codeql

mirror of https://github.com/github/codeql.git synced 2026-01-27 21:33:03 +01:00

Author	SHA1	Message	Date
Joe Farebrother	c152a27a68	Reword docs	2022-08-17 10:35:14 +01:00
Joe Farebrother	4d0957711b	Reduce FPs from empty arrays	2022-08-17 10:35:14 +01:00
Joe Farebrother	c0a1300955	Improve initializedWthConstants to no longer need a workaround	2022-08-17 10:35:13 +01:00
Joe Farebrother	f8f21c7ee6	Move static init vector query and tests from experimental to main	2022-08-17 10:35:13 +01:00
Tom Hvitved	44e1ecdf94	Merge pull request #10060 from hvitved/ruby/pos-args-missing-flow-tests Ruby: Add tests that demonstrate missing flow through positional arguments	2022-08-17 10:45:25 +02:00
Tony Torralba	1d12bd1521	Share SpringUrlRedirect library	2022-08-17 10:43:43 +02:00
Paolo Tranquilli	979706903a	Merge pull request #10070 from github/redsun82/swift-self-apply-tests Swift: add more `SelfApplyExpr` testing	2022-08-17 09:34:20 +02:00
Harry Maclean	1f4dad4167	Update for rename of ReDoSUtil to NfaUtils	2022-08-17 16:03:49 +12:00
Harry Maclean	f1a546c4d6	Rename IncompleteMultiCharacterSanitization[Query]	2022-08-17 16:03:49 +12:00
Harry Maclean	e48158b9ad	JS: Share more code with Ruby	2022-08-17 16:03:49 +12:00
Harry Maclean	f2384a6a8f	Ruby: Share more code with JS	2022-08-17 16:03:49 +12:00
Harry Maclean	025e34d8e1	Ruby: Simplify imports	2022-08-17 16:03:48 +12:00
Harry Maclean	ab6287aebd	Ruby: Fix import	2022-08-17 16:03:48 +12:00
Harry Maclean	b7d9bf4066	Share IncompleteMultiCharacterSanitization JS/Ruby Most of the classes and predicates in this query can be shared between the two languages. There's just a few language-specific things that we place in IncompleteMultiCharacterSanitizationSpecific.	2022-08-17 16:03:46 +12:00
Harry Maclean	3179c60a1e	Ruby: Remove RegExpLiteral.getAMatch This predicate is a duplicate of getAMatchedString, which matches the naming in the JS version.	2022-08-17 16:02:48 +12:00
Harry Maclean	6bb24f9d7c	Ruby: matchesEmptyString -> isNullable Rename RegExpLiteral.matchesEmptyString to isNullable, to match the JS version.	2022-08-17 16:02:48 +12:00
Harry Maclean	3fba4a5fa7	Ruby: Add change note for new query	2022-08-17 16:02:48 +12:00
Harry Maclean	c234bd94d1	Ruby: IncompleteMultiCharacterSanitization Query This query is similar to IncompleteSanitization but for multi-character sequences.	2022-08-17 16:02:48 +12:00
Harry Maclean	6e289a9db3	Ruby: Improvements to StringSubstitutionCall - Handle block arguments - Recognise patterns passed via constants	2022-08-17 16:02:48 +12:00
Harry Maclean	17dfb4e7b8	Ruby: Add RegExpTerm.getAMatch	2022-08-17 16:02:48 +12:00
Harry Maclean	c9fc43a4ba	Ruby: Add matchesEmptyString to RegExpTerm	2022-08-17 16:02:47 +12:00
intrigus-lgtm	45f708bb58	Fix typo.	2022-08-17 00:00:32 +02:00
intrigus	dabccd8686	Add query for tainted `wordexp` calls.	2022-08-16 23:56:50 +02:00
Robert Marsh	56eacce320	C++: restrict to end-of-allocation pointers	2022-08-16 17:52:06 -04:00
Robert Marsh	93de8e2308	C++: fix missing bounds in exp range analysis	2022-08-16 17:44:51 -04:00
