hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 19:32:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
a062d7d41c C#: Add regression test 2019-11-29 10:10:24 +01:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
a40ad9f276 Merge pull request #2456 from felicitymay/1.23/SD-4095-finalize-change-notes-js 
Approved by erik-krogh, max-schaefer
 2019-11-29 08:59:29 +00:00
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
Geoffrey White
3477c4a8fb Update cpp/ql/src/semmle/code/cpp/commons/Alloc.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-28 17:30:36 +00:00
Geoffrey White
aae9f88413 CPP: Model 'alloca'. 2019-11-28 17:27:37 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Jonas Jensen
d816701e07 Revert "C++: Use StackVariable in Nullness.qll" 
It looks like allowing statics in `Nullness.qll` is fine since it's a
"may be null" analysis rather than a "must be null" analysis.

This reverts commit f5b9837e19.
 2019-11-28 17:44:42 +01:00
Jonas Jensen
d22df24cab Merge pull request #2467 from geoffw0/speedup1 
CPP: Speed up isCompiledAsC.
 2019-11-28 17:31:27 +01:00
semmle-qlci
198b3b34a3 Merge pull request #2432 from asger-semmle/install-typescript-deps 
Approved by max-schaefer
 2019-11-28 16:08:46 +00:00
Max Schaefer
7487c79271 JavaScript: Add missing qldoc. 2019-11-28 15:54:52 +00:00
Max Schaefer
47cbf0bf88 JavaScript: Override Locatable.getLocation() for @files. 2019-11-28 15:54:03 +00:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Tom Hvitved
04cecc04dd C#: Update EntityFrameworkCore test 2019-11-28 15:28:50 +01:00
Paulino Calderon
eeffd7cf8d Adds CodeQL query to check for Pages validateRequest directive 2019-11-28 14:22:08 +00:00
Tom Hvitved
af453d081e C#: Only track taint through conversion operators defined in libraries 2019-11-28 15:21:04 +01:00
semmle-qlci
d59ea3d53c Merge pull request #2466 from esbena/js/fix-mjs-check 
Approved by asgerf
 2019-11-28 13:37:43 +00:00
Taus
20513561a0 Merge pull request #2459 from RasmusWL/python-modernise-TurboGears-library 
Python: modernise TurboGears library
 2019-11-28 14:36:01 +01:00
Tom Hvitved
ba4fb82a08 C#: Add DB upgrade script 2019-11-28 14:30:21 +01:00
Tom Hvitved
b79fc87961 C#: Split up localvars database relation into two relations 2019-11-28 14:30:21 +01:00
semmle-qlci
2b0eef3b14 Merge pull request #2448 from tausbn/python-use-import-python-consistently 
Approved by RasmusWL
 2019-11-28 12:47:00 +00:00
Geoffrey White
b1c992e85f CPP: Speed up isCompiledAsC (x3). 2019-11-28 11:28:38 +00:00
Esben Sparre Andreasen
4e0dfce427 JS: cache charpred for NodeJS::Require 2019-11-28 08:10:25 +01:00
Esben Sparre Andreasen
d909653a6b JS: simplify charpred for NodeJS::Require 2019-11-28 08:10:25 +01:00
Calum Grant
5833b15f0e C#: Analysis change notes. 2019-11-27 17:30:02 +00:00
Calum Grant
d001c3c2d2 C#: Restructure files. 2019-11-27 17:29:53 +00:00
Calum Grant
c906a8238d C#: Edit qhelp for cs/insecure-request-validation-mode 2019-11-27 16:37:37 +00:00
Calum Grant
4b19f3b6a4 C#: Whitespace edit and edit query metadata. 2019-11-27 16:37:37 +00:00
Paulino Calderon
6f346c6676 Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET 2019-11-27 16:37:37 +00:00
james
931cc73d1e docs: add brief instructions for using databases in VS Code 2019-11-27 15:05:50 +00:00
james
24857e5616 docs: update or remove other uses of QL4E 2019-11-27 15:05:08 +00:00
Erik Krogh Kristensen
d212394058 update expected output 2019-11-27 15:21:47 +01:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Rasmus Wriedt Larsen
44cc9dd0be Python: Add TurboGears templating example 2019-11-27 15:07:32 +01:00
Rasmus Wriedt Larsen
b526421072 Python: Autoformat TurboGears library 2019-11-27 14:19:51 +01:00
Rasmus Wriedt Larsen
9ef270fc92 Python: Modernise TurboGears library 2019-11-27 14:19:04 +01:00
Tom Hvitved
ce16bc553a C#: Autoformat 2019-11-27 13:47:24 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
Felicity Chapman
4070992273 Fix sort order 2019-11-27 12:38:39 +00:00
Felicity Chapman
587dd54a3c Minor text changes 2019-11-27 12:38:38 +00:00
semmle-qlci
a2827e9503 Merge pull request #2362 from erik-krogh/promiseAll 
Approved by max-schaefer
 2019-11-27 12:35:04 +00:00
Erik Krogh Kristensen
bafd57d7d5 refactor classes in typeahead.js model 2019-11-27 13:33:38 +01:00
Rasmus Wriedt Larsen
3e5e14a14b Merge pull request #2431 from tausbn/python-cyclic-import-future-annotations 
Python: Account for non-evaluation of annotations in cyclic imports.
 2019-11-27 13:31:53 +01:00
james
3782d1b6e4 docs: update links on opening slide 2019-11-27 12:28:57 +00:00
Erik Krogh Kristensen
4f75986274 update test to not use private classes 2019-11-27 12:59:10 +01:00
Felicity Chapman
eaf68e86e0 Merge pull request #2443 from tausbn/python-finalise-change-notes 
Python: Update change note for 1.23.
 2019-11-27 11:51:04 +00:00
Taus Brock-Nannestad
b503cdb9d4 Python: Final change note fixes. 
- `false positives` becomes `false positive results`
- Items are listed alphabetically.
- Query IDs are listed.

Also, some of the queries had the wrong name (query message rather than the
actual query name). These have been fixed.
 2019-11-27 12:10:28 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
semmle-qlci
9ca4f6aecb Merge pull request #2392 from asger-semmle/window-name-flow 
Approved by max-schaefer
 2019-11-27 10:55:26 +00:00