hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 159 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
44939263e4 JS: update TRAP files 2019-02-06 09:12:16 +00:00
Asger F
c52ed9152f JS: handle .mjs files correctly 2019-02-06 09:12:10 +00:00
Esben Sparre Andreasen
fb19032038 JS: change notes for Vue support 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
f15af70c02 JS: use HTML::ScriptElement::getScript in Vue 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
5e2b1c026a JS: introduce HTML::ScriptElement::getScript() 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a78dd422b6 JS: add query js/vue/arrow-method-on-vue-instance 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
ea175b2a9f JS: introduce Vue XSS sinks 2019-02-06 09:38:00 +01:00
Esben Sparre Andreasen
a6cfee5f26 JS: prevent inlining of three auxiliary Vue methods 2019-02-06 09:37:23 +01:00
Esben Sparre Andreasen
ddf9ca2505 JS: introduce base Vue model 2019-02-06 09:37:23 +01:00
Geoffrey White
2321ae911e CPP: Fix the test by adding PotentiallyDangerousFunction. 2019-02-05 17:58:30 +00:00
Geoffrey White
018450500d CPP: Fix closing tag. 2019-02-05 17:58:30 +00:00
Geoffrey White
c05df6ea4c CPP: Add reference. 2019-02-05 17:58:30 +00:00
Geoffrey White
f73a3a6a24 CPP: Explain the danger of gets a bit more in qhelp. 2019-02-05 17:58:30 +00:00
Geoffrey White
0541950c44 CPP: Clean up PotentialBufferOverflow.ql a bit. 2019-02-05 17:58:30 +00:00
Geoffrey White
2a708d3243 CPP: Change note. 2019-02-05 17:58:30 +00:00
Geoffrey White
c32e1b8000 CPP: Change the @name of PotentialBufferOverflow.ql to be in line with everything else. 2019-02-05 17:58:30 +00:00
Geoffrey White
f7e7737789 CPP: Update qhelp. 2019-02-05 17:58:30 +00:00
Geoffrey White
87a25f0cbe CPP: Update CWE tags. 2019-02-05 17:58:30 +00:00
Geoffrey White
429f53ed74 CPP: Move the 'gets' case. 2019-02-05 17:58:30 +00:00
Geoffrey White
a82832e779 CPP: Add a test that uses 'gets'. 2019-02-05 17:58:30 +00:00
Geoffrey White
bbc8e7886b CPP: Rearrange PotentiallyDangerousFunction.ql. 2019-02-05 17:58:30 +00:00
Asger F
ddd72190cb JS: change note 2019-02-05 16:59:29 +00:00
Asger F
46b996a936 JS: autoformat ¯\_(ツ)_/¯ 2019-02-05 16:52:06 +00:00
Asger F
8924aa3ee0 JS: add test case 2019-02-05 16:51:21 +00:00
Asger F
cad5a064cd JS: recognize a-sync-waterfall package 2019-02-05 16:38:47 +00:00
semmle-qlci
4b81ffab96 Merge pull request #869 from hvitved/csharp/autoformat 
Approved by calumgrant
 2019-02-05 16:35:10 +00:00
Tom Hvitved
37c55750f7 Merge pull request #873 from calumgrant/cs/format-getresource-strings 
C#: Fix FP in cs/format-argument-unused
 2019-02-05 17:12:04 +01:00
Taus Brock-Nannestad
b550da2b45 Improve change note. 2019-02-05 16:01:45 +01:00
yh-semmle
3e8f7a740c Merge pull request #838 from aschackmull/java/taint-collections 
Java: Add additional taint steps through collections.
 2019-02-05 09:59:24 -05:00
Esben Sparre Andreasen
b72441f9c2 JS: use StringOps:: in js/incomplete-url-substring-sanitization 2019-02-05 15:17:55 +01:00
Tom Hvitved
23b9b1eb72 C#: Cache Splits::toString() 2019-02-05 15:01:25 +01:00
Anders Schack-Mulligen
fe7add77d2 Java: Account for the repo move in NonSecurityTestClass. 2019-02-05 14:31:40 +01:00
Tom Hvitved
8c7c582e07 C#: Move successor types into own file 2019-02-05 14:27:09 +01:00
Tom Hvitved
0992e01f91 C#: Move Splitting and Reachability modules into own file 2019-02-05 14:27:09 +01:00
Tom Hvitved
3503e9b57e C#: Move PreSsa module into own file 2019-02-05 14:27:09 +01:00
alexet
59a5bec769 CPP: Use more field overriding 2019-02-05 13:07:41 +00:00
Tom Hvitved
5306d1ea0d C#: Move PreBasicBlocks module into own file 2019-02-05 13:41:50 +01:00
Asger F
51360d8772 JS: add Parameter.getJSDocTag 2019-02-05 11:35:16 +00:00
Tom Hvitved
83fb32828f C#: Move NonReturning module into own file 2019-02-05 11:50:03 +01:00
Tom Hvitved
64539b0263 C#: Move Completion.qll 2019-02-05 11:45:33 +01:00
Tom Hvitved
0211837e24 C#: Remove getUrl() predicate 2019-02-05 11:07:13 +01:00
Jonas Jensen
cad4bac548 C++: Concretize ConstantAnalysis NegateInstruction 
This is just to make the QL shorter. It generates the same DIL.
 2019-02-05 11:05:47 +01:00
Jonas Jensen
be35c674a7 C++: Factor out getConstantValueToPhi 
This speeds up `getConstantValue`, the main predicate in
`ConstantAnalysis`, from 2.4s to 1.6s on comdb2.
 2019-02-05 11:05:47 +01:00
Jonas Jensen
283bb2f6d0 C++: Factor out ConstantAnalysis BinaryInstruction 
This speeds up comdb2 constant analysis from 6.5s to 4.5s.
 2019-02-05 11:05:47 +01:00
Jonas Jensen
d66578eaa8 C++: Add IntegerPartial, use in ConstantAnalysis 
This adds `IntegerPartial.qll`, which is similar to
`IntegerConstant.qll` except that it contains partial functions on
integers instead of total functions on optional integers. This speeds up
the constant analysis so it takes 6.5s instead of 10.3s on comdb2.
 2019-02-05 11:05:47 +01:00
Tom Hvitved
d829d98165 Merge branch 'master' into csharp/autoformat 2019-02-05 10:37:42 +01:00
semmle-qlci
06ae0c421a Merge pull request #864 from jbj/ir-TIRVariable-shared 
Approved by dave-bartolomeo
 2019-02-05 07:55:28 +00:00
Dave Bartolomeo
dc209246aa Merge pull request #866 from jbj/ir-TInstruction-normalize 
C++: Normalize TInstruction
 2019-02-04 12:14:45 -08:00
semmle-qlci
f47a77b442 Merge pull request #875 from hvitved/csharp/accessor-call-revert 
Approved by calumgrant
 2019-02-04 19:27:38 +00:00
Dave Bartolomeo
aadd5cf202 Merge pull request #863 from jbj/ir-variableLiveOnEntryToBlock-rhs 
C++: Speed up variableLiveOnEntryToBlock in IR
 2019-02-04 10:47:29 -08:00