hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,657 Commits 1,723 Branches 164 Tags
fb67d3eae43a6bb5178c26fa8a78393977edce7d
Commit Graph

8657 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
fb67d3eae4 C++: Fix override errors in MagicDraw.qll 2019-11-21 13:18:45 -07:00
Dave Bartolomeo
27cc6b1e4f C++/C#: Fix compilation error in PrintSSA.qll 
We were privately importing `semmle.code.<lang>.ir.internal.Overlap`, but `PrintSSA.qll` was depending on it being public. This is made a little more complicated by the presence of cross-langage pyrameterized modules.
 2019-11-21 13:18:25 -07:00
James Fletcher
0b274e5b23 Merge pull request #2386 from shati-patel/docs/demos 
QL docs: Update links to blog/demos
 2019-11-21 13:53:05 +00:00
Robert Marsh
53709deb9d Merge pull request #2342 from jbj/overflow-doc-fixes 
C++: Signed Overflow Check qhelp improvements
 2019-11-19 15:37:52 -08:00
Shati Patel
49c2398bda QL docs: Update links to blog/demos 2019-11-19 15:06:26 +00:00
Jonas Jensen
466f7fe6b2 C++: Use <ol> for recommendations 2019-11-19 12:57:02 +01:00
James Fletcher
c73ae5399d Merge pull request #2380 from shati-patel/docs/blog-links 
Docs: Update links from blog to security lab
 2019-11-19 11:09:13 +00:00
Shati Patel
820a11294d Docs: Update links from blog to security lab 2019-11-19 10:54:19 +00:00
yh-semmle
3d837542e8 Merge pull request #2373 from aschackmull/java/changenote-update 
Java: Update change note to cover #2304 and #2346.
 2019-11-18 12:14:07 -05:00
James Fletcher
e6574cc259 Merge pull request #2370 from shati-patel/docs/readme 
Docs: Update readme in docs folder (cherry-pick from master)
 2019-11-18 12:29:41 +00:00
Anders Schack-Mulligen
645cc99383 Java: Update change note to cover #2304 and #2346. 2019-11-18 13:26:50 +01:00
semmle-qlci
34f4b11416 Merge pull request #2368 from asger-semmle/regexp-max-length 
Approved by max-schaefer
 2019-11-18 11:49:46 +00:00
James Fletcher
21832a8550 Merge pull request #2350 from shati-patel/docs/vscode 
Docs: Update links to new products
 2019-11-18 11:14:53 +00:00
shati-patel
08c91b05ac Docs: Update readme in docs folder 2019-11-18 09:38:53 +00:00
Shati Patel
d6a673c91a Docs: Update links to new products 2019-11-18 09:34:00 +00:00
Asger F
c02863842c JS: Raise limit to 1000 2019-11-18 08:33:26 +00:00
Jonas Jensen
74ca0e428d Merge pull request #2334 from rdmarsh2/rdmarsh/cpp/reword-pointeroverflow-qhelp 
C++: simplify PointerOverflow.qhelp
 2019-11-18 08:37:19 +01:00
Asger F
6f15eff954 JS: Cap length of extracted string 2019-11-17 23:06:47 +00:00
shati-patel
e7705b0a1a Merge pull request #2348 from hmakholm/pr/point-to-vsc 
README.md: Don't speak of QL4E anymore
 2019-11-15 20:24:17 +00:00
Robert Marsh
85314c42a9 Update cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.qhelp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-15 10:38:58 -08:00
Henning Makholm
3e9757caf6 Update README.md 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-11-15 19:31:07 +01:00
Erik Krogh Kristensen
ddd217628f Merge pull request #2347 from esbena/js/fix-mjs-check 
JS: fix the check for an "mjs" extension on an extensionless file
 2019-11-15 17:39:10 +01:00
Tom Hvitved
c95db9e6f8 Merge pull request #2331 from calumgrant/cs/default-interface-methods 
C#: Tests for default interface methods
 2019-11-15 16:36:47 +01:00
Henning Makholm
a44c004ca3 README.md: Don't speak of QL4E anymore 2019-11-15 16:30:36 +01:00
yh-semmle
810a046428 Merge pull request #2346 from aschackmull/java/rangeanalysis-integral-fix2 
Java: Fix range analysis bug where int was assumed.
