to `const`
functions.
 2019-09-10 09:49:16 +02:00
Jonas Jensen
fd3615d120 C++: Show that there are too many partial defs 2019-09-10 09:44:07 +02:00
jf205
ad4715fd52 Merge pull request #1908 from shati-semmle/ql-hb/fixes 
QL handbook: Add examples and fix typos
 2019-09-10 08:42:14 +01:00
Robert Marsh
2806a52ec5 Merge pull request #1888 from jbj/ir-dataflow-node-ipa 
C++: Hide that IR DataFlow::Node is Instruction
 2019-09-09 11:00:37 -07:00
Geoffrey White
4283a1508d Merge pull request #1870 from jbj/autoformat-all 
C++: Autoformat everything
 2019-09-09 16:05:32 +01:00
Shati Patel
cfa51a0e8b QL HB: Add predicate call example [SD-3864] 2019-09-09 16:01:42 +01:00
Shati Patel
f5de1dc999 QL HB: Explain use of cast [SD-3865] 2019-09-09 16:01:41 +01:00
Shati Patel
4f2c9fa3cb QL HB: Expand bindingset example [SD-3863] 2019-09-09 16:01:14 +01:00
Shati Patel
acca48bd8f QL HB: Fix typo [SD-3862] 2019-09-09 16:01:07 +01:00
Max Schaefer
bdba647bf5 Merge pull request #1893 from erik-semmle/addXLinkHref 
JS: add xlink:href as xss target when using setAttribute
 2019-09-09 15:56:47 +01:00
Jonas Jensen
79f456e8bd Merge pull request #1905 from ian-semmle/mangling_more 
C++: Resolve all classes
 2019-09-09 16:48:30 +02:00
Asger F
194a1c3530 JS: Change note 2019-09-09 15:42:43 +01:00
Calum Grant
79a750dfaf Merge pull request #1845 from AndreiDiaconu1/ircsharp-compiler-generated 
C# IR: Framework for translating compiler generated elements
 2019-09-09 15:42:07 +01:00
Asger F
ad5abc61cc JS: Move typed test into separate test 2019-09-09 15:35:26 +01:00
Asger F
ea446f2aa1 JS: Use type info in mongodb/mongoose model 2019-09-09 15:35:26 +01:00
Asger F
8e397ad203 JS: Use type tracking in mongodb/mongoose model 2019-09-09 15:35:23 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
semmle-qlci
89cba089b4 Merge pull request #1892 from asger-semmle/event-handler-sink 
Approved by esben-semmle
 2019-09-09 15:33:21 +01:00
Asger F
b6690bb644 JS: Add change note 2019-09-09 12:45:03 +01:00
AndreiDiaconu1
53ebe23db6 Better retrieval for the GetEnumerator call 2019-09-09 12:33:19 +01:00
Felicity Chapman
28fece0f75 Merge pull request #1906 from jf205/readme-updates 
docs: update readme following recent project changes
 2019-09-09 12:27:24 +01:00
semmle-qlci
2283195ebd Merge pull request #1871 from asger-semmle/type-tracking-through-imports 
Approved by xiemaisi
 2019-09-09 12:25:06 +01:00
james
54342a6daa docs: update readme 2019-09-09 11:57:08 +01:00
Geoffrey White
22e1715368 Merge pull request #1900 from jbj/dataflow-this-by-ref 
C++: Fix flow out of `this` by reference
 2019-09-09 11:15:32 +01:00
Geoffrey White
26490bd97f Merge pull request #1885 from jbj/dataflow-D.cpp 
C++: Add D.cpp, ported from D.java
 2019-09-09 10:55:33 +01:00
Asger F
65862c922c JS: Update tests 2019-09-09 10:53:13 +01:00
Asger F
631ff27d31 JS: Use ValueNode for all ImportSpecifiers 2019-09-09 10:53:13 +01:00
Asger F
61e1d793df JS: Fixes in DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
5573279580 JS: regression test for DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
3b962dce22 JS: Add explicit type tracking test 2019-09-09 10:51:21 +01:00
Asger F
afcdc12e7b JS: Use ValueNode, not SSA node, to model NamedImportSpecifier 2019-09-09 10:51:17 +01:00
semmle-qlci
57afde0240 Merge pull request #1872 from esben-semmle/js/extraction_metrics 
Approved by xiemaisi
 2019-09-09 10:45:33 +01:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Tom Hvitved
77d7db323d Merge pull request #1895 from calumgrant/cs/date-queries 
C#: Tidy up cs/unsafe-year-construction and cs/mishandling-japanese-era
 2019-09-09 11:24:49 +02:00
Jonas Jensen
1784122929 C++: Fixes from Geoffrey's review round 4 2019-09-09 11:21:55 +02:00
Jonas Jensen
969d76671e C++: Tidy up long comments that attach to items 2019-09-09 11:04:05 +02:00
Jonas Jensen
4769d00c50 C++: Fix autoformat of //-comments after + 
The autoformatter would associate these comments to the following term
instead of the preceding term.
 2019-09-09 11:04:05 +02:00
Jonas Jensen
3324bfb198 C++: Fix long comments without * on each line 
Comments like these will make the autoformatter produce bad indentation.

For the record (not for explainability), these issues were found with

    git grep -P -A1 '^( */\*| +\*( |$))(.(?!\*/))*$' cpp/ql/src/'**/*.ql*' |grep -B10 'qll\?- [^*]*$'
 2019-09-09 11:04:04 +02:00
Jonas Jensen
44aca8a0f4 C++: Prepare BufferWrite.qll for autoformat 
The autoformatter cannot process these long end-of-line comments
properly when the line starts with `or`.
 2019-09-09 11:04:04 +02:00