hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,688 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
bc7871078a JS: Fix FPs from Object.create(null) 2020-01-14 10:52:59 +00:00
Asger F
c889420dd3 JS: Add qhelp samples to test suite 2020-01-14 10:52:59 +00:00
Asger F
654f145772 JS: Add PrototypePollutionUtility query 2020-01-14 10:52:59 +00:00
Asger F
52cec25035 JS: Build access paths for array accesses 2020-01-14 10:52:59 +00:00
Sauyon Lee
1125c1ac41 Merge pull request #216 from Semmle/add-sql-tx-support 
Add tests for https://github.com/github/codeql-go/pull/15
 2020-01-14 01:55:29 -08:00
Tom Hvitved
5a4be67d81 Merge pull request #2597 from calumgrant/cs/multiline-alert-suppression 
C#: Alert suppression through single-line /* */ style comments
 2020-01-14 10:35:11 +01:00
Max Schaefer
efc72fa01a Remove Entity.getAUse() and replace uses with getAReference(). 
The former had result type `Ident`, so it wouldn't pick up references to methods and fields. Apart from that, it is subsumed by the latter anyway.
 2020-01-14 07:15:43 +00:00
Asger Feldthaus
73e60a7400 JS: Ignore strict-mode-call-stack-introspection for expr stmts 2020-01-13 16:03:03 +00:00
Anders Schack-Mulligen
041bcc5812 Java/C++/C#: Small perf improvement and simplification. 2020-01-13 17:00:56 +01:00
Jonas Jensen
b8ee5a63db Merge pull request #2614 from geoffw0/arithun 
CPP: Speed up ArithmeticUncontrolled.ql
 2020-01-13 15:25:12 +01:00
Jonas Jensen
3183893a98 Merge pull request #2530 from geoffw0/hiddenqueries2 
CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql.
 2020-01-13 15:23:55 +01:00
Mathias Vorreiter Pedersen
1bc3829a72 C++: Use newly created library versions of the 'Underspecified Functions' queries in new ImplicitFunctionDeclaration query 2020-01-13 14:01:01 +01:00
Mathias Vorreiter Pedersen
acb106be44 C++: Fix formatting 2020-01-13 13:20:23 +01:00
semmle-qlci
40de391490 Merge pull request #2616 from asger-semmle/promise-missing-await-change-note 
Approved by mchammer01
 2020-01-13 12:03:11 +00:00
Asger F
6c4da30a64 Update change-notes/1.24/analysis-javascript.md 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2020-01-13 11:05:03 +00:00
Mathias Vorreiter Pedersen
394a864b0a C++: Factored the body of TooManyArguments.ql out into a library file 2020-01-13 11:44:58 +01:00
Mathias Vorreiter Pedersen
6cff36b9c9 C++: Factored the body of TooFewArguments.ql out into a library file 2020-01-13 11:36:22 +01:00
Mathias Vorreiter Pedersen
e2244d41f5 C++: Factored the body of MistypedFunctionArguments.ql out into a library file 2020-01-13 11:34:01 +01:00
Anders Schack-Mulligen
183fd91a01 Merge pull request #2615 from yo-h/java-add-change-note 
Java: add change note for `java/maven/non-https-url`
 2020-01-13 09:54:48 +01:00
Max Schaefer
d339d55faa Merge pull request #15 from RicterZ/add-sql-tx-support 
Add sql.Tx.Exec/Query... support
 2020-01-13 08:38:32 +00:00
Max Schaefer
d55ebd731d Autoformat. 2020-01-13 08:37:32 +00:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Ricter Zheng
a6e0dcaefc Add sql.Tx.Exec/Query... support 
Ref: https://golang.org/pkg/database/sql/#Tx.ExecContext
 2020-01-13 15:17:55 +08:00
Grzegorz Golawski
3e86dd1182 Query to detect LDAP injections in Java 
Apache LDAP API sink
 2020-01-12 20:19:25 +01:00
Mathias Vorreiter Pedersen
c9439df914 C++: Added query that detects implicit function declarations 2020-01-12 16:28:30 +01:00
Grzegorz Golawski
c01aa3d2ee Query to detect LDAP injections in Java 
Spring LDAP sink
 2020-01-12 13:28:29 +01:00
Grzegorz Golawski
7570fa9137 Query to detect LDAP injections in Java 
JNDI and UnboundID sinks
JNDI, UnboundID and Spring LDAP sanitizers
 2020-01-11 21:55:54 +01:00
Sauyon Lee
00dd464697 Update stats 2020-01-10 19:27:47 -08:00
Sauyon Lee
f01ef40af3 Update golang.org/x/tools dependency 2020-01-10 19:27:46 -08:00
Sauyon Lee
5985559161 Merge pull request #214 from max/issue-26 
Model `Header.Get` as a source of untrusted input.
