hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 13:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,698 Branches 161 Tags
codeql-cli/latest
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
355c4f7154 C#: Add change note 2019-11-26 13:54:19 +01:00
Tom Hvitved
71e958eabc C#: Add taint-tracking steps through conversion operator calls 2019-11-26 13:53:50 +01:00
Tom Hvitved
acb069f69b C#: Add data flow tests for conversion operators 2019-11-26 13:53:17 +01:00
Erik Krogh Kristensen
4a94c49d37 changes based on review feedback 2019-11-26 13:40:48 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Erik Krogh Kristensen
97718bf1d4 the callback function can both be the second and third argument 2019-11-26 13:00:00 +01:00
semmle-qlci
3d5d178b19 Merge pull request #2439 from erik-krogh/useOfReturnlessFunctionHotfix 
Approved by max-schaefer
 2019-11-26 11:56:57 +00:00
Erik Krogh Kristensen
b06acd1ed0 add change note 2019-11-26 12:52:41 +01:00
Erik Krogh Kristensen
0f948339af add change note 2019-11-26 11:23:30 +01:00
Erik Krogh Kristensen
b6106f9638 keep the ResolvedPromiseDefinition class as a subclass of PromiseCreationCall 2019-11-26 11:16:59 +01:00
Erik Krogh Kristensen
f284b3a2bb Merge remote-tracking branch 'upstream/master' into exceptionXss 2019-11-26 10:54:04 +01:00
Erik Krogh Kristensen
7ee12a3420 change doc based on review feedback 2019-11-26 10:48:24 +01:00
Anders Schack-Mulligen
18e1708036 Merge pull request #2412 from Cornelius-Riemenschneider/nullness-corr-cond 
Java: Nullness library: track instanceof expressions in correlated conditions
 2019-11-26 10:33:34 +01:00
Erik Krogh Kristensen
fed2675f76 remove FP in use-of-returnless-function FP related to calls to super() 2019-11-26 10:17:04 +01:00
Erik Krogh Kristensen
89dac23969 remove 3 FP sources from use-of-returnless-function 2019-11-26 10:16:18 +01:00
semmle-qlci
fb44aa18bd Merge pull request #2428 from erik-krogh/useOfReturnlessFunctionSuperCalls 
Approved by max-schaefer
 2019-11-26 09:14:08 +00:00
semmle-qlci
cf92022c89 Merge pull request #2420 from erik-krogh/safeStringSink 
Approved by asgerf
 2019-11-26 08:09:05 +00:00
Robert Marsh
60b384a6e5 C++/C#: use line numbers for instruction IDs 
This should reduce the number of merge conflicts in the IR tests resulting
from instruction ID changes due to inserting or removing instructions
 2019-11-25 18:27:59 -05:00
yo-h
1a07f215ad Merge pull request #2436 from felicitymay/1.23/SD-4095-finalize-change-notes-java 
1.23: SD-4095 finalize change notes for Java
 2019-11-25 18:19:25 -05:00
Sauyon Lee
1d21347578 Merge pull request #194 from max/field-write-through-embedded-pointer 
Fix DeadStoreOfField false positive.
 2019-11-25 13:14:24 -08:00
Max Schaefer
ee723d8a4f Fix DeadStoreOfField false positive. 
We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.
 2019-11-25 20:21:16 +00:00
Sauyon Lee
2c921d9418 Merge pull request #193 from max/header-xss 
Don't flag header injection as XSS.
 2019-11-25 11:56:54 -08:00
Calum Grant
113df4ea1d Merge pull request #2278 from hvitved/csharp/autobuilder/shared-compilation 
C#: Only set `UseSharedCompilation=false` in autobuilder when needed
 2019-11-25 18:37:09 +00:00
Dave Bartolomeo
7d48220a76 C++/C#: Make QLDoc conform to style guide 2019-11-25 11:26:45 -07:00
Dave Bartolomeo
44c1c5a7ab C++: Update points_to.ql test to use new bit offset format 2019-11-25 11:13:02 -07:00
Dave Bartolomeo
521fbb125e C++/C#: Fix formatting 2019-11-25 11:12:23 -07:00
Felicity Chapman
775ed381e1 Update to clarify status of one new query 2019-11-25 17:35:01 +00:00
Asger F
e3e15a6015 JS: Rephrase change note 2019-11-25 17:20:42 +00:00
Sauyon Lee
61c2478541 Merge pull request #12 from github/rc/1.23 
Merge rc/1.23 into master
 2019-11-25 09:20:17 -08:00
Asger F
df97ab2cb8 TS: Add INDEX prefix to env variables 2019-11-25 17:10:00 +00:00
Asger F
2508da7971 JS: Add change note 2019-11-25 17:01:32 +00:00
Asger F
7e515aeb72 TS: Verify yarn installation 2019-11-25 16:22:21 +00:00
Cornelius Riemenschneider
37f162106a Fix formatting of file. 2019-11-25 17:04:38 +01:00
Tom Hvitved
fede9aed04 Merge pull request #2355 from cldrn/AspNetMaxRequestLength 
CodeQL query to check for insecure MaxLengthRequest values in ASP.NET applications
 2019-11-25 17:02:22 +01:00
Felicity Chapman
87fca1fde6 Remove backticks from 'struct' 2019-11-25 15:56:29 +00:00
Max Schaefer
8bd45593e0 Merge pull request #11 from github/1.23/SD-4095-finalize-change-notes-go 
1.23: SD-4095 Minor text changes to analysis change notes
 2019-11-25 15:56:17 +00:00
Tom Hvitved
07e18c88a8 C#: Address review comments 2019-11-25 16:51:09 +01:00
Felicity Chapman
de2c7d8884 Minor text changes 2019-11-25 15:48:58 +00:00
Felicity Chapman
49bdf7ed1c Fix table sort order 2019-11-25 15:36:58 +00:00
Felicity Chapman
f75b61e2f0 Minor text changes 2019-11-25 15:36:37 +00:00
semmle-qlci
d58a6b02bf Merge pull request #2396 from hvitved/dataflow/erased-type-class 
Approved by aschackmull, jbj
 2019-11-25 15:22:13 +00:00
Felicity Chapman
f5bf877671 Fix table sort order 2019-11-25 15:18:30 +00:00
Felicity Chapman
dc258f13e3 Minor text changes 2019-11-25 15:17:02 +00:00
Geoffrey White
1d26d4c5e4 Merge pull request #2404 from jbj/signed-overflow-macro 
C++: Fix SignedOverflowCheck.ql performance
 2019-11-25 15:15:57 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS. 
All results I have seen from this are uninteresting.
 2019-11-25 15:06:53 +00:00
Asger F
e5ba80b18c JS: Add test 2019-11-25 15:05:33 +00:00
Asger F
82b35a116c JS: Handle .js import of .ts file 2019-11-25 14:58:12 +00:00
Asger F
b306eeeb6e TS: Option to install dependencies 2019-11-25 14:42:17 +00:00
Dave Bartolomeo
4a21123107 Merge pull request #2427 from jbj/comparison-with-wider-type-notc 
C++: Stricter loop-variant check
 2019-11-25 07:38:02 -07:00
Taus Brock-Nannestad
036e0f75c8 Python: Account for non-evaluation of annotations in cyclic imports. 
Should fix #2426.

Essentially, we disregard expressions used inside annotations, if these
annotations occur in a file that has `from __future__ import annotations`, as
this prevents the annotations from being evaluated.
 2019-11-25 15:32:52 +01:00