hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 05:42:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,472 Commits 1,685 Branches 159 Tags
ff62c56df1499cf4779910375cc7cd83eeb165da
Commit Graph

5472 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
ff62c56df1 JavaScript: Replace remaining uses of TrackedExpr with type tracking. 2019-06-28 09:21:41 +01:00
yh-semmle
0d4ff2d7fe Merge pull request #1513 from aschackmull/java/whitelist-sha512 
Java: Add SHA512 to the crypto whitelist.
 2019-06-27 19:48:13 -04:00
yh-semmle
0bbc0d966e Merge pull request #1516 from aschackmull/java/http-response-splitting-fp-fix 
Java: Add simple sanitizer for java/http-response-splitting.
 2019-06-27 19:47:48 -04:00
Pavel Avgustinov
da7591d1f6 Merge pull request #1519 from geoffw0/depkind 
CPP: Deprecate Expr.getKind() and Stmt.getKind().
 2019-06-27 19:22:57 +01:00
Jonas Jensen
c29ef904e0 Merge pull request #1498 from rdmarsh2/rdmarsh/exprHasNoEffect-defaulted-functions 
C++: fix FP with ExprHasNoEffect in defaulted func
 2019-06-27 20:10:37 +02:00
Taus
2576884667 Merge pull request #1499 from markshannon/python-fix-regex-parsing 
Python regex: Fix handling of character sets.
 2019-06-27 17:49:21 +02:00
Geoffrey White
65bf778b3a CPP: Deprecate Expr.getKind() and Stmt.getKind(). 2019-06-27 16:15:22 +01:00
semmle-qlci
7ff6d8262d Merge pull request #1514 from hvitved/cil/consistency 
Approved by calumgrant
 2019-06-27 15:15:43 +01:00
Taus
c0ff67beb7 Merge pull request #1496 from markshannon/python-uninitial-local-fix 
Python: Don't report uninitialized locals in unreachable code.
 2019-06-27 16:00:07 +02:00
semmle-qlci
c4cb75eff5 Merge pull request #1508 from xiemaisi/js/fix-MessageEvent-externs 
Approved by asger-semmle
 2019-06-27 14:32:21 +01:00
Anders Schack-Mulligen
85eac80be9 Java: Add simple sanitizer for java/http-response-splitting. 2019-06-27 14:03:48 +02:00
Tom Hvitved
481bf77d5f CIL: Speedup consistency tests 
- Make `InstructionViolation` abstract to avoid computing `getInstructionsUpTo()`
  for all instructions in the database.
- Enable `consistency.ql`, which reports all consistency violations, and remove
  all other specialized tests.
 2019-06-27 13:40:07 +02:00
Anders Schack-Mulligen
93646974a6 Java: Add SHA512 to the crypto whitelist. 2019-06-27 13:38:04 +02:00
semmle-qlci
44bd540c44 Merge pull request #1495 from asger-semmle/array-taint-step 
Approved by xiemaisi
 2019-06-27 12:16:17 +01:00
Jonas Jensen
d45b4175cb Merge pull request #1497 from geoffw0/dates-5 
CPP: General clean up for the new dates queries
 2019-06-27 10:20:30 +02:00
semmledocs-ac
31614fd4f4 Merge pull request #1500 from jbj/alistair-codeowners 
Add Alistair as code owner for *.qhelp within cpp
 2019-06-27 08:32:01 +01:00
semmle-qlci
1c25e17812 Merge pull request #1505 from hvitved/csharp/autoformat 
Approved by calumgrant
 2019-06-27 08:03:58 +01:00
semmle-qlci
f58c7cc79c Merge pull request #1446 from hvitved/csharp/cached-stages 
Approved by calumgrant
 2019-06-27 08:03:24 +01:00
Max Schaefer
7565eb263e JavaScript: Update externs for MessageEvent. 2019-06-26 19:12:05 -07:00
Tom Hvitved
bd03e7a590 C#: Auto format 2019-06-26 19:32:08 +02:00
semmle-qlci
1a9f3624c2 Merge pull request #1504 from xiemaisi/js/shift-bigint 
Approved by asger-semmle
 2019-06-26 18:30:48 +01:00
Max Schaefer
e35fde322b JavaScript: Teach ShiftOutOfRange about BigInt. 2019-06-26 09:16:34 -07:00
Robert Marsh
8994a5acf1 C++: fix FP with ExprHasNoEffect in defaulted func 
This is a workaround for an extractor issue where expressions in a
defaulted function are not always marked as generated. I haven't yet been
able to reproduce the issue in a test case.
