codeql

mirror of https://github.com/github/codeql.git synced 2026-03-25 09:01:47 +01:00

Author	SHA1	Message	Date
Tom Hvitved	795c5784b0	C#: Precise data flow for collections	2020-06-26 13:40:05 +02:00
Dave Bartolomeo	11c702331a	Merge pull request #3795 from rdmarsh2/rdmarsh/cpp/add-qldoc-3 C++: QLDoc for PrintAST and AST-based range analysis	2020-06-26 07:38:10 -04:00
Rasmus Wriedt Larsen	3f0975f5a1	Merge pull request #3770 from tausbn/python-add-a-bunch-of-documentation Python: Add a bunch of documentation.	2020-06-26 13:30:45 +02:00
Jonas Jensen	c1b26d71c3	C++: getCanonicalQLClass -> getAPrimaryQlClass Also updated the QLDoc for `getAPrimaryQlClass` to match the Go version.	2020-06-26 13:20:36 +02:00
Rasmus Lerchedahl Petersen	64af5f585c	Python: Update status description	2020-06-26 13:18:07 +02:00
Rasmus Lerchedahl Petersen	f84adb3c26	Python: stub for `clearsContent` also remove all `CastNode`s (seems to help)	2020-06-26 13:09:35 +02:00
Taus	e5d23b2082	Merge pull request #3801 from RasmusWL/python-3521-revived Python: Add support for detecting XSLT Injection (#3521 revived)	2020-06-26 13:05:28 +02:00
Max Schaefer	640c194c92	JavaScript: Model `util.deprecate` as a pre call-graph step.	2020-06-26 11:47:19 +01:00
Max Schaefer	712a216461	Add self-verifying type-tracking tests.	2020-06-26 11:47:19 +01:00
Max Schaefer	57f8b08568	Update expected test output. The tests for `UnsafeTLS` now work as expected.	2020-06-26 11:30:26 +01:00
Rasmus Lerchedahl Petersen	248717473e	Python: quick status added to `readme.md`	2020-06-26 12:25:17 +02:00
Max Schaefer	66ec160f64	Add change note.	2020-06-26 11:20:45 +01:00
Max Schaefer	258a276242	Propagate taint through range loops.	2020-06-26 11:20:45 +01:00
Max Schaefer	ce3007395f	Rename `arrayStep` to `elementStep`, which is more accurate.	2020-06-26 11:20:45 +01:00
Rasmus Wriedt Larsen	b164f2695d	Python: One more minor doc fix from review	2020-06-26 12:08:12 +02:00
Rasmus Wriedt Larsen	08384e30af	Python: Minor doc fixes from review	2020-06-26 12:06:31 +02:00
Rasmus Lerchedahl Petersen	6e5f71bf43	Python: sync dataflow files	2020-06-26 12:02:14 +02:00
Rasmus Lerchedahl Petersen	e147e59652	Merge branch 'master' of github.com:github/codeql into SharedDataflow To sync files	2020-06-26 12:01:01 +02:00
Rasmus Lerchedahl Petersen	43f85ef265	Python: typo	2020-06-26 12:00:24 +02:00
Tom Hvitved	6efbd5f9d1	C#: Add data-flow test for `List.Clear()`	2020-06-26 11:44:08 +02:00
Jonas Jensen	9d8052a434	Merge pull request #3813 from MathiasVP/is-argument-for-parameter-join-order C++: Improve join order for AliasAnalysis::isArgumentForParameter	2020-06-26 11:34:33 +02:00
Calum Grant	8725e09053	Merge pull request #3798 from hvitved/csharp/dataflow/async-tests C#: Move async data-flow tests from local to global	2020-06-26 10:14:28 +01:00
semmle-qlci	f81fc77e9e	Merge pull request #3782 from erik-krogh/promiseSteps Approved by asgerf	2020-06-26 10:11:10 +01:00
Mathias Vorreiter Pedersen	63752dddef	C++/C#: Sync identical files	2020-06-26 09:08:44 +02:00
Mathias Vorreiter Pedersen	3af679e83d	C++: Put unique around getEnclosingFunction, and specialize function argument, to improve join order.	2020-06-26 09:08:35 +02:00
semmle-qlci	92cc59b47b	Merge pull request #3800 from esbena/js/npmlog Approved by erik-krogh	2020-06-26 07:54:08 +01:00
Max Schaefer	ba82a76948	Merge pull request #229 from max-schaefer/getAPrimaryQlClass Rename `describeQlClass` to `getAPrimaryQlClass`.	2020-06-26 07:51:04 +01:00
Max Schaefer	9904b9e926	Allow flow through more `URL` fields.	2020-06-26 07:50:08 +01:00
Max Schaefer	3bf934d64b	Add change note.	2020-06-25 22:23:49 +01:00
Dave Bartolomeo	7e3f2dbe4c	C++: Improve QLDoc for `getElementSize()`	2020-06-25 17:04:32 -04:00
Erik Krogh Kristensen	7cb6516bc4	make internal predicates within `DominatingPaths` smaller.	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	1ec2c549d2	autoformat	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	8b3ca73c1c	autoformat	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	081b03c8f4	add tests that access-path domination can happen within a statement	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	47d52870f2	Use a ControlFlowNode based API to determine domination	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	926f2c139f	require that a write must dominate the enclosing stmt of a read	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	55565a51df	don't use getEnclosingStmt	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	34d6a4dcf8	use Rhs of a prop-write Co-authored-by: Asger F <asgerf@github.com>	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	cc2e61531e	update expected output	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	f7c42ca1b5	autoformat	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	252f805db4	performance improvement	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	21e5a522b0	give the same rank to all expressions inside a single stmt	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	e467d3ccbf	use dominating write check in js/path-injection	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	6bc821b1ab	add tests for dominating writes	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	2b2d691e45	don't treated a property from a tainted object as tainted when there exists a dominating write	2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen	5e4acfbe19	implement predicate for finding dominating writes to an access-path	2020-06-25 23:00:52 +02:00
Owen Mansel-Chan	82361ce060	Fix modelling of Params part 2	2020-06-25 21:55:10 +01:00
Owen Mansel-Chan	cf47159a30	Change how Param and Params are modeled Previously any read of type Param or Params was a source. Now reading Context.Params is a source. This should reduce the number of duplicate paths.	2020-06-25 21:55:10 +01:00
Owen Mansel-Chan	9fd892ab94	Fix context bind sources Using FunctionOutput was recommended in the first PR but not implemented.	2020-06-25 21:55:00 +01:00
luchua-bc	65e76ab18f	Add remote source of Android intent extra	2020-06-25 20:20:18 +00:00

... 678 679 680 681 682 ...

48840 Commits