hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-27 13:23:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,688 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
calum
abe5d0dd72 C#: Fixes to stub generation. 2018-09-21 13:06:33 +01:00
Asger F
6f109a742f JS: add a test case for res.sendfile 2018-09-21 11:04:33 +01:00
Geoffrey White
84f9900c8c CPP: Exclude placement new. 2018-09-21 10:53:42 +01:00
Geoffrey White
c7aa5c169b CPP: Add a test of placement new for AV Rule 79.ql. 2018-09-21 10:47:00 +01:00
Jonas Jensen
e2a17e9740 Merge remote-tracking branch 'upstream/rc/1.18' into mergeback-20180921_104253 2018-09-21 10:45:54 +02:00
Esben Sparre Andreasen
8a950a587d Merge pull request #208 from aeyerstaylor/fix-qltest-change 
JavaScript: Fix expected output due to qltest change.
 2018-09-21 08:08:50 +02:00
Raul Garcia
5ccc1a32aa Merge branch 'master' into master 2018-09-20 16:30:48 -07:00
Raul Garcia
48c99fb1d1 Setting a SECURITY_DESCRIPTOR’s DACL to NULL 
Closing the gap between Semmle & PreFAST
This rule is equivalent to C6248
 2018-09-20 16:28:37 -07:00
Raul Garcia
64b8a5ba01 Merge branch 'master' into users/raulga/HESULT 2018-09-20 16:20:26 -07:00
Raul Garcia
b0ec929aad Cast between semantically different integer types: HRESULT to/from a Boolean type. 
Closing the gap between Semmle and PreFast.
Covers C6214, C6215, C6216, C6217, C6230
 2018-09-20 16:16:32 -07:00
Robert Marsh
e2d24a2743 C++: fix comment 2018-09-20 13:07:36 -07:00
Robert Marsh
9011e1381b C++: handle conversions in IR to AST translation 2018-09-20 12:56:43 -07:00
Robert Marsh
cc97cf9297 C++: add isReachableFromFunctionEntry 2018-09-20 10:06:19 -07:00
Robert Marsh
4c94144089 C++: remove abstract classes in IR 2018-09-20 10:06:18 -07:00
Robert Marsh
755e21d355 C++: improve conversion handling in IRGuards.qll 2018-09-20 10:06:18 -07:00
Robert Marsh
e40ce91e7e C++: document new IR class and predicates 2018-09-20 10:06:18 -07:00
Robert Marsh
d6cea1b203 C++: Add class and predicates to other IR stages 2018-09-20 10:06:17 -07:00
Robert Marsh
b5cd48d819 C++: comments on new classes and predicates 2018-09-20 10:06:17 -07:00
Robert Marsh
0273b20743 C++: make internal classes private 2018-09-20 10:06:17 -07:00
Robert Marsh
ad8f30d2f7 C++: accept test output and add IR guards tests 2018-09-20 10:06:17 -07:00
Robert Marsh
d7e630b3c6 C++: Add IR-based port of Guards library 
For ease of reviewing, I've checked in the .expected files from the
AST-based guards library. The next commit accepts output for these tests
and adds tests that use getAST rather than the translation layer.
 2018-09-20 10:06:16 -07:00
Robert Marsh
4e1a37cd6e C++: add isStrict to RelationalInstruction 2018-09-20 10:06:16 -07:00
Robert Marsh
27a83e65b2 C++: add RelationalOpcode and RelationalInstruction 2018-09-20 10:06:16 -07:00
Robert Marsh
69962bd06c Merge pull request #203 from dave-bartolomeo/dave/GVN 
C++: Initial attempt at IR-based value numbering
 2018-09-20 10:00:45 -07:00
Dave Bartolomeo
5a25602c28 C++: Move GVN out of "internal" directory 2018-09-20 08:21:15 -07:00
Dave Bartolomeo
27cee9bd80 C++: Handle inheritance conversions in IR GVN 2018-09-20 08:00:38 -07:00
alexet
b94df82833 JavaScript: Fix expected output due to qltest change. 2018-09-20 15:56:20 +01:00
calum
593f0a9d71 C#: Implement query and script for generating C# qltest stubs. 2018-09-20 15:01:26 +01:00
semmle-qlci
f146e34e26 Merge pull request #207 from dave-bartolomeo/dave/JSNewlines 
Approved by esben-semmle
 2018-09-20 14:49:54 +01:00
Anders Schack-Mulligen
4d46385c51 Merge pull request #206 from yh-semmle/java/codeowners 
Java: add Semmle/java team to `CODEOWNERS`
 2018-09-20 09:24:14 +02:00
Dave Bartolomeo
e06969ddb4 JavaScript: Normalize .mjs files to LF 2018-09-19 21:33:39 -07:00
Dave Bartolomeo
524c67c3fb JavaScript: Normalize .ts line endings to LF 2018-09-19 21:33:35 -07:00
Dave Bartolomeo
2b9f42b308 JavaScript: Force LF for .json and .yml 2018-09-19 21:33:32 -07:00
Dave Bartolomeo
b12c739915 JavaScript: Normalize line endings of .js and .html files 
Added .gitattributes files for the two directories where we intentionally have line endings other than LF
 2018-09-19 21:33:27 -07:00
Dave Bartolomeo
bd156757d3 C++: Remove accidental add of IR.md 2018-09-19 14:26:17 -07:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
semmle-qlci
2f4aa647be Merge pull request #200 from esben-semmle/js/post-polish-167 
Approved by asger-semmle
 2018-09-19 21:43:17 +01:00
ian-semmle
ebc924a6f9 Merge pull request #204 from nickrolfe/std_layout 
C++: add Class::isStandardLayout()
 2018-09-19 17:32:19 +01:00
yh-semmle
7d69c84453 Java: tweak some query metadata 
The severity of four queries is reduced to `warning`.
 2018-09-19 11:04:21 -04:00
Asger F
1d793c0a7b JavaScript: fix expected output 2018-09-19 14:33:23 +01:00
Esben Sparre Andreasen
2cedc81774 JS: polish js/enabling-electron-renderer-node-integration meta info 2018-09-19 13:45:42 +02:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
ian-semmle
4b0ab602e7 Merge pull request #202 from jbj/resolveClass-conservative 
C++: more conservative resolveClass
 2018-09-19 11:35:45 +01:00
Nick Rolfe
017e3a390f C++: stats for is_standard_layout_class 2018-09-19 10:26:11 +01:00
Nick Rolfe
f1358b7c02 C++: test for Class::isStandardLayout() 2018-09-19 10:26:11 +01:00
Nick Rolfe
e5b9dca312 C++: add Class::isStandardLayout() 2018-09-19 10:26:11 +01:00
Dave Bartolomeo
43f0289f0f C++: Remove Phi instructions from previous IR generations 
It turns out that when building aliased SSA IR, we were still keeping around the Phi instructions from unaliased SSA IR. These leftover instructions didn't show up in dumps because they were not assigned to a block. However, when dumping additional instruction properties, they would show up as a top-level node in the dump, without a label.
 2018-09-18 11:28:09 -07:00
Jonas Jensen
86fe0ce42e Merge pull request #107 from rdmarsh2/rdmarsh/cpp/HashCons 
C++: HashCons library
 2018-09-18 11:45:26 +02:00
Jonas Jensen
dca93f58cc Merge pull request #196 from pavgust/fix/param-effective-decl-entry 
Parameter.qll: Tweak how effective declaration entries are computed
 2018-09-18 09:37:23 +02:00