hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,905 Commits 1,685 Branches 158 Tags
fcd13dc595ca28bbce5b3ebb637bd31d0340e80f
Commit Graph

8905 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Calum Grant
fcd13dc595 Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-02 12:03:11 +00:00
semmle-qlci
ceb9fff70c Merge pull request #2479 from max-schaefer/localTaintStep 
Approved by asgerf
 2019-12-02 11:35:43 +00:00
semmle-qlci
dc7a0c1b91 Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator 
Approved by calumgrant
 2019-12-02 11:01:35 +00:00
Max Schaefer
aeda2d68f8 JavaScript: Introduce localTaintStep predicate. 
It's sometimes useful for exploratory queries, and the other languages have it as well.
 2019-12-02 09:43:08 +00:00
Paulino Calderon
8026925a3a Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql 
Added missing quotes.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:39:50 -05:00
Paulino Calderon
879d34d24d Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp 
Missing comma.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:39:29 -05:00
Paulino Calderon
22964cba74 Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp 
Rephrasing.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:39:04 -05:00
Paulino Calderon
a2dfd551f6 Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp 
built in to built-in

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-11-29 22:38:42 -05:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Jonas Jensen
d22df24cab Merge pull request #2467 from geoffw0/speedup1 
CPP: Speed up isCompiledAsC.
 2019-11-28 17:31:27 +01:00
semmle-qlci
198b3b34a3 Merge pull request #2432 from asger-semmle/install-typescript-deps 
Approved by max-schaefer
 2019-11-28 16:08:46 +00:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Tom Hvitved
04cecc04dd C#: Update EntityFrameworkCore test 2019-11-28 15:28:50 +01:00
Tom Hvitved
af453d081e C#: Only track taint through conversion operators defined in libraries 2019-11-28 15:21:04 +01:00
Taus
20513561a0 Merge pull request #2459 from RasmusWL/python-modernise-TurboGears-library 
Python: modernise TurboGears library
 2019-11-28 14:36:01 +01:00
semmle-qlci
2b0eef3b14 Merge pull request #2448 from tausbn/python-use-import-python-consistently 
Approved by RasmusWL
 2019-11-28 12:47:00 +00:00
Geoffrey White
b1c992e85f CPP: Speed up isCompiledAsC (x3). 2019-11-28 11:28:38 +00:00
Calum Grant
5833b15f0e C#: Analysis change notes. 2019-11-27 17:30:02 +00:00
Calum Grant
d001c3c2d2 C#: Restructure files. 2019-11-27 17:29:53 +00:00
Calum Grant
c906a8238d C#: Edit qhelp for cs/insecure-request-validation-mode 2019-11-27 16:37:37 +00:00
Calum Grant
4b19f3b6a4 C#: Whitespace edit and edit query metadata. 2019-11-27 16:37:37 +00:00
Paulino Calderon
6f346c6676 Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET 2019-11-27 16:37:37 +00:00
Rasmus Wriedt Larsen
44cc9dd0be Python: Add TurboGears templating example 2019-11-27 15:07:32 +01:00
Rasmus Wriedt Larsen
b526421072 Python: Autoformat TurboGears library 2019-11-27 14:19:51 +01:00
Rasmus Wriedt Larsen
9ef270fc92 Python: Modernise TurboGears library 2019-11-27 14:19:04 +01:00
Tom Hvitved
ce16bc553a C#: Autoformat 2019-11-27 13:47:24 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00
Rasmus Wriedt Larsen
3e5e14a14b Merge pull request #2431 from tausbn/python-cyclic-import-future-annotations 
Python: Account for non-evaluation of annotations in cyclic imports.
 2019-11-27 13:31:53 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
semmle-qlci
9ca4f6aecb Merge pull request #2392 from asger-semmle/window-name-flow 
Approved by max-schaefer
 2019-11-27 10:55:26 +00:00
semmle-qlci
793988afe4 Merge pull request #2344 from asger-semmle/element-pattern-prop-read 
Approved by max-schaefer
 2019-11-27 10:54:46 +00:00
Erik Krogh Kristensen
967ecbad24 Merge remote-tracking branch 'upstream/master' into promiseAll 2019-11-27 11:28:37 +01:00
Felicity Chapman
38f6f05f12 Merge pull request #2452 from yo-h/docs-query-metadata-precision-fix 
Documentation: fix invalid `@precision` value
 2019-11-27 10:26:49 +00:00
Erik Krogh Kristensen
e27a69960d update description 2019-11-27 11:17:19 +01:00
Tom Hvitved
39aaa38486 C#: Update EntityFramework test 2019-11-27 10:28:12 +01:00
Asger F
6eb2c26ea4 TS: Pass --no-default-rc and --non-interactive to yarn 2019-11-27 06:42:03 +00:00
Asger F
605c8834c6 JS: Avoid redundant window.name sources 2019-11-27 06:15:12 +00:00
yo-h
8a8b795696 Merge pull request #2447 from aschackmull/java/cache-perf 
Java: Improve performance by normalizing import order to reduce cache invalidation.
 2019-11-26 16:26:53 -05:00
Jonas Jensen
c05cc77a91 Merge pull request #2421 from dbartol/dbartol/IndirectAlias 
C++/C#: Cleanup in preparation for indirect alias analysis
 2019-11-26 21:59:17 +01:00
yo-h
2eea94c3dc Documentation: fix invalid @precision value 2019-11-26 14:11:54 -05:00
Dave Bartolomeo
4e1ee7a998 C++/C#: Fix formatting 2019-11-26 10:48:24 -07:00
Taus Brock-Nannestad
118275e948 Python: Use import python consistently in all queries. 2019-11-26 17:37:09 +01:00
Anders Schack-Mulligen
deb6a6e5c6 Java: Improve performance by normalizing import order to reduce cache invalidation. 2019-11-26 17:20:01 +01:00
Erik Krogh Kristensen
b5a57986c6 small changes based on review feedback 2019-11-26 15:57:31 +01:00
Tom Hvitved
355c4f7154 C#: Add change note 2019-11-26 13:54:19 +01:00
Tom Hvitved
71e958eabc C#: Add taint-tracking steps through conversion operator calls 2019-11-26 13:53:50 +01:00
Tom Hvitved
acb069f69b C#: Add data flow tests for conversion operators 2019-11-26 13:53:17 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00