hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 13:23:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,688 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
1c2807e5e7 Java: Add missing private annotations. 2018-10-04 17:33:10 +02:00
Kevin Backhouse
6df9bc855a Workaround for getFullyConverted returning multiple results. 2018-10-04 15:40:18 +01:00
Pavel Avgustinov
6d77a791ac UseInOwnInitialiser: Refactor logic slightly. 
By pulling out the class `VariableAccessInInitialiser`, we can
avoid some redundant work on pathological databases, improving
performance.
 2018-10-04 14:25:59 +01:00
semmle-qlci
262cb998fc Merge pull request #278 from hvitved/csharp/metrics-queries-xml 
Approved by pavgust
 2018-10-04 14:10:40 +01:00
semmle-qlci
98254e87e1 Merge pull request #132 from denislevin/denisl/js/HttpToFileAccessTest 
Approved by xiemaisi
 2018-10-04 14:06:46 +01:00
semmle-qlci
30412caa16 Merge pull request #276 from jbj/PointlessComparison-templates 
Approved by kevinbackhouse
 2018-10-04 12:34:52 +01:00
Asger F
8bc92bd534 TS: test case for type expansion through type parameter bound 2018-10-04 12:05:05 +01:00
Asger F
c2a5f99d9c JS: include referer header as reflected XSS source 2018-10-04 10:53:10 +01:00
Asger F
dc26bdc5e7 JS: Move isThirdPartyControllable into RequestInputAccess 2018-10-04 10:36:49 +01:00
Tom Hvitved
4ca10986cb C#: Remove queries.xml from the Metrics folder 2018-10-04 11:13:01 +02:00
Tom Hvitved
19215d0868 C#: Improve performance of type conversion library 2018-10-04 11:00:33 +02:00
Nick Rolfe
ae9b492b33 Merge pull request #277 from jbj/missing-return-high 
C++: Make cpp/missing-return visible on LGTM again
 2018-10-04 09:45:34 +01:00
semmle-qlci
bea86e52fb Merge pull request #275 from xiemaisi/js/workaround-for-nested-imports 
Approved by asger-semmle
 2018-10-04 08:25:52 +01:00
Raul Garcia
3873cbdde0 Chnaging the @name & @description. 2018-10-03 15:32:34 -07:00
Max Schaefer
335adee69c JavaScript: Add change note. 2018-10-03 16:03:12 +01:00
Max Schaefer
e326dd4688 JavaScript: Add TaintKind as an alias to FlowLabel. 2018-10-03 15:54:58 +01:00
Max Schaefer
86ee58d019 JavaScript: Address review comments. 2018-10-03 15:49:02 +01:00
Max Schaefer
a8a8754c89 JavaScript: Restrict default sink flow labels to StandardFlowLabel. 2018-10-03 15:49:02 +01:00
Max Schaefer
5727b2a5f4 JavaScript: Properly handle value-preserving paths. 
When constructing a path through a property write/read pair, we want to make sure that we only use value-preserving steps to track the base object. However, the value flowing in from the right-hand side of the assignment may have a different flow label (such as `taint()`), so we cannot use the normal `append` predicate to construct the composite path.
