hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 15:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.2
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
220fcb59bd JavaScript: Add change note. 2018-10-03 13:08:31 +01:00
Max Schaefer
8b7bb8cecc JavaScript: Add test case for type inference in the presence of non-toplevel imports. 2018-10-03 13:08:31 +01:00
Max Schaefer
db32dc2bdf JavaScript: Generalise code that assumes imports only appear at the toplevel. 2018-10-03 13:08:31 +01:00
Max Schaefer
f05e777e64 JavaScript: Patch CFG to improve support for non-top level import declarations. 2018-10-03 13:08:31 +01:00
Luke Cartey
d34eef82b3 C#: Remove the 'security' tag from some queries 
These queries are only tenuously security queries, and marking them as
security queries can cause them to have greater prominence than is
merited by the results that they report.
 2018-10-03 11:48:27 +01:00
Luke Cartey
1a90f7df2c C#: ZipSlip - Address review comments. 
- Add backticks
 - Add extra test.
 2018-10-03 11:38:48 +01:00
Asger F
271b2f3ce3 JS: add RemoteFlowSource.isThirdPartyControllable() 
Use it in ReflectedXSS and ServerSideURrlRedirect
 2018-10-03 10:09:02 +01:00
semmle-qlci
604ff232e2 Merge pull request #267 from xiemaisi/js/fix-deprecated-use 
Approved by asger-semmle
 2018-10-03 09:12:02 +01:00
semmle-qlci
e9adc63d91 Merge pull request #260 from xiemaisi/js/confusing-precedence 
Approved by esben-semmle, mc-semmle
 2018-10-03 09:07:18 +01:00
Jonas Jensen
4ad4b19911 Merge pull request #189 from geoffw0/wrongtypedef 
CPP: Permit more typedefs in WrongTypeFormatArguments.ql
 2018-10-03 09:40:06 +02:00
Max Schaefer
09aa04bf00 Merge pull request #268 from sjvs/fix-javascript-example 
JavaScript: fix two examples based on LGTM.com alerts
 2018-10-03 08:16:19 +01:00
Denis Levin
e147e690ee Merge branch 'master' into denisl/js/HttpToFileAccessTest 2018-10-02 15:13:35 -07:00
Robert Marsh
7c2bcf6fa6 C++/Doc: change note for PR #269 2018-10-02 14:25:08 -07:00
Robert Marsh
d44761eaca Merge pull request #269 from tosmolka/tosmolka/cpp/suspicious-call-to-memset 
C++: support Decltype in suspicious-call-to-memset
 2018-10-02 14:21:06 -07:00
Raul Garcia
492b511cdf Merge operation 2018-10-02 11:27:39 -07:00
Raul Garcia
230724c085 Updates based on feedback 2018-10-02 11:17:23 -07:00
Max Schaefer
425d2bfba7 Merge pull request #266 from esben-semmle/js/improve-dead-store-of-local 
JS: support noop parentheses in js/useless-assignment-to-local
 2018-10-02 16:19:56 +01:00
Tobias Smolka
51dcdeff59 C++: support Decltype in suspicious-call-to-memset 2018-10-02 16:47:04 +02:00
Bas van Schaik
c4eb6f0056 fix JS example based on LGTM.com alerts 
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js (x95b0280fcab9007a):1
1f7ef5b0d7/files/javascript/ql/src/Security/CWE-079/examples/StoredXss.js (xaef03a63aa3e02e4):1
 2018-10-02 14:47:52 +01:00
Max Schaefer
c7b4238408 JavaScript: Fix use of deprecated predicate. 2018-10-02 12:12:59 +01:00
Max Schaefer
18a74a2163 Merge pull request #255 from Semmle/js/typo-in-query-help 
JavaScript: Fix typo in query help.
