hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 11:11:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,691 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
ea429f4fbe JavaScript: Add test case exposing bug in getNextToken. 2019-01-29 12:50:31 +00:00
Jonas Jensen
d776d9f903 Merge pull request #821 from geoffw0/query-tags-case 
CPP: Improve ArrayArgSizeMismatch.ql
 2019-01-29 03:52:52 -08:00
Asger F
9e87bf37ea JS: make higherOrderCall private 2019-01-29 11:50:46 +00:00
Asger F
60cef60c1d JS: ensure PropWrites exist for all instance members 2019-01-29 10:12:54 +00:00
Esben Sparre Andreasen
5d5900a534 JS: change notes for improved interprocedural type inference 2019-01-29 10:21:36 +01:00
Esben Sparre Andreasen
0d1f4270d6 JS: introduce SsaVarAccessWithNonLocalAnalysis 2019-01-29 10:20:36 +01:00
Esben Sparre Andreasen
2683a9b43a JS: add testss for js/trivial-conditional 2019-01-29 10:19:03 +01:00
Max Schaefer
e2f27014b5 JavaScript: Introduce suspiciousCredentials predicate (from C# library). 2019-01-29 09:14:43 +00:00
Max Schaefer
a8dd97a2c9 JavaScript: Pull reasoning about encode/encrypt-like calls into library. 2019-01-29 09:14:23 +00:00
Max Schaefer
1fe4c44b36 JavaScript: Bring a few doc comments into line with style guide. 2019-01-29 09:13:53 +00:00
semmle-qlci
a5aee9ed0f Merge pull request #833 from esben-semmle/js/sharpen-cond 
Approved by xiemaisi
 2019-01-29 08:03:06 +00:00
Taus
1d28c63703 Merge pull request #810 from markshannon/python-hide-magic-variables 
Python hide magic variables
 2019-01-28 23:21:31 +01:00
Taus
0f5b21e392 Merge pull request #807 from markshannon/python-insecure-file-permission 
Python: Weak file permissions query.
 2019-01-28 23:21:10 +01:00
semmle-qlci
bf64fee4bd Merge pull request #790 from rdmarsh2/rdmarsh/cpp/futile-params 
Approved by semmledocs-ac
 2019-01-28 22:11:44 +00:00
Robert Marsh
9642a78bde C++: add FutileParams.ql to C++ suite 
In theory this query will produce no results on C++ code; in practice, I
suspect the "cpp" suite is often run on code compiled as C, so it is
likely to be worth running anyways.
 2019-01-28 09:40:19 -08:00
Geoffrey White
b0805f8e79 CPP: Adjust ArithmeticTainted.ql so that it can work on non-VariableAccesses. 2019-01-28 17:36:56 +00:00
Robert Marsh
54fdf9f29d C++/Docs: respond to doc comments on PR 2019-01-28 09:34:45 -08:00
Geoffrey White
f1dc538796 CPP: Add a test using strtoul in a taint query. 2019-01-28 16:59:02 +00:00
Taus
15643d1bb6 Merge pull request #814 from markshannon/python-fix-tornado-request-path 
Python: Fix tornado and twisted request attribute tracking.
 2019-01-28 17:38:34 +01:00
Calum Grant
c86e6bd6ff Merge pull request #826 from hvitved/csharp/autobuild/dotnet-install-script-cleanup 
C#: Cleanup dotnet install script after installation in autobuilder
 2019-01-28 16:33:55 +00:00
Calum Grant
eef1abfa69 Merge pull request #743 from hvitved/csharp/dataflow-splitting 
C#: Teach data flow library about CFG splitting
 2019-01-28 16:31:24 +00:00
Asger F
5815aa1e8b JS: add test case to PropWrite tests 2019-01-28 15:43:52 +00:00
Asger F
383cadb25b JS: add PropWrite for instance fields with initializer 2019-01-28 15:40:30 +00:00
Asger F
7a4af4af6d JS: add PropWrite instance for parameter fields 2019-01-28 15:40:30 +00:00
Asger F
dacde5da12 JS: restrict ClassMemberAsPropWrite to static members 2019-01-28 15:40:25 +00:00
Taus
c503ec4608 Merge pull request #806 from markshannon/python-points-to-remove-some-negation 
Python: Remove some negation from points-to, in preparation for ADT Objects.