 2018-10-03 15:49:02 +01:00
Max Schaefer
910d6de47d JavaScript: Add new tests. 2018-10-03 15:49:02 +01:00
Max Schaefer
3affe922e3 JavaScript: Make PathSummary.toString more useful. 2018-10-03 15:49:02 +01:00
Max Schaefer
dad13c9b64 JavaScript: Simplify onPath predicate. 2018-10-03 15:49:02 +01:00
Max Schaefer
8d471f01ef JavaScript: Simplify a few helper predicates. 2018-10-03 15:49:02 +01:00
Max Schaefer
017ae4990d JavaScript: Use custom flow labels in ClientSideUrlRedirect. 2018-10-03 15:49:02 +01:00
Max Schaefer
f4ea8bc82a JavaScript: Introduce flow labels. 2018-10-03 15:49:02 +01:00
Max Schaefer
4e4ef520ab JavaScript: Rename a predicate in CommandInjection.qll. 2018-10-03 15:49:02 +01:00
Max Schaefer
f3239cbec9 JavaScript: Respect barriers on return edges. 2018-10-03 15:49:01 +01:00
Max Schaefer
cc1c7b11d6 Merge pull request #263 from asger-semmle/ts-tokens 
TypeScript: add tokenization test cases
 2018-10-03 15:38:58 +01:00
Jonas Jensen
9c0ba51873 C++: Make cpp/missing-return visible on LGTM again 2018-10-03 15:02:15 +02:00
Jonas Jensen
364c9a6961 C++: Suppress pointless compare in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-03 14:48:11 +02:00
Jonas Jensen
2eea359f79 C++: Test for PointlessComparison with templates 2018-10-03 14:47:00 +02:00
Max Schaefer
220fcb59bd JavaScript: Add change note. 2018-10-03 13:08:31 +01:00
Max Schaefer
8b7bb8cecc JavaScript: Add test case for type inference in the presence of non-toplevel imports. 2018-10-03 13:08:31 +01:00
Max Schaefer
db32dc2bdf JavaScript: Generalise code that assumes imports only appear at the toplevel. 2018-10-03 13:08:31 +01:00
Max Schaefer
f05e777e64 JavaScript: Patch CFG to improve support for non-top level import declarations. 2018-10-03 13:08:31 +01:00
Luke Cartey
d34eef82b3 C#: Remove the 'security' tag from some queries 
These queries are only tenuously security queries, and marking them as
security queries can cause them to have greater prominence than is
merited by the results that they report.
 2018-10-03 11:48:27 +01:00
Luke Cartey
1a90f7df2c C#: ZipSlip - Address review comments. 
- Add backticks
 - Add extra test.
 2018-10-03 11:38:48 +01:00
Asger F
271b2f3ce3 JS: add RemoteFlowSource.isThirdPartyControllable() 
Use it in ReflectedXSS and ServerSideURrlRedirect
 2018-10-03 10:09:02 +01:00
semmle-qlci
604ff232e2 Merge pull request #267 from xiemaisi/js/fix-deprecated-use 
Approved by asger-semmle
 2018-10-03 09:12:02 +01:00
semmle-qlci
e9adc63d91 Merge pull request #260 from xiemaisi/js/confusing-precedence 
Approved by esben-semmle, mc-semmle
 2018-10-03 09:07:18 +01:00
Jonas Jensen
4ad4b19911 Merge pull request #189 from geoffw0/wrongtypedef 
CPP: Permit more typedefs in WrongTypeFormatArguments.ql
 2018-10-03 09:40:06 +02:00
Max Schaefer
09aa04bf00 Merge pull request #268 from sjvs/fix-javascript-example 
JavaScript: fix two examples based on LGTM.com alerts
 2018-10-03 08:16:19 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
Robert Marsh
7c2bcf6fa6 C++/Doc: change note for PR #269 2018-10-02 14:25:08 -07:00
Robert Marsh
d44761eaca Merge pull request #269 from tosmolka/tosmolka/cpp/suspicious-call-to-memset 
C++: support Decltype in suspicious-call-to-memset
 2018-10-02 14:21:06 -07:00
Raul Garcia
492b511cdf Merge operation 2018-10-02 11:27:39 -07:00
Raul Garcia
230724c085 Updates based on feedback 2018-10-02 11:17:23 -07:00
Max Schaefer
425d2bfba7 Merge pull request #266 from esben-semmle/js/improve-dead-store-of-local 
JS: support noop parentheses in js/useless-assignment-to-local
 2018-10-02 16:19:56 +01:00
Tobias Smolka
51dcdeff59 C++: support Decltype in suspicious-call-to-memset 2018-10-02 16:47:04 +02:00
Bas van Schaik
c4eb6f0056 fix JS example based on LGTM.com alerts 
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js (x95b0280fcab9007a):1
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXss.js (xaef03a63aa3e02e4):1
 2018-10-02 14:47:52 +01:00