hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Esben Sparre Andreasen
169c8909df formatting 2020-06-11 13:28:26 +02:00
Esben Sparre Andreasen
bc7f02156b JS: replace class with two predicates (and improve alert message) 2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Erik Krogh Kristensen
f1b24ba901 use type inference to detect string concatenations 2020-06-11 12:34:58 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
f634c62af5 remove redundant check 2020-06-11 12:18:41 +02:00
Owen Mansel-Chan
c891d22f74 Make ArrayTypeExpr and so on extend TypeExpr 
To avoid a recursive definition, need to replace ArrayTypeExpr with@arraytypeexpr and so on in isTypeExprBottomUp(Expr e).
 2020-06-11 11:06:15 +01:00
Shati Patel
2874050503 CodeQL for Go: Edit AST reference 2020-06-11 10:49:19 +01:00
Rasmus Wriedt Larsen
a24974b194 Python: Add missing <p> to qhelp 2020-06-11 11:45:38 +02:00
Anders Schack-Mulligen
f23eb0432e Java: Improve qldoc for JavadocTag. 2020-06-11 11:44:50 +02:00
Rasmus Wriedt Larsen
33a9fb6034 Python: Reorder XSLT qhelp to be valid 2020-06-11 11:30:54 +02:00
Tom Hvitved
ca531cbb9a C#: Rename a class 2020-06-11 11:26:25 +02:00
Tom Hvitved
8395980fb1 C#: Recognize more calls to IHtmlHelper.Raw 
Generalize logic by recognizing not only calls to
`Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw()`, but calls to all `Raw()`
methods that implement `Microsoft.AspNetCore.Mvc.Rendering.IHtmlHelper.Raw()`.
 2020-06-11 11:26:25 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Owen Mansel-Chan
ab52010674 Give general syntax instead of examples for exprs 2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
3ca5d34d9b Add more links to java AST class reference 
Using the explicit hyperlink target feature of rst to keep the text in
the tables short and put all the URLs at the end of the document
 2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
84a4630eaf Move explicit hyperlink targets to the bottom 2020-06-11 10:06:42 +01:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Calum Grant
5e021c24c1 Merge pull request #3652 from hvitved/csharp/dataflow/impl-layer 
C#: Refactor data-flow predicates defined by dispatch
 2020-06-11 10:01:50 +01:00
Max Schaefer
c6537f6d3b Data flow: Allow nodes to be hidden from path explanations 
cf https://github.com/github/codeql/pull/3657
 2020-06-11 09:59:40 +01:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
Pavel Avgustinov
60df00c7e3 Merge pull request #3669 from github/sj-patch-contributing-SLA 
Update CONTRIBUTING.md to clarify that CLAs are no longer required
 2020-06-11 09:17:11 +01:00
Max Schaefer
24e2a294ed Merge pull request #169 from max-schaefer/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 09:15:28 +01:00
Shati Patel
d9d0903084 Merge pull request #3681 from github/rc/1.24 
Merge rc/1.24 into master
 2020-06-11 09:00:57 +01:00
Max Schaefer
d8f1873635 Merge branch 'master' into rc/1.24 2020-06-11 08:10:22 +01:00
Max Schaefer
cee248520e Merge pull request #3675 from owen-mc/ast-class-reference-for-go 
AST class reference for go
 2020-06-11 08:05:41 +01:00
Rasmus Lerchedahl Petersen
b5703cd3f6 Python: link to FP report in test file 2020-06-11 07:14:48 +02:00
Robert Marsh
982fb38807 Merge pull request #3419 from MathiasVP/flat-structs 
C++: Add reverse reads to IR field flow
 2020-06-10 14:31:00 -07:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Erik Krogh Kristensen
5142670138 don't import AdditionalSinks, refactor sink out in new HeuristicSinks instead 2020-06-10 22:30:45 +02:00
Mathias Vorreiter Pedersen
a38839b446 C++: Include copy of IntWrapper class with two data members 2020-06-10 22:27:40 +02:00
Mathias Vorreiter Pedersen
ca20f17703 C++: Implement move constructor in terms of swap. I'm haven't found anything online on whether this is good or bad, and the only reason for not doing it might be performance. 2020-06-10 22:16:58 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
semmle-qlci
b841cacb83 Merge pull request #3676 from max-schaefer/js/global-access-paths-minor-fixes 
Approved by erik-krogh
 2020-06-10 20:02:55 +01:00
Calum Grant
cd914deeff Merge pull request #3666 from hvitved/csharp/ir-experimental 
C#: Move IR code into 'experimental' folder
 2020-06-10 19:50:37 +01:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Owen Mansel-Chan
d8900448ec Add references to the AST class reference for go 2020-06-10 17:32:41 +01:00
Owen Mansel-Chan
48ff00832c Add a reference to the AST class reference for go 2020-06-10 17:24:40 +01:00
semmle-qlci
4cdb3c13df Merge pull request #3658 from RasmusWL/python-3.8-dict-ismapping 
Approved by tausbn
 2020-06-10 17:19:49 +01:00
semmle-qlci
f7c6b1364b Merge pull request #3640 from RasmusWL/python-handle-3.8-enum-convert 
Approved by tausbn
 2020-06-10 17:19:22 +01:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Marcono1234
5d2b911596 Fix incorrect java.util.regex.Pattern name in specification 2020-06-10 17:56:57 +02:00
Max Schaefer
0f2186c844 JavaScript: Fix a few typos. 2020-06-10 16:44:24 +01:00
Owen Mansel-Chan
5b2c0fbb04 AST class reference for go 
The master copy of this file is in the codeql-go repository
 2020-06-10 16:42:03 +01:00
Mathias Vorreiter Pedersen
1a95095505 C++: Add default move constructor. Also removed debug comment I forgot to remove earlier. Luckily, that meant that no line numbers changed in .expected files. 2020-06-10 17:13:04 +02:00
Owen Mansel-Chan
c30893aba7 Add AST class reference (#164) 2020-06-10 15:59:48 +01:00
Rasmus Wriedt Larsen
ce1f0a39ac Python: Minor fixup of qhelp for XPath injection 2020-06-10 16:59:40 +02:00