 2020-01-10 19:26:43 -08:00
Erik Krogh Kristensen
c50de3a7e8 update expected output of tests 2020-01-10 17:49:24 +01:00
Erik Krogh Kristensen
1619a98bc8 make the default registration/dispatch extend DataFlow::InvokeNode 2020-01-10 17:40:16 +01:00
yo-h
bf8ef42c1a Java: add change note for java/maven/non-https-url 2020-01-10 11:03:48 -05:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Taus
cfb84be7b1 Merge pull request #2540 from RasmusWL/python-modernise-variables-queries 
Python: modernise variables queries
 2020-01-10 14:45:12 +01:00
Geoffrey White
9176529799 Merge pull request #2599 from MathiasVP/assign-where-compare-meant-false-positives 
Assign where compare meant false positives
 2020-01-10 13:39:39 +00:00
Erik Krogh Kristensen
ec5896abba add additional data-flow edges to data-flow related to promises 2020-01-10 14:12:53 +01:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Mathias Vorreiter Pedersen
111f1dbd19 Merge branch 'assign-where-compare-meant-false-positives' of github.com:MathiasVP/ql into assign-where-compare-meant-false-positives 2020-01-10 13:14:00 +01:00
Mathias Vorreiter Pedersen
f80c13abd7 C++: Fixed incorrect comments in testcases 2020-01-10 12:24:43 +01:00
Asger Feldthaus
18db551e10 JS: Add change note for js/missing-await 2020-01-10 11:10:57 +00:00
Mathias Vorreiter Pedersen
f181753c35 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:49:03 +01:00
Mathias Vorreiter Pedersen
21c99d1827 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:46:14 +01:00
Max Schaefer
1cafec56ad Add condition guard nodes for some switch statements. 
We now create condition guard nodes for `cond1` and `cond2` in

```
switch {
case cond1:
  s1
case cond2:
  s2
default:
  s3
}
```

to record the fact that `cond1` is known to be true at `s1` and false at `cond2`, and that `cond2` is known to be true at `s2` and false at `default`.
 2020-01-10 10:37:51 +00:00
Anders Schack-Mulligen
ad92d6fe0f Merge pull request #2607 from yo-h/java-alert-suppression-block-comment 
Java: allow single-line `/* ... */` comments for alert suppression
 2020-01-10 11:05:23 +01:00
yo-h
7ffa517803 Merge pull request #2584 from aschackmull/java/nonnull-final-field 
Java: Include non-null final fields in clearlyNotNull.
 2020-01-09 18:48:45 -05:00
Robert Marsh
d2b225790a C++: fix chi instr oeprands to chi instrs 2020-01-09 11:48:18 -08:00
Max Schaefer
e7514bf133 Add new test cases for CFG construction. 2020-01-09 17:20:39 +00:00
Erik Krogh Kristensen
87bbbd643c changes based on review feedback 2020-01-09 16:18:32 +01:00
Erik Krogh Kristensen
af8b36b750 Merge remote-tracking branch 'upstream/master' into EventEmitter 2020-01-09 15:09:43 +01:00