hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 03:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yo-h
cc7f98e0f6 Merge pull request #2555 from hvitved/csharp/xml-sync 
C#: Sync `XML.qll` with other languages
 2019-12-20 09:03:55 -05:00
Jonas Jensen
de55a6846f Merge pull request #2204 from alexet/cache-to-string 
Cache the computation of core toString predicates for cpp c# and java.
 2019-12-20 14:54:46 +01:00
Tom Hvitved
665d38647d Merge pull request #2557 from calumgrant/cs/extractor-label-catch 
C# extractor: Catch exceptions when generating trap
 2019-12-20 13:09:21 +01:00
Erik Krogh Kristensen
a0b5aa5ae4 more precise heuristic to identify allowed call targets 2019-12-20 10:51:39 +01:00
Jonas Jensen
18d4772508 Merge pull request #2463 from geoffw0/overflowcalc 
CPP: Allocation and Deallocation libraries
 2019-12-19 21:27:42 +01:00
Jonas Jensen
939979ddef Merge branch 'master' into overflowcalc 2019-12-19 14:12:00 +01:00
Jonas Jensen
a13748f484 Merge pull request #2259 from rdmarsh2/rdmarsh/cpp/default-taint-tracking-sources 
C++: move sources into DefaultTaintTracking.qll
 2019-12-19 14:09:41 +01:00
Jonas Jensen
4fffaabab9 Merge pull request #2551 from MathiasVP/argument-suppresion-c89-style 
C++: Alert suppression through single-line /* */ style comments
 2019-12-19 13:19:49 +01:00
Calum Grant
3c76346635 C#: WIP Adding exception handlers. 
C#: Improve robustness by catching and logging exceptions when generating trap IDs.
 2019-12-19 11:28:05 +00:00
Erik Krogh Kristensen
15d74b7d03 remove FP from js/regexpinjection where no regexp was constructed 2019-12-19 10:47:03 +01:00
Tom Hvitved
29cd6a9e30 Sync XML.qll 2019-12-19 10:29:30 +01:00
Tom Hvitved
1b6bd7a0fa C#: Update XML.qll for backwards compatibility 2019-12-19 10:27:59 +01:00
Tom Hvitved
82c368e13e C#: Sync XML.qll with other languages 2019-12-19 10:26:08 +01:00
James Fletcher
5a6a2e8a68 Merge pull request #2547 from shati-patel/ql/tutorial 
QL tutorials: Update formatting and style
 2019-12-19 09:06:08 +00:00
Mathias Vorreiter Pedersen
30822f1d98 C++: Alert suppresion through single-line /* */ style comments 2019-12-19 09:10:09 +01:00
Robert Marsh
33067c8e31 Merge pull request #2519 from jbj/ir-backedge-notc 
C++: Get rid of a fastTC and noopt in IR
 2019-12-18 14:20:43 -08:00
Jonas Jensen
e7283afa3e Merge pull request #2531 from dbartol/dbartol/MissingToString 
C++: Fix `toString()` predicates that don't hold
 2019-12-18 19:09:48 +01:00
semmle-qlci
339066ce04 Merge pull request #2552 from erik-krogh/ImportMeta 
Approved by max-schaefer
 2019-12-18 15:38:58 +00:00
Jonathan Leitschuh
75939afe9c Update java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.qhelp 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-12-18 09:53:36 -05:00
Erik Krogh Kristensen
0611dc3f60 move change notes to extractor-javascript.md 2019-12-18 14:21:43 +01:00
Taus
52d231c219 Merge pull request #2469 from RasmusWL/python-modernise-twisted-library 
Python: modernise twisted library
 2019-12-18 13:55:50 +01:00
Taus
eb6feeeaf8 Merge pull request #2482 from RasmusWL/python-include-zope-web-tests 
Python: include zope web tests from internal repo
 2019-12-18 13:55:23 +01:00
Rasmus Wriedt Larsen
48f873e3d9 Python: Add getAReturnedNode to PythonFunctionValue 2019-12-18 12:00:43 +01:00
Erik Krogh Kristensen
43e9d11f75 inline definition of importIdentifier 2019-12-18 11:43:10 +01:00
