hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,885 Commits 1,754 Branches 167 Tags
f958916c76fb49bdf4b5f40796f1c8c8a6fe2f0b
Commit Graph

8885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Jonas Jensen
d22df24cab Merge pull request #2467 from geoffw0/speedup1 
CPP: Speed up isCompiledAsC.
 2019-11-28 17:31:27 +01:00
semmle-qlci
198b3b34a3 Merge pull request #2432 from asger-semmle/install-typescript-deps 
Approved by max-schaefer
 2019-11-28 16:08:46 +00:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Taus
20513561a0 Merge pull request #2459 from RasmusWL/python-modernise-TurboGears-library 
Python: modernise TurboGears library
 2019-11-28 14:36:01 +01:00
semmle-qlci
2b0eef3b14 Merge pull request #2448 from tausbn/python-use-import-python-consistently 
Approved by RasmusWL
 2019-11-28 12:47:00 +00:00
Geoffrey White
b1c992e85f CPP: Speed up isCompiledAsC (x3). 2019-11-28 11:28:38 +00:00
Rasmus Wriedt Larsen
44cc9dd0be Python: Add TurboGears templating example 2019-11-27 15:07:32 +01:00
Rasmus Wriedt Larsen
b526421072 Python: Autoformat TurboGears library 2019-11-27 14:19:51 +01:00
Rasmus Wriedt Larsen
9ef270fc92 Python: Modernise TurboGears library 2019-11-27 14:19:04 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00
Rasmus Wriedt Larsen
3e5e14a14b Merge pull request #2431 from tausbn/python-cyclic-import-future-annotations 
Python: Account for non-evaluation of annotations in cyclic imports.
 2019-11-27 13:31:53 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
semmle-qlci
9ca4f6aecb Merge pull request #2392 from asger-semmle/window-name-flow 
Approved by max-schaefer
 2019-11-27 10:55:26 +00:00
semmle-qlci
793988afe4 Merge pull request #2344 from asger-semmle/element-pattern-prop-read 
Approved by max-schaefer
 2019-11-27 10:54:46 +00:00
Erik Krogh Kristensen
967ecbad24 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-27 11:28:37 +01:00
Felicity Chapman
38f6f05f12 Merge pull request #2452 from yo-h/docs-query-metadata-precision-fix 
Documentation: fix invalid `@precision` value
 2019-11-27 10:26:49 +00:00
Erik Krogh Kristensen
e27a69960d update description 2019-11-27 11:17:19 +01:00
Asger F
6eb2c26ea4 TS: Pass --no-default-rc and --non-interactive to yarn 2019-11-27 06:42:03 +00:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00
yo-h
8a8b795696 Merge pull request #2447 from aschackmull/java/cache-perf 
Java: Improve performance by normalizing import order to reduce cache invalidation.
 2019-11-26 16:26:53 -05:00
Jonas Jensen
c05cc77a91 Merge pull request #2421 from dbartol/dbartol/IndirectAlias 
C++/C#: Cleanup in preparation for indirect alias analysis
 2019-11-26 21:59:17 +01:00
yo-h
2eea94c3dc Documentation: fix invalid @precision value 2019-11-26 14:11:54 -05:00
Dave Bartolomeo
4e1ee7a998 C++/C#: Fix formatting 2019-11-26 10:48:24 -07:00
Taus Brock-Nannestad
118275e948 Python: Use import python consistently in all queries. 2019-11-26 17:37:09 +01:00
Anders Schack-Mulligen
deb6a6e5c6 Java: Improve performance by normalizing import order to reduce cache invalidation. 2019-11-26 17:20:01 +01:00
Erik Krogh Kristensen
b5a57986c6 small changes based on review feedback 2019-11-26 15:57:31 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Erik Krogh Kristensen
0f948339af add change note 2019-11-26 11:23:30 +01:00
Erik Krogh Kristensen
b6106f9638 keep the ResolvedPromiseDefinition class as a subclass of PromiseCreationCall 2019-11-26 11:16:59 +01:00
Erik Krogh Kristensen
f284b3a2bb Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-26 10:54:04 +01:00
Erik Krogh Kristensen
7ee12a3420 change doc based on review feedback 2019-11-26 10:48:24 +01:00
Anders Schack-Mulligen
18e1708036 Merge pull request #2412 from Cornelius-Riemenschneider/nullness-corr-cond 
Java: Nullness library: track instanceof expressions in correlated conditions
 2019-11-26 10:33:34 +01:00
semmle-qlci
fb44aa18bd Merge pull request #2428 from erik-krogh/useOfReturnlessFunctionSuperCalls 
Approved by max-schaefer
 2019-11-26 09:14:08 +00:00
semmle-qlci
cf92022c89 Merge pull request #2420 from erik-krogh/safeStringSink 
Approved by asgerf
 2019-11-26 08:09:05 +00:00
Calum Grant
113df4ea1d Merge pull request #2278 from hvitved/csharp/autobuilder/shared-compilation 
C#: Only set `UseSharedCompilation=false` in autobuilder when needed
 2019-11-25 18:37:09 +00:00
Dave Bartolomeo
7d48220a76 C++/C#: Make QLDoc conform to style guide 2019-11-25 11:26:45 -07:00
Dave Bartolomeo
44c1c5a7ab C++: Update points_to.ql test to use new bit offset format 2019-11-25 11:13:02 -07:00
Dave Bartolomeo
521fbb125e C++/C#: Fix formatting 2019-11-25 11:12:23 -07:00
Asger F
e3e15a6015 JS: Rephrase change note 2019-11-25 17:20:42 +00:00
Asger F
df97ab2cb8 TS: Add INDEX prefix to env variables 2019-11-25 17:10:00 +00:00
Asger F
2508da7971 JS: Add change note 2019-11-25 17:01:32 +00:00
Asger F
7e515aeb72 TS: Verify yarn installation 2019-11-25 16:22:21 +00:00
Cornelius Riemenschneider
37f162106a Fix formatting of file. 2019-11-25 17:04:38 +01:00
Tom Hvitved
fede9aed04 Merge pull request #2355 from cldrn/AspNetMaxRequestLength 
CodeQL query to check for insecure MaxLengthRequest values in ASP.NET applications
 2019-11-25 17:02:22 +01:00
Tom Hvitved
07e18c88a8 C#: Address review comments 2019-11-25 16:51:09 +01:00
semmle-qlci
d58a6b02bf Merge pull request #2396 from hvitved/dataflow/erased-type-class 
Approved by aschackmull, jbj
 2019-11-25 15:22:13 +00:00
Asger F
e5ba80b18c JS: Add test 2019-11-25 15:05:33 +00:00