codeql

mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	6e77489a3b	JS: add utilities for expression guards to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a2ecf40878	JS: recognize defensive expressions for null/undefined	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	2b6ef24bc2	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8086e88587	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a5eeba3c3a	JS: prepare DefensiveProgramming.qll for additions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c2fb14640e	JS: move isDefensiveInit to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	37b7b39ec6	JS: change notes for improved js/request-forgery	2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen	577b225429	JS: sort change notes table	2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen	ce0dd241f6	JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 08:14:51 +01:00
semmle-qlci	2f0e693b38	Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options Approved by esben-semmle	2018-11-12 20:32:35 +00:00
Felicity Chapman	fa8fd0513c	Update qhelp for queries with CWE tags	2018-11-12 18:00:17 +00:00
Geoffrey White	1c27c5e5ed	CPP: Tag Padding queries.	2018-11-12 17:45:58 +00:00
Geoffrey White	bcb4ebffc3	CPP: Tag NVI queries.	2018-11-12 17:45:58 +00:00
Geoffrey White	850937efcc	CPP: Tag Include queries.	2018-11-12 17:45:58 +00:00
Geoffrey White	93b3165e86	CPP: Tag Magic*UseConstant queries.	2018-11-12 17:45:58 +00:00
Max Schaefer	663bdd60a0	Merge pull request #396 from esben-semmle/js/unconditional-property-override JS: add query: js/unconditional-property-override	2018-11-12 17:10:32 +00:00
Felicity Chapman	2847d5eaac	Replace '&' symbols in URL	2018-11-12 16:34:19 +00:00
Geoffrey White	1d464ae35d	CPP: Merge the ExprHasNoEffect tests.	2018-11-12 16:26:50 +00:00
Geoffrey White	1417929cdf	CPP: Merge the Todo/FixmeComments tests.	2018-11-12 16:26:50 +00:00
Geoffrey White	03cad6c084	CPP: Move the AV Rule 97 test.	2018-11-12 16:07:03 +00:00
Geoffrey White	2d665e51d0	CPP: Move the BitwiseSignCheck.ql test.	2018-11-12 16:07:03 +00:00
Felicity Chapman	05930812a1	Update for feedback	2018-11-12 15:56:10 +00:00
Felicity Chapman	2e8f51a545	Update to bring into line with current guidelines	2018-11-12 15:30:19 +00:00
Arthur Baars	effabc667c	Merge pull request #452 from adityasharad/version/1.18.3-dev Version: Bump to 1.18.3 dev.	2018-11-12 16:01:22 +01:00
Aditya Sharad	271628c280	Version: Bump to 1.18.3 dev.	2018-11-12 14:55:26 +00:00
Jonas Jensen	0cb09b113f	Merge pull request #251 from rdmarsh2/rdmarsh/cpp/sign-analysis C++: Sign analysis library	2018-11-12 15:23:18 +01:00
Max Schaefer	2c1a37c652	JavaScript: Add WebRTC externs.	2018-11-12 12:25:32 +00:00
Jonas Jensen	1500237009	Merge remote-tracking branch 'upstream/master' into mergeback-20181112	2018-11-12 13:24:27 +01:00
Felicity Chapman	978fc4928f	Fix syntax errors in qhelp files	2018-11-12 10:55:13 +00:00
Felicity Chapman	72ac2e5498	Fix typos	2018-11-12 09:52:00 +00:00
Tom Hvitved	dd6fd400aa	Merge pull request #335 from calumgrant/cs/cwe-937 C#: New query VulnerablePackage	2018-11-12 10:34:53 +01:00
Esben Sparre Andreasen	eaad84bb4f	JS: add support for dis- and conjunctions in SanitizingFunction	2018-11-12 10:23:52 +01:00
Esben Sparre Andreasen	ffc3d6ba49	JS: simplify test (move alerts four lines up)	2018-11-12 10:21:41 +01:00
Esben Sparre Andreasen	6d0c93b6a8	JS: introduce TaintTracking::AdditionalSanitizingCall	2018-11-12 10:21:39 +01:00
Esben Sparre Andreasen	2033bf81cc	JS: address docstring review comments	2018-11-12 10:03:08 +01:00
Tom Hvitved	40def8d364	Merge pull request #418 from dave-bartolomeo/dave/FormatConfig Allow mixed whitespace in certain test and external directories	2018-11-12 09:43:39 +01:00
Tom Hvitved	21887d7c6f	C#: Refactor SSA liveness logic Simplify liveness analysis by avoiding the two extra copies of `liveAtRank()` (and other auxiliary predicates) for fields/captured variables analysis.	2018-11-12 09:41:53 +01:00
semmle-qlci	c9d77a2d6d	Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure Approved by asger-semmle	2018-11-12 08:40:26 +00:00
semmle-qlci	bf18175f7a	Merge pull request #445 from xiemaisi/js/aliases Approved by esben-semmle	2018-11-12 08:39:11 +00:00
Max Schaefer	01b43dff72	JavaScript: Make in-dist trap cache read-only.	2018-11-12 08:33:11 +00:00
Jonas Jensen	e9dac22cfd	Merge pull request #446 from geoffw0/minor-corrections CPP: Minor corrections to examples	2018-11-12 09:30:39 +01:00
Max Schaefer	032ed12242	JavaScript: Use in-dist trap cache when extracting externs.	2018-11-12 08:28:08 +00:00
Jonas Jensen	0caf0f1f15	Merge pull request #430 from geoffw0/exprtemplate CPP: Exclude template code from ExprHasNoEffect.ql	2018-11-12 09:27:36 +01:00
Max Schaefer	f26d47aacb	JavaScript: Bump extractor version. This is not so much because extractor output has changed (it hasn't, except for corner cases) but to disable trap caching so as to help us to flush out bugs.	2018-11-12 08:19:17 +00:00
Max Schaefer	f06cef5d40	JavaScript: Port JSDoc parser to Java.	2018-11-12 08:18:53 +00:00
Max Schaefer	c14ebac455	JavaScript: Port regular expression parser to Java.	2018-11-12 08:18:53 +00:00
Max Schaefer	47fda72b91	Merge pull request #448 from adityasharad/merge/master-next-091118 Merge master into next.	2018-11-12 08:04:31 +00:00
Aditya Sharad	761e5efd60	Merge master into next. JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum. C++ conflicts fixed by accepting Qltest output.	2018-11-09 18:49:35 +00:00
Robert Marsh	d9495da225	C++: fix test	2018-11-09 10:15:28 -08:00
yh-semmle	992a015467	Merge pull request #415 from aschackmull/java/obinit-extraction Java: Account for extraction of calls to <obinit>.	2018-11-09 12:34:00 -05:00

... 349 350 351 352 353 ...

19087 Commits