hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 23:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,684 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
94190e76aa Python: Update py/modification-of-default-value to account for truthiness of default value. 2019-03-01 12:01:39 +00:00
Mark Shannon
ebd9bc3cb5 Python: Improve taint tracking to account for truthiness of the taint kind. 2019-03-01 11:24:07 +00:00
Mark Shannon
8a16164270 Merge pull request #878 from taus-semmle/python-mutable-default-with-flow 
Python: Make "Modification of parameter with default" flow-sensitive.
 2019-03-01 11:22:21 +00:00
Tom Hvitved
51e5a301cd Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTransform 
Detect usage of ICryptoTransform that would be thread-unsafe
 2019-03-01 11:49:27 +01:00
Max Schaefer
83e0f3bc8d Merge pull request #946 from esben-semmle/js/captured-nodes-query-and-type-inference-1 
JS: Captured Nodes, type inference + a query
 2019-03-01 10:48:52 +00:00
semmle-qlci
6cafe222c4 Merge pull request #1013 from asger-semmle/closure-string-ops 
Approved by esben-semmle
 2019-03-01 10:31:27 +00:00
Max Schaefer
a6f3305edc Merge pull request #1006 from asger-semmle/express-end 
JS: Treat res.end() as alias for res.send() in Express
 2019-03-01 10:30:06 +00:00
Taus Brock-Nannestad
64e6974aac Merge branch 'master' into python-mutable-default-with-flow 2019-03-01 11:10:56 +01:00
Taus Brock-Nannestad
91cfc9bd4c Change kind to path-problem. 2019-03-01 11:06:48 +01:00
Max Schaefer
d4d9d61216 JavaScript: Consolidate Express tests. 
Instead of having many small independent tests, we now just have a single test that pulls in all the individual tests and runs them together.

Concretely, each `.ql` file has been turned into a `.qll` file with a query predicate corresponding to the original `select` clause and named after the original `.ql` file, plus a prefix `test_`.

The newly added `tests.ql` imports all these `.qll`s.

The individual `.expected` files have been concatenated together into `tests.expected`, each prefixed with the name of the corresponding query predicate. (This is the format that qltest produces for tests with multiple query predicates.)
 2019-03-01 09:39:31 +00:00
Max Schaefer
b265ff7cdf JavaScript: Delete stray .expected file. 2019-03-01 09:39:31 +00:00
semmle-qlci
bc8906ba82 Merge pull request #1009 from xiemaisi/js/reformat-extractor 
Approved by asger-semmle
 2019-03-01 08:20:59 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
86bbb5fb18 JS: Add ZipSlip query to security suite 2019-02-28 15:46:34 -05:00
Jason Reed
c1b218a5ff JS: Documentation fixes 2019-02-28 15:46:19 -05:00
Jason Reed
c5e57dacf8 JS: Actually use fileName in examples 2019-02-28 15:46:14 -05:00
Jason Reed
674d2790b4 JS: Address review comments 2019-02-28 15:46:07 -05:00
Jason Reed
caebdd2f68 JS: Fix incorrect sample link 2019-02-28 15:46:00 -05:00
Jason Reed
2fc2a393b7 JS: Address review comments 2019-02-28 15:45:52 -05:00
Jason Reed
09b9a57783 JS: More efficient reasoning through pipe 2019-02-28 15:45:38 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
23d37c7167 JS: Unbreak TaintedPath 2019-02-28 15:45:26 -05:00
Jason Reed
32d48ba98b JS: Run auto-formatter 2019-02-28 15:45:20 -05:00
Jason Reed
abd2644af7 JS: Address review comments 2019-02-28 15:45:13 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Geoffrey White
28304e4fde Merge pull request #1005 from jbj/dataflow-Node-cached 
C++: Cache TNode and localFlowStep
 2019-02-28 17:43:14 +00:00
Taus
f91e06b5a8 Merge pull request #1002 from markshannon/python-cherrypy 
Python: CherryPy support
 2019-02-28 18:12:20 +01:00
Asger F
8dfec58428 JS: Update test 2019-02-28 16:49:35 +00:00
Asger F
47b5f34870 JS: shift line numbers in test output 2019-02-28 16:48:47 +00:00
Asger F
2bfb015218 JS: Add closure string ops 2019-02-28 16:47:53 +00:00
Asger F
2dc7f32ca3 JS: add Express to list of updated frameworks 2019-02-28 15:28:42 +00:00
Ian Lynagh
a709a2d0f3 C++: Add Variable.isConstexpr() 2019-02-28 15:26:15 +00:00
Mark Shannon
af2680729f Python: Fix qldoc. 2019-02-28 15:25:43 +00:00
Mark Shannon
faf9b4886d Python: Add change note for CherryPy support. 2019-02-28 15:25:41 +00:00
Mark Shannon
2df718d632 Python: Make bottle response logic consistent with other frameworks. 2019-02-28 15:25:15 +00:00
Mark Shannon
91a1cc9f0b Python: Add cherrypy handler function return values as taint sinks. 2019-02-28 15:25:13 +00:00
Mark Shannon
6c82be8bda Python: CherryPy web framework support -- requests. 2019-02-28 15:24:58 +00:00
Mark Shannon
e933ba28d5 Python: Add basic support for stdlib cookie objects. 2019-02-28 15:24:36 +00:00
Geoffrey White
832a436a49 Revert "C++: Revert doc-related changes to dbscheme" 
This reverts commit e81d197ebd.
 2019-02-28 14:50:49 +00:00
Geoffrey White
e55dc43111 CPP: Consistency changes suggested by Dave. 2019-02-28 14:50:49 +00:00
Geoffrey White
b1bf1b8f1c CPP: More annotations. 2019-02-28 14:50:49 +00:00
Geoffrey White
dd271f1c93 CPP: Fix type 'diagnosstic'. 2019-02-28 14:50:49 +00:00
Geoffrey White
0c84e06234 CPP: Fix typo. 2019-02-28 14:50:49 +00:00
Geoffrey White
6398298bea CPP: Add keyset annotations to the CPP dbscheme. 2019-02-28 14:50:49 +00:00
Taus
b8b4216352 Merge pull request #979 from markshannon/python-falcon 
Python: Add support for falcon web API framework.
 2019-02-28 15:47:35 +01:00
Max Schaefer
c4fa29dd0f JavaScript: Autoformat extractor sources using google-java-format. 
No special settings; command:

  find javascript/extractor/src -name "*.java" | xargs java -jar /path/to/google-java-format-1.7-all-deps.jar --replace
 2019-02-28 14:30:06 +00:00
Asger F
5478e0da62 Merge pull request #998 from xiemaisi/js/autobuild-file-types 
JavaScript: Make file types customisable in AutoBuild.
 2019-02-28 15:26:35 +01:00
Max Schaefer
2ecabad553 Merge pull request #1004 from asger-semmle/suffix-check-bug 
JS: Recognize '+' in suffix check
 2019-02-28 14:23:26 +00:00
Jonas Jensen
40f3fecb00 C++: Simplify stubs in DataFlowDispatch.qll 
Some of these stubs were quite slow to evaluate. It's possible they
could be optimised, but it seems pointless as long as we don't have
call-context-sensitive virtual dispatch in the C++ library.
 2019-02-28 14:38:29 +01:00
Mark Shannon
1444b3976c Python: Add wsgi.environment as a kind of taint, and add suuport for env attribute of falcon request objects. 2019-02-28 13:06:11 +00:00