hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
a08233e13d Merge pull request #366 from adityasharad/merge/master-next-251018 
Merge master into next.
 2018-10-26 08:13:33 +01:00
semmle-qlci
cbc2d9e257 Merge pull request #361 from aschackmull/java/springweb-servlet-sources 
Approved by yh-semmle
 2018-10-26 02:06:11 +01:00
semmle-qlci
905911014d Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Ian Lynagh
d6afbd8bb0 C++: Update a comment 2018-10-25 21:18:37 +01:00
Max Schaefer
b880a60095 Merge pull request #363 from xiemaisi/js/destructuring-assignment-cfg 
JavaScript: Improve handling of destructuring assignments.
 2018-10-25 20:28:53 +01:00
Geoffrey White
c9ed0396c5 CPP: Support builtin offsetof. 2018-10-25 16:41:37 +01:00
Aditya Sharad
56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Max Schaefer
38534a6e2f JavaScript: Address review comment. 2018-10-25 15:31:46 +01:00
Max Schaefer
34b33ca04c JavaScript: Recognise rest patterns as lvalues. 2018-10-25 15:31:46 +01:00
Max Schaefer
394d7b7a9b JavaScript: Update expected output of CFG test. 2018-10-25 15:31:46 +01:00
Max Schaefer
8402ee8374 JavaScript: Refactor getDefReachingEndOf to improve performance. 2018-10-25 15:31:46 +01:00
Max Schaefer
09ef1a719a JavaScript: Pull out auxiliary predicates to improve join order in liveAfterDef. 2018-10-25 15:31:46 +01:00
Max Schaefer
59bbd025a5 JavaScript: Pull out auxiliary predicate to improve join order in TPhi. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Jonas Jensen
354f8bd0ff C++: Test of range analysis 64-bit rounding issue 2018-10-25 16:18:22 +02:00
Geoffrey White
4c6cc3abdb CPP: Change note. 2018-10-25 15:01:00 +01:00
Geoffrey White
2dcec4dce3 CPP: Don't require alloc in memberMayBeVarSize. 2018-10-25 15:01:00 +01:00
Geoffrey White
035823cff0 CPP: Fix array size bug in memberMayBeVarSize. 2018-10-25 15:01:00 +01:00
Ian Lynagh
eef8719a40 C++: Fix AV Rule 85 
We have to be careful to avoid giving alerts to functions that might be
correctly defined, but we can't see the definition as it wasn't
instantiated.
 2018-10-25 14:26:31 +01:00
calum
fde3341455 C#: Addressed documentation review. 2018-10-25 14:18:30 +01:00
calum
448b080d4f C#: Fix typos. 2018-10-25 13:45:46 +01:00
Anders Schack-Mulligen
26bcf4bf5f Java: Add change note. 2018-10-25 14:34:14 +02:00
Anders Schack-Mulligen
42e659c645 Java: Minor fixups. 2018-10-25 14:30:40 +02:00
Pavel Avgustinov
c577f6d9f8 Merge pull request #365 from aschackmull/java/response-splitting-whitelist-cookiename 
Java: Whitelist Cookie::getName for HTTP response splitting.
 2018-10-25 13:18:03 +01:00
Tom Hvitved
a3d74b00e0 C#: Address review comments 2018-10-25 14:15:09 +02:00
Anders Schack-Mulligen
8a27c09447 Java: Add .expected file. 2018-10-25 14:12:50 +02:00
Anders Schack-Mulligen
8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen
1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
Jonas Jensen
5cbfdd1029 C++: Cover more cases of returning *this 2018-10-25 10:41:56 +02:00
Geoffrey White
69785fcae6 CPP: Include offsetof type calculations in memberMayBeVarSize. 2018-10-25 09:09:29 +01:00
Jonas Jensen
d144f0d154 C++: Test for unreachable return statement 
This test shows that the previous fix did not solve the problem where a
bad return statement exists but is unreachable.
 2018-10-25 09:42:15 +02:00
semmle-qlci
cfe0b8803a Merge pull request #332 from raulgarciamsft/users/raulga/c6293a 
Approved by dave-bartolomeo
 2018-10-25 00:59:35 +01:00
Raul Garcia
e1efcb0b26 Update .gitignore 2018-10-24 15:23:40 -07:00
Raul Garcia
a04eb53189 Documentation bug fix. 
Encoding the "<" character
 2018-10-24 15:22:53 -07:00
calum
8cdfb8707c C#: Update change notes. 2018-10-24 17:54:10 +01:00
calum
3041756207 C#: Allow constructor parameters to shadow class members. 2018-10-24 17:48:51 +01:00
calum
5c0b9867f8 C#: Fix violations for cs/local-shadows-member 2018-10-24 17:36:51 +01:00
Nate Nystrom
33ba814551 fixed mixed tabs and spaces 2018-10-24 17:37:18 +02:00
Geoffrey White
ec205e995b CPP: Include sizeof(expr) expressions in isDynamicallyAllocatedWithDifferentSize. 2018-10-24 16:17:04 +01:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Nate Nystrom
d228bd0b13 Fixed compilation error 2018-10-24 15:50:00 +02:00
Nate Nystrom
4ebfb019d8 ref to NumberFormatException.ql 2018-10-24 15:49:25 +02:00
Nate Nystrom
8228b46223 test case for NumberFormatException 2018-10-24 15:48:56 +02:00
Jonas Jensen
3c6bed4de6 C++: FP fix for "operator= doesn't return *this" 2018-10-24 15:44:00 +02:00
Jonas Jensen
47a548f564 C++: FP test for "operator= doesn't return *this" 
This rule should not apply to functions that never return.
 2018-10-24 15:42:39 +02:00
Nate Nystrom
d04fde7157 Fixed compilation error. 2018-10-24 15:27:23 +02:00
Anders Schack-Mulligen
1d716ae461 Java: Add remote user input sources for Spring servlets. 2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen
263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
semmle-qlci
21ff87d6a3 Merge pull request #353 from xiemaisi/js/port-tests 
Approved by asger-semmle, esben-semmle
 2018-10-24 12:47:48 +01:00
Jonas Jensen
fc2b64a8b3 C++: Add C++ analysis team to CODEOWNERS 
We previously removed our entry because the notifications got too noisy,
but we agreed recently in the C++ analysis team to try adding an entry
with just the analysis team and only in the public repository.
 2018-10-24 11:58:37 +02:00