 2019-06-26 09:11:23 -07:00
Jonas Jensen
473d4d44a3 Add Alistair as code owner for *.qhelp within cpp 2019-06-26 12:10:22 +02:00
Mark Shannon
347e3f3bd0 Python regex: Fix handling of character sets where first character in set is '['. 2019-06-26 10:55:47 +01:00
Taus
76f8da8986 Merge pull request #1484 from markshannon/python-aggressive-pruning 
Python: Use aggressive dead-code elimination when pruning.
 2019-06-25 19:17:44 +02:00
Geoffrey White
ac5b62ccff CPP: Update comment in qhelp sample for accuracy and consistency. 2019-06-25 17:26:46 +01:00
Geoffrey White
fe315a9a1c CPP: Make things private. 2019-06-25 17:08:35 +01:00
Geoffrey White
cb80aa3772 CPP: Rename the classes for time structs. 2019-06-25 16:49:25 +01:00
Geoffrey White
2e31f48a7a CPP: Clean up StructFieldAccess. 2019-06-25 16:43:24 +01:00
Asger F
57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Geoffrey White
66dffdde05 CPP: Correct overuse of 'toString'. 2019-06-25 16:38:16 +01:00
Tom Hvitved
51d093add0 C#: Address review comments 2019-06-25 17:01:48 +02:00
Mark Shannon
7bbe39ef01 Python: Don't report uninitialized locals in unreachable code. 2019-06-25 15:52:48 +01:00
Geoffrey White
bc5fb24371 CPP: Correct overuse of 'matches'. 2019-06-25 15:13:38 +01:00
Geoffrey White
ab543aa0eb CPP: QLDoc pass. 2019-06-25 15:12:27 +01:00
Geoffrey White
627fba81ce CPP: Improve wording of UnsafeArrayForDAysOfYear.ql. 2019-06-25 14:42:18 +01:00
Geoffrey White
db6e2904a8 CPP: Simplify to 'CrementOperation'. 2019-06-25 14:17:20 +01:00
Geoffrey White
51caee67b0 CPP: Update comment so that it no longer contains (incorrect) line numbers. 2019-06-25 14:15:09 +01:00
Asger F
aa4d28028e JS: Add test 2019-06-25 14:15:06 +01:00
Geoffrey White
fa1347f7ef CPP: Remove security tags that haven't been justified. 2019-06-25 14:11:56 +01:00
Asger F
71100bb68a JS: Do not require predecessor to be a SourceNode 2019-06-25 14:03:57 +01:00
Jonas Jensen
d2f8029625 Merge pull request #1492 from geoffw0/exprnoeffectweak 
CPP: Fix for 'Expression has no effect' on calls to weak functions
 2019-06-25 10:58:28 +02:00
Jonas Jensen
de65dc5501 Merge pull request #1490 from geoffw0/leapyeararith 
CPP: Improvements to LeapYear.qll
 2019-06-25 10:46:12 +02:00
Max Schaefer
0fa41f7a21 Merge pull request #1493 from chrisgavin/owasp-cheat-sheet 
JavaScript: Update link to the OWASP XSS prevetion cheat sheet.
 2019-06-24 16:09:02 -07:00
Chris Gavin
bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Geoffrey White
6800abdf23 CPP: Change note. 2019-06-24 22:07:55 +01:00
Geoffrey White
9a0645ac0b CPP: Calls to weak functions should be considered impure. 2019-06-24 22:04:12 +01:00
Geoffrey White
aee2af7ca1 CPP: Add a test of ExprHasNoEffect.ql with a call to a 'weak' function. 2019-06-24 22:01:46 +01:00
Geoffrey White
562141759a CPP: Autoformat LeapYear.qll. 2019-06-24 15:20:24 +01:00