hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,858 Commits 1,723 Branches 164 Tags
faaca2199600dd348a2e4f4b06aa79a9da971cbc
Commit Graph

1858 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
faaca21996 JavaScript: Avoid more unhelpful magic. 2018-12-12 08:40:21 +00:00
semmle-qlci
3397533045 Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Jonas Jensen
0a496c1d3d Merge pull request #617 from geoffw0/unusedstatic 
CPP: Fix false positives in UnusedStaticVariables.ql
 2018-12-06 14:09:52 +01:00
Max Schaefer
ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Max Schaefer
75842fec1c Merge pull request #627 from samlanning/inconsistentStateExample 
JS: Fix syntax error in js/react/inconsistent-state-update example
 2018-12-06 08:03:32 +00:00
Sam Lanning
2ea148016c JS: Fix syntax error in js/react/inconsistent-state-update example 2018-12-05 16:44:40 -08:00
Geoffrey White
f6a87574f0 CPP: Add query ID to change note. 2018-12-05 13:55:46 +00:00
Geoffrey White
d0a0d2300e CPP: Change note. 2018-12-05 10:03:21 +00:00
Geoffrey White
d85f4b540c CPP: Fix false positive. 2018-12-05 10:01:54 +00:00
Geoffrey White
e7f19e97cb CPP: Add a test of UnusedStaticVariable.ql. 2018-12-05 10:01:54 +00:00
Max Schaefer
3c00d4be6d Merge pull request #607 from esben-semmle/js/more-react-methods 
JS: model additional React component methods
 2018-12-05 08:00:16 +00:00
yh-semmle
00779c518c Merge pull request #611 from aschackmull/java/usessl-fp-fix 
Java: Fix FP in `UseSSL.ql`.
 2018-12-04 19:31:53 -05:00
Esben Sparre Andreasen
d63d838534 JS: add regression test for ODASA-7506 2018-12-04 22:22:46 +01:00
Anders Schack-Mulligen
d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
semmle-qlci
d05b11f00d Merge pull request #587 from asger-semmle/incorrect-suffix-check 
Approved by mc-semmle, xiemaisi
 2018-12-04 16:18:42 +00:00
yh-semmle
0ba7633e4d Merge pull request #553 from aschackmull/java/double-checked-locking 
Java: Add two double-checked-locking queries.
 2018-12-04 10:23:46 -05:00
Asger F
7121a18eba JS: address comments 2018-12-04 10:40:43 +00:00
Esben Sparre Andreasen
b418968efb JS: add change note for improved React model 2018-12-04 10:55:24 +01:00
Esben Sparre Andreasen
679db191f5 JS: move shared conjunct up 2018-12-04 10:55:24 +01:00
Esben Sparre Andreasen
a342fa36c6 JS: support React getSnapshotBeforeUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
67b1487384 JS: support React shouldComponentUpdate 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
417dac7ad6 JS: support React getDerivedStateFromProps 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
9ff3d2ef1f JS: introduce ReactComponent::getStaticMethod 2018-12-04 10:48:35 +01:00
Esben Sparre Andreasen
0d62191d84 JS: add more React tests 2018-12-04 10:48:35 +01:00
Anders Schack-Mulligen
e836fa7512 Java: Update metadata. 2018-12-04 10:12:56 +01:00
Jonas Jensen
b80cf30cee Merge pull request #562 from geoffw0/cpp-308 
CPP: Fix FPs for 'Resource not released in destructor' involving virtual method calls
 2018-12-03 15:57:11 +01:00
semmle-qlci
b58c263fd0 Merge pull request #602 from esben-semmle/js/additional-route-handlers-from-context 
Approved by xiemaisi
 2018-12-03 14:31:10 +00:00
Geoffrey White
d8c7537557 CPP: * -> + 2018-12-03 13:11:52 +00:00
Geoffrey White
dfbccc4bcf CPP: Additional test cases. 2018-12-03 13:11:52 +00:00
calumgrant
43d14ce011 Merge pull request #586 from hvitved/csharp/cfg/field-split 
C#: Handle multiple-field Boolean CFG splitting
 2018-12-03 12:52:43 +00:00
Asger F
1130d0c6f9 JS: add comment about arrays 2018-12-03 11:23:02 +00:00
Asger F
374f7ab65d JS: address comments 2018-12-03 11:23:02 +00:00
Asger F
c4d7672ea7 JS: fix typo in method name 2018-12-03 11:23:02 +00:00
Asger F
0462eb4b50 JS: add IncorrectSuffixCheck query 2018-12-03 11:23:02 +00:00
Esben Sparre Andreasen
2cc235d61b Merge pull request #556 from xiemaisi/js/invalid-entity-transcoding 
JavaScript: Add new query `InvalidEntityTranscoding`.
