hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 11:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
a1c7fd8fec C++: Remove the workaround for CPP-331. 2020-09-03 18:51:21 +01:00
Geoffrey White
5150bf30e7 C++: Add another test case inspired by CPP-331. 2020-09-03 18:50:11 +01:00
Geoffrey White
1483306c4c C++: Add more tests. 2020-09-03 18:39:50 +01:00
CodeQL CI
f180497554 Merge pull request #4192 from max-schaefer/js/ssa__implicitinit 
Approved by asgerf
 2020-09-03 16:46:56 +01:00
Chris Smowton
47958e6de8 Go.mod comments: trim newlines 
These weren't previously reported as part of the comment text, but are as of the latest version of golang.org/x/tools
 2020-09-03 15:54:56 +01:00
Slavomir
5e62b002ff Fix: Append* does not modify the dst slice argument. 2020-09-03 15:43:16 +02:00
Slavomir
e7f2fb27eb Add taint-tracking for reflect package 2020-09-03 15:43:16 +02:00
Chris Smowton
380410e687 Go autoformat: exclude vendor/ directory 2020-09-03 14:37:26 +01:00
Chris Smowton
e386346a25 Extractor: tolerate ast.File structures without a package declaration 
In earlier versions of golang/x/tools these would be omitted entirely; now they can result in ast.File structures whose ast.Package field is zero (NoPos), and in my experience these contain no information in their other fields either.
 2020-09-03 14:32:23 +01:00
Max Schaefer
c7b4db8d16 Merge pull request #319 from aeisenberg/patch-1 
Update devcontainer memory settings
 2020-09-03 14:31:11 +01:00
Max Schaefer
d8fbf60cbf JavaScript: Weaken a few types to stay under BDD node limit. 
`SourceNode` in cached layers seems particularly problematic.
 2020-09-03 14:29:04 +01:00
Max Schaefer
e77948103f JavaScript: Remove AdditionalFeature from ApiGraphs. 
I ended up not using it for flow summaries, so at this point it is purely speculative generality. We can reintroduce it later if we need to.
 2020-09-03 14:29:04 +01:00
Max Schaefer
924ef6ae5d Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 14:04:23 +01:00
Rasmus Wriedt Larsen
29bf98ad26 Python: Fix CUSTOM_SOURCE dataflow regression test 2020-09-03 15:03:53 +02:00
Asger Feldthaus
c05f5c1bc2 JS: Change note 2020-09-03 14:02:08 +01:00
Asger Feldthaus
393db73d0a JS: Update test 2020-09-03 14:01:40 +01:00
Asger Feldthaus
bfcc434a61 JS: Use both local and global names in hasQualifiedName 2020-09-03 14:01:13 +01:00
Asger Feldthaus
f7552a77c3 JS: Add metric for number of types with qualified names 2020-09-03 14:01:13 +01:00
Rasmus Wriedt Larsen
febbe1229a Merge branch 'main' into python-more-complete-dataflow-tests 2020-09-03 14:58:20 +02:00
CodeQL CI
c8ffde20f4 Merge pull request #4195 from RasmusWL/python-taint-default-sanitizer 
Approved by tausbn
 2020-09-03 13:55:32 +01:00
Erik Krogh Kristensen
ed54fdcb06 Merge pull request #4118 from dellalibera/js/ldap 
[javascript] CodeQL to detect LDAP Injection
 2020-09-03 14:50:03 +02:00
Erik Krogh Kristensen
d56ea22018 Merge pull request #4200 from erik-krogh/typeaheadInconsistencyComment 
JS: adjust comment about inconsistency for XSS in typeahead
 2020-09-03 13:56:40 +02:00
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Nick Rolfe
b8ae87470d Merge pull request #4182 from github/igfoo/cfg 
C++: Remove some remnants of the extractor CFG
 2020-09-03 12:22:04 +01:00
Geoffrey White
50d9a85143 C++: Update change note. 2020-09-03 10:52:27 +01:00
Geoffrey White
d4cbb25e09 C++: Model std::string constructors and container constructors that use iterators. 2020-09-03 10:52:27 +01:00
Geoffrey White
1ac0aa169d C++: Add a few more test cases. 2020-09-03 10:52:26 +01:00
Geoffrey White
1ad404c605 C++: Extend model to include std::forward_list::insert_after. 2020-09-03 10:52:26 +01:00
Geoffrey White
fcacb22cad C++: Use [] in std::string begin model. 2020-09-03 10:52:26 +01:00
Geoffrey White
95ca4b674d C++: Add model for std::vector::insert. 2020-09-03 10:52:25 +01:00
Geoffrey White
f61c7ffc1a C++: Add support for iterator parameters to std::vector::assign. 2020-09-03 10:52:25 +01:00
Geoffrey White
8e9faac363 C++: Add support for std::vector begin and end. 2020-09-03 10:52:24 +01:00
Geoffrey White
4d47eaa08d C++: Add support for iterator parameters to std::string::assign. 2020-09-03 10:52:24 +01:00
Geoffrey White
98f84646d6 C++: Result changes due to iterators PR, which adds support for std::string begin and end, and iterator parameters to std::string::insert and some similar functions. 2020-09-03 10:52:24 +01:00
Geoffrey White
7917dff843 C++: Add test cases for std::string and std::vector using iterator methods. 2020-09-03 10:52:23 +01:00
Geoffrey White
fcdbe0f512 C++: Add a const conversion constructor to std::iterator in the tests. 2020-09-03 10:52:23 +01:00
Rasmus Wriedt Larsen
9a821bf449 Merge pull request #4 from yoff/RasmusWL-python-more-complete-dataflow-tests 
Python: Annotate test file
 2020-09-03 11:28:42 +02:00
Rasmus Lerchedahl Petersen
aad51af4ce Python: use concrete iterable source 2020-09-03 11:25:41 +02:00
yoff
8997799e4d Merge pull request #1 from RasmusWL/RasmusWL-python-more-complete-dataflow-tests 
Small fixups to your PR to my PR
 2020-09-03 11:14:52 +02:00
Rasmus Wriedt Larsen
b958c3b833 Python: Update comment for test8 2020-09-03 11:13:32 +02:00
CodeQL CI
aa4237c27c Merge pull request #4191 from erik-krogh/v8Syntax 
Approved by esbena
 2020-09-03 09:57:00 +01:00
Erik Krogh Kristensen
3952553953 adjust comment about inconsistency for XSS in typeahead 2020-09-03 10:50:40 +02:00
Alessio Della Libera
116e7d006d Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 10:32:18 +02:00
Alessio Della Libera
bfae0ef5d5 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 10:32:08 +02:00
CodeQL CI
2ba84be565 Merge pull request #4185 from erik-krogh/unusedArrDestruct 
Approved by esbena
 2020-09-03 09:18:15 +01:00
Erik Krogh Kristensen
4fdd2cd794 add change note 2020-09-03 10:06:52 +02:00
Erik Krogh Kristensen
1f9749fbfe revert mailto: change in TargetBlank.ql 2020-09-03 09:39:01 +02:00
Erik Krogh Kristensen
d7a96d685a simplify implementation of getDelimiterMatchingRegexp 2020-09-03 09:37:43 +02:00
Erik Krogh Kristensen
87d39db95f add change note 2020-09-03 08:58:33 +02:00
Erik Krogh Kristensen
ec21236bba update docstring for isNonLastDestructedArrayElement 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-09-03 08:51:10 +02:00