hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 01:38:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,721 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
8a0af0bcac Merge pull request #3465 from MathiasVP/remove-abstract-from-access-and-cast 
C++: Remove abstract keyword from `Access` and `Cast` classes
 2020-05-15 12:25:34 +02:00
Max Schaefer
9c7e46386f Simplify logic in AllocationSizeOverflow query. 2020-05-15 11:20:11 +01:00
Max Schaefer
d300ec6324 Refine Method.implements so that interface methods only implement themselves. 
Without this restriction, the two `m`s in the following example are considered to implement each other, even though they aren't logically related:

```go
type I interface {
  m()
}

type J interface {
  m()
}

type K struct {
  I
  J
}
```

Previously, interface methods would sometimes implement themselves and sometimes not (see changes to test output for examples).
 2020-05-15 11:09:17 +01:00
Erik Krogh Kristensen
3138918f1d add test for promise inside Promise.all 2020-05-15 11:49:29 +02:00
Mathias Vorreiter Pedersen
866b1361ec C++: Accept tests 2020-05-15 11:12:47 +02:00
Mathias Vorreiter Pedersen
e70f22c753 C++: Model getdelim and friends 2020-05-15 11:05:57 +02:00
Mathias Vorreiter Pedersen
90d473d886 C++: Demonstrate lack of taint through getdelim 2020-05-15 11:01:27 +02:00
Asger Feldthaus
d84f1b47c2 JS: Refactor RequestInputAccess to use source nodes 2020-05-15 09:59:28 +01:00
Asger Feldthaus
da974f1527 JS: Add test with dynamic access to req.query 2020-05-15 09:59:28 +01:00
Asger Feldthaus
659e2ff709 JS: Tweak evaluation of route handler params 2020-05-15 09:59:27 +01:00
Asger F
b9995b784d Update javascript/ql/src/semmle/javascript/frameworks/ConnectExpressShared.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-15 09:59:27 +01:00
Asger Feldthaus
a982cdc39c JS: Autoformat 2020-05-15 09:59:27 +01:00
Asger Feldthaus
bfbe70a7a9 JS: Fixes 2020-05-15 09:59:27 +01:00
Asger Feldthaus
82d3a7eb23 JS: Go back to disjunction 😭 2020-05-15 09:59:27 +01:00
Asger Feldthaus
c45d84f8f3 JS: Update getRouteHandlerParameter and router tracking 2020-05-15 09:59:27 +01:00
Asger Feldthaus
9cacfab7c6 JS: Recognize Express param value callback as RemoteFlowSource 2020-05-15 09:59:26 +01:00
Geoffrey White
48f3db3fbe Merge branch 'master' into fp2762 2020-05-15 09:55:30 +01:00
Erik Krogh Kristensen
6d79bab7e4 rename Fs to FS 2020-05-15 10:54:08 +02:00
Erik Krogh Kristensen
dd3342ba6f restrict the number of stored array elements 2020-05-15 10:01:27 +02:00
Erik Krogh Kristensen
4eb96848a6 add change note for bluebird and "Promise" 2020-05-15 09:58:33 +02:00
Erik Krogh Kristensen
cb96ee8def remove redundant instanceof check 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-15 09:58:18 +02:00
Erik Krogh Kristensen
7df35a6bab update change note 2020-05-15 09:52:59 +02:00
Max Schaefer
87c1bcad0a Merge pull request #143 from github/max-schaefer-patch-1 
Clarify which types have a qualified name.
 2020-05-15 08:40:13 +01:00
semmle-qlci
a536069059 Merge pull request #3408 from esbena/js/unsafe-html-expansion 
Approved by asgerf, mchammer01
 2020-05-15 08:24:12 +01:00
Tom Hvitved
01102b309b C#: Rename predicates 2020-05-15 09:06:12 +02:00
Max Schaefer
24d8c7ea17 Clarify which types have a qualified name. 2020-05-15 07:31:51 +01:00
Max Schaefer
d41e41812b Merge pull request #141 from sauyon/reflectedxss-fps 
ReflectedXss improvements
 2020-05-15 07:23:39 +01:00
Grzegorz Golawski
14ce049fc6 Add support for Saxon 2020-05-15 00:12:08 +02:00
Dave Bartolomeo
4614372873 C++/C#: Add QLDoc 2020-05-14 17:49:23 -04:00
Sauyon Lee
5e633b2c74 Add EqualityTestNode.getPolarity 2020-05-14 14:38:59 -07:00
Sauyon Lee
5e2b973ac4 Update comment in ReflectedXss test 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-05-14 14:35:08 -07:00
Dave Bartolomeo
6c12b59f0f C++/C#: Allow non-Phi memory operands to have no definition 2020-05-14 17:22:23 -04:00
Henning Makholm
43e8a0f716 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-05-14 23:13:50 +02:00
Erik Krogh Kristensen
6775294ac1 update expected output 2020-05-14 22:26:44 +02:00
Rasmus Lerchedahl Petersen
81a5692935 Python: handle \uxxxx and refactor 2020-05-14 21:22:21 +02:00
Erik Krogh Kristensen
e7d1b12ac8 add test 2020-05-14 20:31:23 +02:00
Erik Krogh Kristensen
6d2bffef72 add fs.open/openSync as ZipSlip sinks 2020-05-14 20:31:13 +02:00
Erik Krogh Kristensen
2d675262b2 use the generalized fs module in more places 2020-05-14 20:31:00 +02:00
Geoffrey White
6579c71866 C++: Change note. 2020-05-14 18:44:06 +01:00
Geoffrey White
df5e16c45d C++: Add a 1.25 change note file (didn't we used to have templates for these?). 2020-05-14 18:41:14 +01:00
Geoffrey White
4a6021fb61 C++: Allow equality checking to block taint flow. 2020-05-14 18:32:38 +01:00
Erik Krogh Kristensen
5132e61ce7 add tests 2020-05-14 18:55:49 +02:00
Erik Krogh Kristensen
e98f794dab implement precise data-flow steps for Promise.all 2020-05-14 18:55:44 +02:00
Henning Makholm
69ba22a3c2 QL handbook: bring library path documentation up to date 2020-05-14 18:41:22 +02:00
semmle-qlci
c06680a496 Merge pull request #3470 from asger-semmle/js/cache-module-import 
Approved by esbena
 2020-05-14 17:20:04 +01:00
Mathias Vorreiter Pedersen
fe682556bf Merge pull request #3475 from jbj/field-conflation-memcpy 
C++: Test field conflation with array in struct
 2020-05-14 17:53:32 +02:00
Dave Bartolomeo
efa133f0db Merge pull request #3463 from MathiasVP/fix-field-flow-annotation 
C++: Annotate field flow tests
 2020-05-14 10:49:27 -04:00
Jonas Jensen
49ebb3197a Merge pull request #3472 from geoffw0/paramstring 
C++: Improve getParameterString().
 2020-05-14 16:48:07 +02:00
Jonas Jensen
a380dc113f C++: Test field conflation with array in struct 2020-05-14 16:29:39 +02:00
Dave Bartolomeo
9de597db25 C++: Refactor Operand to prepare for cross-phase IPA sharing 2020-05-14 10:29:08 -04:00