hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 22:03:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,699 Branches 161 Tags
codeql-cli/latest
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Grzegorz Golawski
4ce25c045d Simplify the query 2020-01-05 22:05:00 +01:00
Sauyon Lee
db40535b70 Merge pull request #207 from max/uber-fixes 
Various library improvements
 2020-01-03 17:18:49 -08:00
Grzegorz Golawski
ab49397bb8 Add check for disabled CSRF protection in Spring 2020-01-03 21:52:50 +01:00
Calum Grant
41b4d70504 C#: Refactor, improve documentation and add tests for cs/serialization-check-bypass 2020-01-03 18:46:39 +00:00
shati-patel
9b9d7121e8 Merge pull request #2583 from jf205/advanced-ql 
CodeQL documentation: reorganize 'Advanced QL' topics
 2020-01-03 16:02:28 +00:00
James Fletcher
47f61f3569 Update docs/language/learn-ql/writing-queries/debugging-queries.rst 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2020-01-03 15:55:14 +00:00
james
537739c42d docs: address review comments 2020-01-03 15:31:31 +00:00
Anders Schack-Mulligen
e74aa33f9d Java: Include non-null final fields in clearlyNotNull. 2020-01-03 16:24:54 +01:00
Asger F
503bcdc5d7 JS: Dont capitalize Promise in prose 2020-01-03 14:16:31 +00:00
Asger F
3c601fce74 Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-03 14:15:52 +00:00
Max Schaefer
638fe07da0 Move getReceiver from MethodCallNode to CallNode. 2020-01-03 14:14:18 +00:00
Max Schaefer
bb4052a574 Generalise result type of getACallee. 2020-01-03 14:14:18 +00:00
Max Schaefer
59498f53f0 Move FuncDec.getACall into FuncDecl. 
Also changes the result from a `CallExpr` to a `CallNode` for consistency with `Function.getACall`.
 2020-01-03 14:13:38 +00:00
Asger F
30a8769dad JS: Add more bad promise contexts 2020-01-03 14:12:55 +00:00
Mathias Vorreiter Pedersen
e926966e73 C++: Added more tests 2020-01-03 14:08:12 +01:00
Mathias Vorreiter Pedersen
cea78879b2 C++: Rename variables in tests to reflect their types 2020-01-03 14:07:19 +01:00
semmle-qlci
dc7863ce29 Merge pull request #2579 from asger-semmle/typescript-trace-resolution 
Approved by max-schaefer
 2020-01-03 12:57:43 +00:00
Jonathan Leitschuh
0e2c5db7b1 Netty Response Splitting use CompileTimeConstantExpr 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-01-03 07:51:55 -05:00
james
23d1e06aa4 docs: move abstract classes topic to handbook 2020-01-03 12:07:01 +00:00
james
e8016a2303 docs: delete equivalence topic 2020-01-03 12:07:01 +00:00
james
fe18c18619 docs: move folding predicates topic 2020-01-03 12:06:55 +00:00
Asger F
4772798d7b JS: do not resolve arbitrary extensions to JavaScript files 2020-01-03 11:37:51 +00:00
Asger F
c5f73cb868 JS: Add test showing spurious .css import 2020-01-03 10:59:10 +00:00
semmle-qlci
29be46169a Merge pull request #2576 from asger-semmle/typescript-cyclic-prop-fallthroughnode 
Approved by max-schaefer
 2020-01-03 10:50:05 +00:00
Asger F
f31d47c66e TS: explain test case 2020-01-03 10:48:15 +00:00
Asger F
36546ce7fe TS: Print warning when bailing out of symbol type 2020-01-03 10:45:18 +00:00
Erik Krogh Kristensen
c22d3d0b3a add test for block-level flow type annotations 2020-01-03 11:07:35 +01:00
semmle-qlci
06d812a6ff Merge pull request #2556 from erik-krogh/RegexpVoidCxt 
Approved by max-schaefer
 2020-01-03 08:38:56 +00:00
Sauyon Lee
0a39124223 Merge pull request #206 from max/generalise-alert-suppression 
Alert suppression through single-line /* */ style comments.
 2020-01-02 11:47:44 -08:00
Asger F
3a4771c29c TS: Wrap getTypeOfSymbolAtLocation in try/catch 2020-01-02 16:55:17 +00:00
Asger F
202746e92d TS: Guard getTypeAtLocation with try/catch 2020-01-02 16:31:23 +00:00
Asger F
0388e9ca0c TS: Add regression test 2020-01-02 16:28:49 +00:00
shati-patel
564013d188 Merge pull request #2578 from jf205/ql-spec-fixes 
QL spec: fix bullet list in 'Aggregations' section
 2020-01-02 15:55:49 +00:00
james
618a3f91d8 docs: fix list 2020-01-02 15:48:57 +00:00
Asger F
2ca0e7d232 TS: Disable output from tracing 2020-01-02 15:38:10 +00:00
Asger F
8f478f7caf TS: Add test with traceResolution: true 2020-01-02 15:04:30 +00:00
Mathias Vorreiter Pedersen
7dbb191531 C++: Improve query precision 2020-01-02 15:53:22 +01:00
Mathias Vorreiter Pedersen
cfb839a8f9 C++: Add test demonstrating the false positive 2020-01-02 15:48:01 +01:00
James Fletcher
f48b8fef20 Merge pull request #2575 from shati-patel/qlhb/bindingset 
QL HB: Add bindingset example
 2020-01-02 14:46:21 +00:00
shati-patel
f38ae3c677 QL HB: Reword description 
Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-01-02 14:41:58 +00:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Shati Patel
94d55e90b0 QL HB: Use "real" example 2020-01-02 14:25:44 +00:00
Asger F
bcf1533e71 TS: Blacklist cyclic property fallthroughFlowNode 2020-01-02 14:13:48 +00:00
Anders Schack-Mulligen
7e987c570f Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution 
Java: Use of HTTP/FTP to download/upload Maven artifacts
 2020-01-02 14:47:30 +01:00
Shati Patel
b68f9f7e00 QL HB: Add bindingset example 2020-01-02 13:06:17 +00:00
Max Schaefer
8d1ad5c5f3 JavaScript: Alert suppression through single-line /* */ style comments. 2020-01-02 10:45:20 +00:00
Erik Krogh Kristensen
d1a77d6993 refactor isInterpretedAsRegExp to directly work on a DataFlow node 2020-01-02 11:18:14 +01:00
Max Schaefer
de02bb4a0d JavaScript: Prevent joining on configuration in onPath. 2020-01-02 09:49:09 +00:00
Max Schaefer
2a55ba5d4f JavaScript: Fix join order in PathNode.getASuccessor. 2020-01-02 09:48:57 +00:00
Sauyon Lee
9fd7db7e43 Merge pull request #205 from max/trap-writer-long-strings 
Teach TRAP writer to truncate strings longer than 1MiB.
 2019-12-27 11:35:34 -08:00