 2019-01-28 16:25:18 +01:00
Taus
f61e7b66cc Merge pull request #835 from markshannon/python-compare-is-enum 
Python: Fix 'comparison using is' query to account for enum members.
 2019-01-28 16:22:57 +01:00
Mark Shannon
39705cf733 Python: Clarify predicate a bit. 2019-01-28 14:33:39 +00:00
Mark Shannon
6d553ae2be Python: Check os.open as well as os.chmod for weak file permissions. 2019-01-28 14:26:16 +00:00
Anders Schack-Mulligen
a29f615da0 Java: Add additional taint steps through collections. 2019-01-28 14:34:09 +01:00
Tom Hvitved
86721ff800 C#: Add more documentation to SuccSplits module 2019-01-28 14:12:17 +01:00
Asger F
5d4192ce0a JS: change note 2019-01-28 13:04:28 +00:00
Taus
e891ab7a54 Merge pull request #834 from markshannon/python-move-test-to-internal 
Python: Remove AST test (it will be added to the extractor tests).
 2019-01-28 14:03:33 +01:00
Asger F
3245142203 JS: Dont flag empty string as hardcoded username 2019-01-28 13:01:52 +00:00
Mark Shannon
4e5d4e265c Add change note. 2019-01-28 13:01:04 +00:00
Mark Shannon
3992346add Python: Fix up mutating-descriptor query to only flag mutation when they occur during descriptor protocol. 2019-01-28 12:57:18 +00:00
Mark Shannon
53fbf51ee8 Python: Fix handling of enum members in python/ql/src/Expressions/IsComparisons.qll. 2019-01-28 12:20:31 +00:00
Mark Shannon
5da209f876 Python: add failing test for comparison using 'is' and enum members. 2019-01-28 12:19:54 +00:00
Mark Shannon
1bec219048 Python: Remove AST test (it will be added to the extractor tests). 2019-01-28 11:41:12 +00:00
Mark Shannon
b841ecbb7c Python: Fix tornado and twisted request attribute tracking; 'path' attribute can be trusted, but 'uri' and 'arguments' cannot. 2019-01-28 11:26:00 +00:00
Jonas Jensen
ccfb1c229a Merge pull request #831 from geoffw0/query-tags-5 
CPP: Tweak tags for consistency
 2019-01-28 10:55:09 +01:00
Geoffrey White
bf7cdad736 CPP: Change note. 2019-01-28 09:31:06 +00:00
Esben Sparre Andreasen
239fe6e419 fixup! JS: sharpen the js/trivial-conditional whitelist 2019-01-28 10:18:03 +01:00
semmle-qlci
962416ffc2 Merge pull request #805 from asger-semmle/callback-taint-source 
Approved by xiemaisi
 2019-01-28 08:45:37 +00:00
semmle-qlci
8b029a2d9f Merge pull request #827 from xiemaisi/js/duplicate-toplevel-percent 
Approved by esben-semmle
 2019-01-28 08:40:23 +00:00
Jonas Jensen
4d441a3bdb Merge pull request #824 from geoffw0/fread 
CPP: Add 'fread' to BufferAccess.qll
 2019-01-28 09:07:22 +01:00
Jonas Jensen
0dad04bd7e Merge pull request #829 from geoffw0/deprecate-fpv 
CPP: Deprecate FunctionPointerVariable and FunctionPointerMemberVariable
 2019-01-28 08:47:49 +01:00
semmle-qlci
65b64c7c05 Merge pull request #645 from sb-semmle/configuration-file-library 
Approved by yh-semmle
 2019-01-26 02:06:16 +00:00
Robert Marsh
9decbd9c9f C++: new irreducible CFG test for range analysis 2019-01-25 13:12:40 -08:00
Esben Sparre Andreasen
ef3b107cc1 JS: sharpen the js/trivial-conditional whitelist 2019-01-25 18:19:45 +01:00