hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 23:14:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
b05942b599 JS: Add HTML file example 2020-06-29 13:45:01 +01:00
Asger Feldthaus
3938856e61 JS: Make this work in qltest 2020-06-29 13:42:55 +01:00
Asger Feldthaus
1a16d7339a JS: Set SourceType correctly 2020-06-29 13:42:22 +01:00
Geoffrey White
441d4c077a Update cpp/ql/src/semmle/code/cpp/exprs/Cast.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-06-29 13:13:00 +01:00
Taus Brock-Nannestad
b469d55d17 Python: Fix a few things in Stmts.qll. 2020-06-29 13:32:36 +02:00
Nick Rolfe
ab1dc64eea C++: expand qldoc on MemberFunction::getTypeOfThis() 2020-06-29 11:54:28 +01:00
Asger Feldthaus
fcb365188b JS: Add change note 2020-06-29 09:59:17 +01:00
Asger Feldthaus
e46a9dac65 JS: Count lines of code correctly 2020-06-29 09:59:17 +01:00
Asger Feldthaus
9c65318f99 JS: Extract TypeScript in HTML files to a snippet in virtual source root 2020-06-29 09:59:17 +01:00
Asger Feldthaus
da58fb5e62 JS: Resolve relative imports across real and virtual source roots 2020-06-29 09:44:48 +01:00
Asger Feldthaus
d3b9ebe1d2 JS: Perform glob matching across source roots 2020-06-29 09:44:48 +01:00
Asger Feldthaus
1297d0f414 JS: Extract HTML before TypeScript 2020-06-29 09:44:48 +01:00
Asger Feldthaus
2c1567aedd JS: Don't extract TypeScript from HTML 2020-06-29 09:44:48 +01:00
Asger Feldthaus
805deb13c0 JS: Fix whitespace 2020-06-29 09:44:45 +01:00
Asger Feldthaus
1e5f846168 JS: Use StringReplaceCall 2020-06-29 09:31:56 +01:00
Mathias Vorreiter Pedersen
6b27652b99 C++: Remove abstractness from a couple of AST classes 2020-06-29 10:27:16 +02:00
Erik Krogh Kristensen
27b2c02693 remove todo comment 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-29 09:58:59 +02:00
Asger Feldthaus
8632c2a3b2 JS: Factor out VirtualSourceRoot 2020-06-29 08:18:29 +01:00
Asger Feldthaus
bfedcb01c4 JS: Make TypeScript aware of custom extractor extensions 2020-06-29 08:16:58 +01:00
Asger Feldthaus
d55e3300f3 JS: Bundle FileExtractors into a class 2020-06-29 08:16:58 +01:00
Asger Feldthaus
ea6b99e726 JS: Add shouldExtract predicate 2020-06-29 08:16:58 +01:00
Asger Feldthaus
164a18f02d JS: Factor out extractFiles 2020-06-29 08:16:05 +01:00
Asger Feldthaus
da3d1a3b5f JS: Recognize 'lang' attribute of script tags 2020-06-29 08:15:52 +01:00
Asger F
bdb7e3def3 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-06-29 07:55:15 +01:00
Asger Feldthaus
03c91a66c5 JS: Update expected output 2020-06-29 07:52:25 +01:00
ubuntu
bb06014f3d Add fancy-log 2020-06-28 22:02:02 +02:00
Alessio Della Libera
ce32d646dc Update javascript/ql/src/semmle/javascript/frameworks/Logging.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-06-28 21:58:45 +02:00
Mathias Vorreiter Pedersen
5fbf30590e C++: Accept test changes. 2020-06-28 20:21:51 +02:00
Taus Brock-Nannestad
5744356dbc Python: Add a bunch more toString docs. 2020-06-28 14:55:45 +02:00
Taus Brock-Nannestad
e72e662f68 Python: Autogenerate QLDoc for toString AST methods. 
Only adds these for the methods that do not `override` other
methods (as these presumably have their own `toString` documentation).
 2020-06-28 14:41:45 +02:00
Mathias Vorreiter Pedersen
9c0f877172 C++: Keep old instruction -> instruction flow in simpleInstructionLocalFlowStep. This means we don't have to add general operand -> instruction to the simpleLocalFlowStep relation, which seems to add a 10% performance regression. 2020-06-28 11:28:43 +02:00
Asger Feldthaus
9ca25d5bef JS: Support .hash extraction via a few more methods 2020-06-28 01:38:59 +01:00
Asger Feldthaus
19db418395 JS: Add missing store step in Xss query 2020-06-28 01:26:11 +01:00
Asger Feldthaus
3e616e998e JS: Add test 2020-06-27 21:31:40 +01:00
Asger Feldthaus
84d21074e5 JS: Support Vue class components 2020-06-27 21:24:46 +01:00
Grzegorz Golawski
aff0e0eb25 Cleanup according to review comments. 2020-06-27 18:30:36 +02:00
Artem Smotrakov
f5f30ce25e Java: Simplified the query for disabled certificate revocation checking 
Removed a dataflow cofiguration for setting a revocation checker.
Instead, the query just checks if addCertPathChecker() or setCertPathCheckers()
methods are called.
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
a2fa03e4f5 Java: Improved the query for disabled certificate revocation checking 
- Added a taint propagation step for List.of() methods
- Added a testcase with one of the List.of() method
- Simplified conditions
- Fixed typos
 2020-06-27 11:37:20 +03:00
Artem Smotrakov
06e3f101ce Java: Added a query for disabled certificate revocation checking 
- Added experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
  The query looks for PKIXParameters.setRevocationEnabled(false) calls.
- Added RevocationCheckingLib.qll
- Added a qhelp file with examples
- Added tests in java/ql/test/experimental/Security/CWE/CWE-299
 2020-06-27 11:37:20 +03:00
Asger Feldthaus
ac5b9cd168 JS: Autoformat 2020-06-26 23:15:04 +01:00
Dave Bartolomeo
4dcdd8a0ee C++: Add last remaining QLDoc to Opcode.qll 2020-06-26 17:25:30 -04:00
Dave Bartolomeo
bdf121f3b8 C++: Update opcode QLDoc script to handle abstract base classes 
This auto-generates even more QLDoc for `Opcode.qll`
 2020-06-26 16:04:33 -04:00
ubuntu
9135bbd5c8 JS: model fancy-log (and recognize the 'dir' log level) 2020-06-26 21:33:52 +02:00
Asger Feldthaus
6707e3424d JS: Prevent bad join ordering 2020-06-26 20:21:56 +01:00
Taus Brock-Nannestad
24daf2c4d1 Python: Document internal AST classes. 
We already document these in the classes that override them, so I
simply added a pointer to this information.
 2020-06-26 21:15:30 +02:00
Asger Feldthaus
06dd3ab2ca JS: Propagate into RegExp.$x 2020-06-26 18:58:43 +01:00
Asger Feldthaus
17af8f7650 JS: Add test for taint propagating into RegExp.$1 2020-06-26 18:58:43 +01:00
Dave Bartolomeo
e00a8f7670 Merge pull request #3815 from jbj/getAPrimaryQlClass 
C++: getCanonicalQLClass -> getAPrimaryQlClass
 2020-06-26 13:52:16 -04:00
Dave Bartolomeo
5f290520ab C++: Accept test diffs due to opcode rename 2020-06-26 13:45:41 -04:00
semmle-qlci
3aefb7fad9 Merge pull request #3613 from erik-krogh/Reassigned 
Approved by asgerf
 2020-06-26 17:05:45 +01:00