codeql

mirror of https://github.com/github/codeql.git synced 2026-03-17 21:16:48 +01:00

Author	SHA1	Message	Date
Matthew Gretton-Dann	99fd323ded	Don't trace through pkill or pgrep on macOS.	2020-09-15 13:37:22 +01:00
Taus Brock-Nannestad	2e737eda1e	Python: Add a few function-local import tests	2020-09-15 14:25:26 +02:00
Taus Brock-Nannestad	d5e9f36747	Python: Add "enclosing callable" for `ModuleVariableNode` I've named this `DataFlowModuleScope` since it's not really a callable (and all of the relevant methods are empty anyway).	2020-09-15 14:23:20 +02:00
Jonas Jensen	27b8dc2b13	C++: Add tests for flow through arrays	2020-09-15 14:19:34 +02:00
Mathias Vorreiter Pedersen	3005f252ca	C++: Fix annotation	2020-09-15 13:34:50 +02:00
Mathias Vorreiter Pedersen	0ba72c6685	C++: Accept changes.	2020-09-15 12:49:22 +02:00
Mathias Vorreiter Pedersen	265a641d06	C++: Use the underlying type to check whether a type is a single-field struct.	2020-09-15 12:49:16 +02:00
CodeQL CI	951e3093d2	Merge pull request #4231 from erik-krogh/CVE767 Approved by asgerf	2020-09-15 03:47:40 -07:00
Mathias Vorreiter Pedersen	d18dd5ab09	C++: Add testcase demonstrating the underlying problem in `6ca9c449af`.	2020-09-15 12:32:15 +02:00
Joe	efe3ac0a37	Java: Rename the existing file called PrintAst.qll	2020-09-15 11:30:56 +01:00
Erik Krogh Kristensen	2de94abe9f	Merge pull request #4244 from erik-krogh/badJQueryJoin JS: Fix Bad join orders in UnsafeJQueryPlugin	2020-09-15 12:29:25 +02:00
Erik Krogh Kristensen	fa255f3534	add test for self.importScripts(..)	2020-09-15 12:23:48 +02:00
Jonas Jensen	25412da845	Merge pull request #4253 from geoffw0/stringstream2 C++: Model more stringstream features	2020-09-15 12:19:26 +02:00
Erik Krogh Kristensen	cc5109d693	Update change-notes/1.26/analysis-javascript.md Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-09-15 12:14:51 +02:00
Tamas Vajk	23a9d0764e	Java: Fix range analysis false negative	2020-09-15 12:09:05 +02:00
Mathias Vorreiter Pedersen	1fbb0fbf54	Merge pull request #4266 from geoffw0/cwe190tests C++: CWE-190 Tests.	2020-09-15 12:08:00 +02:00
Tamas Vajk	c66473cb8a	Java: Add test for range analysis	2020-09-15 12:07:30 +02:00
Asger Feldthaus	d728c3948c	JS: Log the amount of memory passed to TypeScript process	2020-09-15 09:17:42 +01:00
Tom Hvitved	d095d6b56b	Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty	2020-09-15 09:30:29 +02:00
Robert Marsh	5f2cafc4f5	C++: Interprocedural iterator flow	2020-09-14 14:36:19 -07:00
Erik Krogh Kristensen	c5b5a4fd55	improve performance of NodeJS::NodeModule::exports	2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen	c1cb19abd7	add level PreCallGrapSteps to the callgraph	2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen	f2ecb63e5a	add a direct Export step as a PreCallGraphStep	2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen	29457c52dc	add reexported test to PackageExports test	2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen	61f6580d1e	add API in `PackageExports.qll` for getting a value exported under a name	2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen	d3653b3030	add support for re-exports using the spread operator for NodeJS exports	2020-09-14 23:28:35 +02:00
Mathias Vorreiter Pedersen	0c14e2b69a	C++: Fix annotations in taint.cpp	2020-09-14 23:08:50 +02:00
Mathias Vorreiter Pedersen	3e56db7f83	C++: Make fieldReadStep private	2020-09-14 20:52:55 +02:00
Mathias Vorreiter Pedersen	7cd6137b34	Merge branch 'main' into mathiasvp/array-field-flow	2020-09-14 20:45:06 +02:00
Geoffrey White	6ca9c449af	C++: Add a test demonstrating the recent regression.	2020-09-14 17:55:20 +01:00
Rasmus Lerchedahl Petersen	839cd829ce	Python: Fix formatting	2020-09-14 18:48:55 +02:00
Taus Brock-Nannestad	3727c48227	Python: Record test changes Some of the places where flow has disappeared look a bit suspect, so I don't consider this to be the final word on these tests.	2020-09-14 18:12:20 +02:00
Taus Brock-Nannestad	0bb726f21c	Python: Fix up merge weirdness	2020-09-14 17:57:45 +02:00
yoff	5efc06da2c	Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-09-14 17:08:39 +02:00
Rasmus Lerchedahl Petersen	4c02852358	Python: add missing * (and a rename)	2020-09-14 16:56:46 +02:00
Erik Krogh Kristensen	03a3c4f4b2	update expected output	2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen	f4f96ce04d	use new source in client-side-url-redirect test	2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen	cb7de2714a	add `onmessage` handlers registered using global property as `PostMessageEventHandler`	2020-09-14 16:50:45 +02:00
Asger F	c106b6777c	Merge pull request #4254 from asgerf/js/bump-extractor-version-string JS: Bump extractor version string	2020-09-14 15:17:29 +01:00
Erik Krogh Kristensen	283be19201	add change-note for importScripts	2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen	6e84ac8e6c	add test for importScripts	2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen	2e3df74dce	add importScripts as a sink for js/client-side-unvalidated-url-redirection	2020-09-14 16:02:34 +02:00
Slavomir	a340270dc1	Move html TemplateEscape out of Texttemplate module	2020-09-14 15:47:52 +02:00
Slavomir	9a560e994c	Remove redundant field	2020-09-14 15:47:51 +02:00
Slavomir	ce67720542	Add taint-tracking for `html/template` package.	2020-09-14 15:47:51 +02:00
Slavomir	35136bbb2c	Add escape function.	2020-09-14 15:47:51 +02:00
Slavomir	52d4c71ec2	Add taint-tracking for `html` package.	2020-09-14 15:47:51 +02:00
Chris Smowton	8d7cbe3aa5	Merge pull request #323 from gagliardetto/standard-lib-pt-8 Add taint-tracking for packages in `encoding/*`	2020-09-14 14:41:19 +01:00
Geoffrey White	22097a9e13	C++: Add some CWE-190 tests I had lying around.	2020-09-14 14:39:02 +01:00
Rasmus Lerchedahl Petersen	ecc5a4a1f6	Python: testIsTrue -> branch	2020-09-14 15:32:03 +02:00

... 1373 1374 1375 1376 1377 ...

86161 Commits