Robert Marsh	c306ba4d77	C++: one more PR comment	2022-08-16 17:44:50 -04:00
Robert Marsh	66ce9158a3	C++: respond to easy comments on ProducFlow.qll	2022-08-16 17:44:48 -04:00
Robert Marsh	0ebd7d0de5	C++: respond to PR comments	2022-08-16 17:44:47 -04:00
Robert Marsh	e4d0e7431c	C++: some experimental product flow queries	2022-08-16 17:44:46 -04:00
Robert Marsh	d0f4c2f823	C++: product flow prototype	2022-08-16 17:44:45 -04:00
erik-krogh	478e0bf5a3	delete old code that only existed to support a deleted deprecated feature	2022-08-16 23:35:48 +02:00
erik-krogh	04173b7e93	fix test that was using old code	2022-08-16 23:35:29 +02:00
erik-krogh	2c71c46282	drive-by fix a QL-for-QL warning that showed up in code-scanning	2022-08-16 22:43:10 +02:00
erik-krogh	e69f4cd1b3	delete another dead file (thanks to the dead-code query)	2022-08-16 22:42:48 +02:00
erik-krogh	42049b1c0e	delete dead code (thanks QL-for-QL)	2022-08-16 22:35:42 +02:00
erik-krogh	507e0aa164	delete import to deprecated file	2022-08-16 22:35:03 +02:00
erik-krogh	1568763eec	delete two dead predicates	2022-08-16 22:34:55 +02:00
erik-krogh	4b7f63a0f3	sync SensitiveDataHeuristics.qll to the other languages	2022-08-16 22:31:26 +02:00
erik-krogh	514f98cd44	delete entire file that was deprecated	2022-08-16 22:29:52 +02:00
erik-krogh	5586c9a17e	delete old deprecations	2022-08-16 22:27:15 +02:00
Ian Lynagh	7406915616	Kotlin: Remove some dead code	2022-08-16 17:47:12 +01:00
Ian Lynagh	7b33aebe1f	Kotlin: Refactor TypeResults We statically know when we expect to have no signature, so now we tell the type system what we know, rather than having signature always be nullable.	2022-08-16 17:42:47 +01:00
Robert Marsh	9e0c82eabb	Merge pull request #10039 from rdmarsh2/rdmarsh2/cpp/sem-range-analysis-perf C++: Fix missing bounds and performance issues in semantic range analysis	2022-08-16 12:27:02 -04:00
Paolo Tranquilli	9232b282d8	Merge pull request #9891 from github/redsun82/swift-first-prototype-of-generated-ipa-layer Swift: first prototype of a generated IPA layer	2022-08-16 18:08:03 +02:00
Jeroen Ketema	8fb57149fb	Merge pull request #10069 from jketema/ir-present C++: Expose `PresentIRFunction` and override in `cpp/count-ir-inconsistencies`	2022-08-16 17:59:26 +02:00
Paolo Tranquilli	f17fed7c9a	Swift: add more `SelfApplyExpr` testing	2022-08-16 17:46:22 +02:00
Robert Marsh	818bdcf3ab	C++: autoformat a test	2022-08-16 11:31:28 -04:00
Paolo Tranquilli	9cd2ae2fd1	Swift: rename `Synth` conversion functions	2022-08-16 16:54:33 +02:00
Jeroen Ketema	31aa6692cb	Sync files	2022-08-16 16:38:37 +02:00
Jeroen Ketema	243dda79d2	C++: Expose `PresentIRFunction` and override in `cpp/count-ir-inconsistencies` The `toString` implementtion that `PresentIRFunction` uses may result in very long strings that may crash the evaluator. Overriding allows is to limit the string size and still suffices when just counting the number of inconsistencies.	2022-08-16 16:30:38 +02:00

... 131 132 133 134 135 ...

48840 Commits