 2018-12-03 10:31:41 +01:00
Esben Sparre Andreasen
104eafec2f JS: cleanup for all HTTP::RouteHandlerCandidates 2018-12-03 10:13:08 +01:00
Esben Sparre Andreasen
88c69e2c9c JS: change note for tracked Hapi route handlers 2018-12-03 09:24:55 +01:00
Esben Sparre Andreasen
a3bd072590 JS: add Hapi::RouteHandlerCandidate 2018-12-03 09:22:21 +01:00
Esben Sparre Andreasen
fd489271b7 JS: refactor Hapi::RouteSetup 2018-12-03 09:22:21 +01:00
Aditya Sharad
b638961a4f Merge pull request #596 from Semmle/dll-binary 
.gitattributes: DLLs are binary
 2018-11-30 18:06:13 +00:00
Nick Rolfe
b173752de9 .gitattributes: DLLs are binary 2018-11-30 18:05:02 +00:00
Max Schaefer
52b8a6bb56 Merge branch 'master' into js/invalid-entity-transcoding 2018-11-30 16:49:20 +00:00
Kevin Backhouse
939db5a7cd Merge pull request #583 from jbj/bbStrictlyDominates-nomagic 
C++: pragma[nomagic] on bbStrictlyDominates
 2018-11-30 15:12:24 +00:00
calumgrant
1c2dd3e7b9 Merge pull request #570 from hvitved/csharp/ssa/split-to-string 
C#: Include CFG splits in `Ssa::Definition::toString()`
 2018-11-30 15:04:36 +00:00
Max Schaefer
dfcf767090 Merge pull request #440 from asger-semmle/range-analysis 
JS: Range analysis for dead code detection
 2018-11-30 15:01:34 +00:00
semmle-qlci
dbeb2dfa0e Merge pull request #585 from xiemaisi/js/join-order-fiddling 
Approved by esben-semmle
 2018-11-30 14:59:53 +00:00
calumgrant
08f5c2b6a6 Merge pull request #567 from hvitved/csharp/guards-splitting 
C#: Account for split SSA definitions in guards library
 2018-11-30 14:57:57 +00:00
Jonas Jensen
60076cb734 Merge pull request #532 from geoffw0/query-tags-3 
CPP: Query Tags 3 (JPL_C queries)
 2018-11-30 15:45:01 +01:00
Jonas Jensen
4712a8f913 C++: pragma[nomagic] on bbStrictlyPostDominates 
This predicate was recently added and is likely to get the same problems
as `bbStrictlyDominates` with magic.
 2018-11-30 11:37:18 +01:00
Jonas Jensen
ace8fa88f2 C++: pragma[nomagic] on bbStrictlyDominates 
I noticed that queries using the data flow library spent significant
time in `#Dominance::bbIDominates#fbPlus`, which is the body of the
`bbStrictlyDominates` predicate. That predicate took 28 seconds to
compute on Wireshark.

The `b` in the predicate name means that magic was applied, and the
application of magic meant that it could not be evaluated with the
built-in `fastTC` HOP but became an explicit recursion instead. Applying
`pragma[nomagic]` to this predicate means that we will always get it
evaluated with `fastTC`, and that takes less than a second in my test
case.
 2018-11-30 11:36:11 +01:00