codeql

mirror of https://github.com/github/codeql.git synced 2026-01-16 16:04:45 +01:00

Author	SHA1	Message	Date
Bt2018	19d2a404c9	Add AndroidRString RefType to clarify the Android query	2020-05-19 08:44:26 -04:00
Max Schaefer	a803120414	Lower precision for a number of queries. These queries are currently run by default, but don't have their results displayed. Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`). With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.	2020-05-19 13:43:17 +01:00
Jonas Jensen	5318d42c4f	Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-05-19	2020-05-19 14:42:58 +02:00
Jonas Jensen	486f06ab18	C++: Simplify field conflation test It turned out the `memcpy` step was not even necessary.	2020-05-19 14:12:11 +02:00
Erik Krogh Kristensen	b71919299b	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2020-05-19 14:03:03 +02:00
Alexander Eyers-Taylor	57dbe5793f	Merge pull request #3501 from jbj/dispatch-global-union C++: Fix struct field conflation in IR data flow	2020-05-19 12:29:25 +01:00
Esben Sparre Andreasen	76bce40a8b	JS: test fixups	2020-05-19 13:12:34 +02:00
Asger F	875c3706e3	Update javascript/ql/src/semmle/javascript/CFG.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-19 12:08:51 +01:00
Asger Feldthaus	3f30564d93	JS: Autoformat	2020-05-19 12:05:32 +01:00
Geoffrey White	7d630c458e	Merge branch 'master' into fp2762	2020-05-19 11:43:50 +01:00
Asger Feldthaus	0db0ddf476	JS: Add a change note	2020-05-19 11:07:35 +01:00
Asger Feldthaus	525b9871e0	JS: Update benign test output changes	2020-05-19 11:07:08 +01:00
Asger Feldthaus	b5b93f33bc	JS: Bump to TypeScript 3.9.2	2020-05-19 11:07:08 +01:00
Anders Schack-Mulligen	6f03a0bc39	Merge pull request #3487 from luchua-bc/java-sensitive-jboss-logging Add JBoss logging	2020-05-19 11:04:18 +02:00
Anders Schack-Mulligen	c36e6213f1	Merge pull request #3288 from ggolawski/jndi-injection CodeQL query to detect JNDI injections	2020-05-19 11:03:29 +02:00
Asger Feldthaus	f49b36aec7	JS: Change note	2020-05-19 09:52:26 +01:00
Anders Schack-Mulligen	9d7329de30	Java: Clean up deprecated overrides.	2020-05-19 10:41:41 +02:00
Erik Krogh Kristensen	0275ea955b	update expected output	2020-05-19 10:29:07 +02:00
Erik Krogh Kristensen	a4450c36f6	autoformat	2020-05-19 10:26:36 +02:00
Erik Krogh Kristensen	5a5192b890	add testing for complex path sanitizer in ZipSlip	2020-05-19 10:17:15 +02:00
semmle-qlci	0c081a8e87	Merge pull request #3497 from esbena/js/yield-and-local-objects Approved by asgerf, erik-krogh	2020-05-19 09:02:22 +01:00
semmle-qlci	0d762066f5	Merge pull request #3504 from erik-krogh/unique Approved by esbena	2020-05-19 08:35:08 +01:00
Dave Bartolomeo	d6ef94a4c7	C++: Remove dead comment	2020-05-18 23:05:19 -04:00
Dave Bartolomeo	3758f3c48d	C++: Fix `syntax-zoo` test output	2020-05-18 18:07:52 -04:00
Dave Bartolomeo	01c2f0ce01	C++/C#: Fix formatting	2020-05-18 18:02:00 -04:00
Asger Feldthaus	91b9e95010	JS: Fix join ordering in analysis of add expressions	2020-05-18 22:45:59 +01:00
Asger Feldthaus	6a37e4b7a3	JS: Cache clobberedProp	2020-05-18 22:45:59 +01:00
Asger Feldthaus	5213c511b9	JS: Improve perf of GlobalVarUse.isIncomplete	2020-05-18 22:45:59 +01:00
Asger Feldthaus	7d9923038e	JS: Fix perf issue from overriding isIncomplete	2020-05-18 22:45:59 +01:00
Asger Feldthaus	e58683769d	JS: Fix bad join order in exploratoryBoundInvokeStep	2020-05-18 22:45:59 +01:00
Asger Feldthaus	9581bb52cb	JS: Update test output	2020-05-18 22:45:59 +01:00
Asger Feldthaus	430bf2da8a	JS: Fix whitelisting in UselessConditional	2020-05-18 22:45:56 +01:00
Asger Feldthaus	1d994b017f	JS: Update type inference	2020-05-18 22:42:12 +01:00
Asger Feldthaus	d5d08da545	JS: Update getEnclosingExpr	2020-05-18 22:42:12 +01:00
Asger Feldthaus	12cc228946	JS: Update getFallbackTypeAnnotation	2020-05-18 22:42:12 +01:00
Asger Feldthaus	b06cd6db30	JS: Update Node.isIncomplete	2020-05-18 22:42:12 +01:00
Grzegorz Golawski	73e736b47a	Enhanced comments according to the review comment	2020-05-18 23:37:48 +02:00
Asger Feldthaus	5568f0e182	JS: Pass local arguments to parameter value node, not SSA node	2020-05-18 22:34:42 +01:00
Asger Feldthaus	dc2d6a5fd9	JS: Make ValueNode the ParameterNode with a step to the SSA node	2020-05-18 22:34:42 +01:00
Asger Feldthaus	37ddccfa15	JS: Merge DestructuringPatternNode into ValueNode	2020-05-18 22:29:33 +01:00
Asger Feldthaus	b3161b1c41	JS: Factor TNode into a separate file	2020-05-18 22:29:33 +01:00
Asger Feldthaus	d9123833af	JS: Avoid misoptimization in mayReturnImplicitValue	2020-05-18 22:29:33 +01:00
Asger Feldthaus	eddbdffe62	JS: Add more tests for implicit returns	2020-05-18 22:29:33 +01:00
Asger Feldthaus	6a63f5b677	JS: Avoid bad join order in ImplicitProcessImport	2020-05-18 22:29:32 +01:00
Asger Feldthaus	c869812563	JS: Add UselessConditional test	2020-05-18 22:29:32 +01:00
Grzegorz Goławski	0075d35346	Update java/ql/src/experimental/Security/CWE/CWE-074/JndiInjectionLib.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-05-18 23:18:16 +02:00
Erik Krogh Kristensen	aa396a39d3	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478	2020-05-18 20:57:51 +00:00
Grzegorz Golawski	ac329e81f8	Fixes FPs in SpringBootActuators query No evidence that Spring Actuators are being used, e.g. `http.authorizeRequests().anyRequest().permitAll()` Only safe Actuators are enabled, e.g. `EndpointRequest.to("health", "info")`	2020-05-18 22:55:33 +02:00
Erik Krogh Kristensen	fc7e9eb8c8	add test for non-tracked aliasing	2020-05-18 22:40:41 +02:00
Dave Bartolomeo	42c659b8f2	C++/C#: Remove `UnmodeledDefinition` instruction	2020-05-18 15:08:50 -04:00

... 100 101 102 103 104 ...

17948 Commits