Erik Krogh Kristensen
76d4db2552 changes based on review 2019-12-18 11:39:46 +01:00
Erik Krogh Kristensen
807664e545 add change note 2019-12-18 11:35:16 +01:00
Erik Krogh Kristensen
4fdfa51e44 add support for import.meta expressions in JavaScript 2019-12-18 10:45:54 +01:00
Rasmus Wriedt Larsen
582ef6cec9 Python: Restructure logic in Twisted.qll 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
9942c3fd8b Python: Autoformat twisted library 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
ac55e6aba6 Python: Modernise twisted library 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
4e3c183676 Python: Adapt twisted tests so they pass 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
6011cb74f8 Python: Add twisted tests from internal repo 2019-12-18 10:42:39 +01:00
Anders Schack-Mulligen
2443f10823 C#: Update .expected file. 2019-12-18 10:40:18 +01:00
Jonas Jensen
367827a2ef Merge pull request #2541 from max-schaefer/unify-xml-qlls 
C++/Java/JavaScript/Python: Unify XML libraries.
 2019-12-18 10:35:34 +01:00
Jonas Jensen
66d49a4a8a Merge pull request #2546 from MathiasVP/arguments-source-qltest 
C++: Added test for 333d0a69
 2019-12-18 09:11:11 +01:00
Robert Marsh
e209ed961a Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-12-17 15:11:02 -08:00
Robert Marsh
93ace5be35 C++: remove Chi node flow in DefaultTaintTracking 2019-12-17 14:23:11 -08:00
semmle-qlci
8ad11b98d0 Merge pull request #2538 from hvitved/csharp/missing-to-string 
Approved by calumgrant
 2019-12-17 19:23:47 +00:00
Dave Bartolomeo
240823019a Merge remote-tracking branch 'upstream/master' into dbartol/MissingToString 2019-12-17 11:50:36 -07:00
Geoffrey White
ab0be19cc5 C++: Autoformat. 2019-12-17 17:51:55 +00:00
Jonathan Leitschuh
b218374772 Add io.netty.handler.codec.http.DefaultHttpResponse to Netty Response Splitting Detection 
Related: #2185
Related: https://github.com/github/security-lab/issues/22
 2019-12-17 12:12:04 -05:00
Robert Marsh
7468facb34 C++: autoformat more 2019-12-17 09:06:52 -08:00
Rasmus Wriedt Larsen
8b5d6ae2cf Python: Modernise zope web tests 2019-12-17 17:42:03 +01:00
Rasmus Wriedt Larsen
e257ba40c4 Python: Make zope web tests pass 2019-12-17 17:42:03 +01:00
Erik Krogh Kristensen
2e5b7273ab changes based on review feedback. 2019-12-17 17:30:05 +01:00
Taus Brock-Nannestad
1d94f6d303 Python: Fix several bad join orders. 
Performance on `taers232c/GAMADV-X` (which exhibited pathological behaviour in
the most recent dist upgrade) went from ~670s to ~313s on
`py/hardcoded-credentials`.

There are still a few tuple counts in the 10-100 million range, but this commit
takes care of all of the ones that numbered in the billions. (A single tuple
count in the 100-1000 million range remains, but it appears to be less critical,
taking only two seconds to calculate.)
 2019-12-17 17:19:49 +01:00
Geoffrey White
eaf00c6683 C++: Fix override related warning. 2019-12-17 15:39:29 +00:00
Erik Krogh Kristensen
0a8a2ecc61 make EventEmitter classses non final, and add a comment about extending EventEmitter::Range 2019-12-17 16:37:03 +01:00
Erik Krogh Kristensen
fed9302996 uppercase E in Electron 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-17 16:29:55 +01:00
Geoffrey White
9986206dc6 C++: Placement new does not necessarily require a delete. 2019-12-17 15:28:21 +00:00