hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 04:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Felicity Chapman
236e1f7955 Update change notes for name change 2019-11-01 12:27:43 +00:00
Felicity Chapman
570e55190d Update style guides for name change 2019-11-01 12:22:05 +00:00
Felicity Chapman
02bb142e7c Update repository artifacts for name change 2019-11-01 12:21:24 +00:00
Shati Patel
bd08e8baaf Docs: Rename Sphinx project to "Learning CodeQL" 2019-11-01 11:22:36 +00:00
shati-patel
d94e91b39b Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-01 11:03:12 +00:00
semmle-qlci
e8e2f7bb20 Merge pull request #2240 from max-schaefer/js/indirect-command-argument-data-flow 
Approved by esbena
 2019-11-01 11:00:22 +00:00
Ziemowit Laski
3e1fd4a737 [CPP-434] Add table of constructs to Qhelp. Rewrite examples section. 2019-10-31 18:03:34 -07:00
Dave Bartolomeo
ea23c2daac Merge pull request #2188 from jbj/printast-override 
C++: Add a sample class in PrintAST.ql
 2019-10-31 17:02:20 -07:00
Dave Bartolomeo
e6f632b44e Merge pull request #2228 from jbj/DefaultTaintTracking-getASTVariable 
C++: Use getASTVariable in DefaultTaintTracking
 2019-10-31 17:00:49 -07:00
Dave Bartolomeo
2f63ab0250 Merge pull request #2150 from rdmarsh2/rdmarsh/cpp/ir-buffer-read-call-se 
C++: buffer read side effects on unmodeled funcs
 2019-10-31 16:59:51 -07:00
Rachel Mant
413f49bba5 Query cpp/unused-static-variable was producing incorrect results for constexpr variables 2019-10-31 22:50:44 +00:00
Robert Marsh
31f25c8cfc C++: primary instrs for constructor side effects 2019-10-31 11:43:47 -07:00
Robert Marsh
86b5e97f76 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-10-31 11:34:22 -07:00
Robert Marsh
9477bd5698 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-buffer-read-call-se 2019-10-31 11:00:01 -07:00
semmle-qlci
d03aecaa98 Merge pull request #2235 from max-schaefer/js/issue-2233 
Approved by esbena
 2019-10-31 14:17:58 +00:00
Max Schaefer
03c9a40ba3 JavaScript: Add libraries for forward and backward data-flow exploration. 2019-10-31 12:37:31 +00:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
Max Schaefer
311cbd824c JavaScript: Recognize ":" pseudo-directive. 2019-10-31 11:39:09 +00:00
Robin Neatherway
d3016e5b98 Run autoformatter 2019-10-31 11:21:57 +00:00
Tom Hvitved
ceea96e03f C#: Update change note 2019-10-31 12:00:16 +01:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
Robert Marsh
24c9b8b9b1 C++: fix unbound variables 2019-10-30 14:06:19 -07:00
Geoffrey White
ee3b49af3a Merge pull request #2219 from jbj/rangeanalysis-best-bound 
C++: Restrict the output of IR Range Analysis to the best bounds
 2019-10-30 17:18:59 +00:00
alistair
27d0b51c6b CPP & C#: Review of qhelp 
PR #2151 got merged without a review of the qhelp
by a technical writer.
The current PR makes changes I would have suggested on that PR.
 2019-10-30 16:10:03 +00:00
yh-semmle
8620b0513e Java: move UnsafeDeserialization.qll to standard library location 2019-10-30 11:18:36 -04:00
Max Schaefer
3bbded57d3 JavaScript: Autoformat. 2019-10-30 14:49:18 +00:00
Max Schaefer
bb0771b36c JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-10-30 14:49:01 +00:00
Max Schaefer
8c133ff61d JavaScript: Deal with (un-)escaping on captured variables. 2019-10-30 14:46:50 +00:00
Max Schaefer
a8214ce7ee JavaScript: Fix regexes for escaping schemes. 2019-10-30 14:15:59 +00:00
Max Schaefer
5349e0f881 JavaScript: Recognise wrapped chains of replacements. 2019-10-30 13:14:38 +00:00
Max Schaefer
02d16b1dc9 JavaScript: Recognise wrapped string replacement functions. 2019-10-30 13:01:17 +00:00
Max Schaefer
aaeca32519 JavaScript: Recognize string escaping using .replace with a callback. 2019-10-30 12:45:32 +00:00
Jonas Jensen
1e6c983d62 C++: Use getASTVariable in DefaultTaintTracking 
This library is not yet used in a query or test, so it broke silently
when `VariableAddressInstruction.getVariable` was removed.
 2019-10-30 13:42:17 +01:00
Max Schaefer
bd1c99d8a4 JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper. 2019-10-30 12:38:05 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
63f24476e9 JavaScript: Refactor DoubleEscaping.ql. 2019-10-30 10:59:14 +00:00
Aditya Sharad
ecd4c08cb4 Merge pull request #2225 from hvitved/csharp/autobuilder-tests 
C#: Update autobuilder tests
 2019-10-29 12:21:04 -07:00
Robin Neatherway
96f9a01355 Correct minor compilation errors in test code 2019-10-29 17:52:13 +00:00
Robin Neatherway
84202ff2e1 Java: Respect Hamcrest assertThat(X, notNullValue()) 2019-10-29 17:52:13 +00:00
Luke Cartey
d9d4aa30a9 Merge pull request #2214 from hmakholm/pr/upgrade-packs 
Make each upgrade directory a QL pack
 2019-10-29 16:45:02 +00:00
semmle-qlci
fde56cf290 Merge pull request #2223 from hvitved/csharp/autobuilder-curl-redirect 
Approved by jbj
 2019-10-29 15:38:02 +00:00
Rasmus Wriedt Larsen
87ec58aff1 Merge pull request #2221 from tausbn/python-unreachable-catch-all-assert 
Python: Do not report unreachable "catch-all" cases in `elif`-chains.
 2019-10-29 16:36:51 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
530fa2c11c JavaScript: Collapse edges instead of hiding nodes. 
Instead of skipping over initial and final nodes, we now introduce edges from source and to sink nodes that circumvent these nodes entirely.
 2019-10-29 15:30:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
278ea90049 JavaScript: Collapse flow labels at start/end nodes to avoid duplication. 2019-10-29 15:24:40 +00:00
Max Schaefer
316962233c JavaScript: Factor out MidPathNode into its own class. 2019-10-29 15:24:40 +00:00
Max Schaefer
7c56c9f999 JavaScript: Move suppression of hidden nodes into edges predicate. 
They should really only be hidden for display purposes.
 2019-10-29 15:19:26 +00:00
Max Schaefer
3373742077 JavaScript: Turn PathNode::getASuccessorInternal and PathNode::getAHiddenSuccessor into top-level predicates. 2019-10-29 15:19:26 +00:00
Max Schaefer
b6f4785645 JavaScript: Rename MkPathNode to MkMidNode. 2019-10-29 15:19:26 +00:00