 2019-11-15 09:54:48 -05:00
Calum Grant
f5598db070 Merge pull request #2343 from hvitved/csharp/dataflow/assignment-flow 
C#: Add missing assignment data flow steps
 2019-11-15 14:21:13 +00:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Taus
78109db243 Merge pull request #2181 from RasmusWL/python-modernise-pyramid-library 
Python: modernise pyramid library
 2019-11-15 15:05:44 +01:00
Taus
cb94e7db72 Merge pull request #2140 from RasmusWL/python-fix-flask 
Python: Modernise flask + correctly handle flask.make_response
 2019-11-15 14:55:27 +01:00
Esben Sparre Andreasen
8e8215893f JS: fix mjs check for extensionless files 2019-11-15 14:38:27 +01:00
Erik Krogh Kristensen
f813e06680 Merge pull request #2345 from Semmle/esbena-patch-3 
Update FlowSteps.qll
 2019-11-15 14:04:14 +01:00
semmle-qlci
2f63b89941 Merge pull request #2338 from esbena/js/model-get-them-args 
Approved by max-schaefer
 2019-11-15 11:50:45 +00:00
Max Schaefer
217eda374d Merge pull request #2252 from asger-semmle/regexp 
JS: Parse regular expressions from string literals
 2019-11-15 11:47:33 +00:00
Esben Sparre Andreasen
a3deb7d4e0 Update FlowSteps.qll 2019-11-15 12:44:04 +01:00
Tom Hvitved
f9bff172d4 C#: Add missing assignment data flow steps 2019-11-15 11:36:05 +01:00
Tom Hvitved
f8791c884f C#: Add more data flow tests for assignments 2019-11-15 11:30:40 +01:00
Jonas Jensen
7d7d166113 C++: Remove whitespace at end of line 2019-11-15 11:21:08 +01:00
Jonas Jensen
6bdfebea96 C++: Rename i to n1 in all examples 
I see no reason why the Recommendation and Example sections should use
different variable names for the same thing.
 2019-11-15 11:20:00 +01:00
Jonas Jensen
9b89602a86 C++: Make var name in qhelp match source snippet 2019-11-15 11:16:34 +01:00
Calum Grant
aac360463b C#: Tests for default interface methods. 2019-11-15 10:13:04 +00:00
Jonas Jensen
7485cc76b2 C++: Edit Recommendation section 
1. The two last examples were misleading at best. The first of those two
   recommended casting to non-negative `int`s to `unsigned int` and then
   checking if their addition would overflow, but overflow was
   impossible because their sum (on 32-bit two's complement) could be at
   most 2^32 - 2. The second example could lead to the wrong condition
   (unsigned overflow) being checked if taken literally. Instead of
   keeping that example, I reworeded the first paragraph of the
   Recommendation section.
2. The assumptions about `delta` being positive was relaxed to
   non-negative.
3. There was no need to assume that an unsigned short was non-negative.
4. Some of the suggestions were missing `i >`.
 2019-11-15 11:05:00 +01:00
Esben Sparre Andreasen
a6dbf5fbad Update change-notes/1.23/analysis-javascript.md 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 10:43:04 +01:00
Esben Sparre Andreasen
c3fdfdecab JS: rename DefaultParsedCommandLineArgumentsAsSource 2019-11-15 10:40:15 +01:00
Asger F
7a489afdda JS: Add change note 2019-11-15 09:27:21 +00:00
Asger F
66db38266b JS: Add qldoc to HostnameRegexpShared 2019-11-15 09:27:21 +00:00
Asger F
6809eed543 JS: Stats and upgrade script 2019-11-15 09:27:21 +00:00
Asger F
607aed37ee Update javascript/ql/src/semmle/javascript/Expr.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
77e5305b9b Update javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
37aa85fe81 JS: Fix parsing of non-BMP chars before a quantifier 2019-11-15 09:27:21 +00:00
Asger F
8fcf7a265a JS: Remove unused OffsetTranslationBuilder class 2019-11-15 09:27:21 +00:00