 2018-10-02 11:33:03 +01:00
semmle-qlci
b35f450b01 Merge pull request #162 from asger-semmle/partial-calls 
Approved by esben-semmle, xiemaisi
 2018-10-02 11:24:02 +01:00
Asger F
057af7c865 TypeScript: add test case with mixed rescanned tokens 2018-10-02 10:42:33 +01:00
Max Schaefer
768368498f JavaScript: Introduce new query UnclearOperatorPrecedence. 2018-10-02 08:46:51 +01:00
Max Schaefer
a63b7fc215 JavaScript: Introduce new library predicate for computing whitespace around binary operators. 2018-10-02 08:46:11 +01:00
semmle-qlci
829a5cc451 Merge pull request #259 from asger-semmle/open-redirect-expr 
Approved by xiemaisi
 2018-10-02 08:32:48 +01:00
Max Schaefer
92afcd32f8 Merge pull request #241 from asger-semmle/host-header-forgery 
JS: Add HostHeaderPoisoningInEmailGeneration query
 2018-10-02 08:32:00 +01:00
Esben Sparre Andreasen
595fe217dd JS: support noop parentheses in js/useless-assignment-to-local 
The syntatic recognizer `isNullOrUndef` did not handle expressions
that were wrapped in parentheses.

This eliminates some results here:
https://lgtm.com/projects/g/vuejs/vue/alerts?mode=tree&ruleFocus=7900088
 2018-10-02 09:31:32 +02:00
Jonas Jensen
6bfa59a412 Merge pull request #262 from adityasharad/merge/master-next-011018 
Merge master into next.
 2018-10-02 09:04:04 +02:00
Denis Levin
9c487bc6d9 Merge branch 'master' 2018-10-01 14:51:56 -07:00
Denis Levin
82d8b4e371 Adding the source link to the test case samples 2018-10-01 11:45:38 -07:00
Raul Garcia
99e6708b2b Merge branch 'master' into users/raulga/c6276 2018-10-01 10:28:54 -07:00
Raul Garcia
253b8d1287 C++ : cpp/incorrect-string-type-conversion 
Cast between semantically different string types: char* from/to wchar_t*
NOTE: Please let me know if you want to use a different CWE than CWE-704
 2018-10-01 10:25:49 -07:00
Aditya Sharad
337defdf3d Merge master into next. 2018-10-01 17:39:27 +01:00
Arthur Baars
13ef492fc1 Merge pull request #258 from adityasharad/merge/1.18-master-011018 
Merge rc/1.18 into master.
 2018-10-01 18:36:16 +02:00
Asger F
d3a1df644c TypeScript: test case for tokens starting with ">" 2018-10-01 17:35:21 +01:00
Asger F
a199035a05 TypeScript: test case for whitespace before a rescanned token 2018-10-01 17:35:15 +01:00
Max Schaefer
7518267281 Merge pull request #257 from xiemaisi/js/fix-DOMException-model 
JavaScript: Update model of `DOMException`.
 2018-10-01 17:12:50 +01:00
Asger F
9146cc26bd TypeScript: test case for tokenization of template literals 2018-10-01 14:36:19 +01:00
Jonas Jensen
308631e8ff C++: Add two recent queries to query suites 2018-10-01 13:42:12 +02:00
Jonas Jensen
54cd173da8 C++: Changelog entries for two new queries 2018-10-01 13:41:44 +02:00
Asger F
9f07b1011d JS: bugfix in server-side redirect query 2018-10-01 12:34:13 +01:00
Aditya Sharad
0882eb7bb3 Merge rc/1.18 into master. 2018-10-01 12:08:16 +01:00
Jonas Jensen
532a64f211 C++: Name/description of HResultBooleanConversion 
This commit changes the name and description of the new
`HResultBooleanConversion` query to follow our internal guidelines.
 2018-10-01 12:12:00 +02:00
Nick Rolfe
828d3cb138 Merge pull request #250 from adityasharad/version/1.18.1-dev 
Version: Bump to 1.18.1 dev.
 2018-10-01 10:59:52 +01:00
Asger F
d005d7127f JS: address doc review 2018-10-01 10:58:38 +01:00
Max Schaefer
8cc7f5c242 JavaScript: Update model of DOMException. 
cf. https://developer.mozilla.org/en-US/docs/Web/API/DOMException/DOMException
 2018-10-01 08:50:53 +01:00
Max Schaefer
1ab943c16b JavaScript: Fix typo in query help. 2018-10-01 08:04:45 +01:00
Jonas Jensen
9ffdf3b69e Merge pull request #254 from dave-bartolomeo/dave/InstructionToString 
C++: Make `Instruction.toString()` less expensive
 2018-10-01 08:57:24 +02:00
Dave Bartolomeo
37091953dc C++: Fix test expectations after rebase 2018-09-30 08:25:42 -07:00