codeql

mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00

Author	SHA1	Message	Date
Rebecca Valentine	6d10c47cba	Python: Moves predicates over to suffixed form	2020-03-09 11:56:57 -07:00
Erik Krogh Kristensen	ad52d6446e	add test case for tuple-like use	2020-03-09 19:47:05 +01:00
Rebecca Valentine	bf92cee1b1	Python: Updates expected results	2020-03-09 11:16:58 -07:00
Erik Krogh Kristensen	981eef2587	expose arrayFunctionTaintStep in TaintTracking.qll	2020-03-09 17:22:29 +01:00
Erik Krogh Kristensen	509941649c	remove redundant qldoc, and change parameter names to better reflect behavior	2020-03-09 17:20:12 +01:00
Erik Krogh Kristensen	a476fc5c3b	revert Array.from change	2020-03-09 17:09:31 +01:00
Rasmus Wriedt Larsen	a38fd2d3d1	Python: Use unambiguous name getCallNode	2020-03-09 17:05:00 +01:00
Rasmus Wriedt Larsen	a9674ef6e8	Python: Resolve autoformat ugliness	2020-03-09 16:54:55 +01:00
Erik Krogh Kristensen	68ffd52d4c	update expected output	2020-03-09 16:45:10 +01:00
Erik Krogh Kristensen	b4b05696e1	two bugfixes	2020-03-09 16:45:03 +01:00
semmle-qlci	155985c77d	Merge pull request #3024 from max-schaefer/js/move-portals-to-experimental Approved by asgerf	2020-03-09 15:39:36 +00:00
Rasmus Wriedt Larsen	31cfb1689c	Python: Fix minor bug in modernisation-rewrite Obviously the result module shouldn't be a package 🤦 I was confusing myself, since I wanted to say that `Module::named("Crypto.Cipher")` should be a package :D	2020-03-09 15:49:08 +01:00
Mathias Vorreiter Pedersen	6dee7061a0	C++: Handle constant variable accesses in SimpleRangeAnalysis.qll	2020-03-09 15:44:32 +01:00
Rasmus Wriedt Larsen	0ce8e9180b	Python: Remove code that adds taint to unrelated ControlFlowNode The problem with the deleted code is that it would add flow to what might be an unrelated ControlFlowNode, which is illustrated in the query below (that gives results on flask) from ControlFlowNode arg, CallNode call, CallNode other_call where call.getNode().getAKeyword().getValue() = arg.getNode() and not call.getAnArg() = arg and other_call.getAnArg() = arg and not other_call = call select call, arg, other_call	2020-03-09 15:27:31 +01:00
Rasmus Wriedt Larsen	cac5d00ca2	Python: Fix string taint tests The tests in ql/python/ql/test/library-tests/taint/strings/ shows that ClassValue::str() is not good enough.	2020-03-09 15:10:48 +01:00
Tom Hvitved	6a10516c1e	Merge pull request #3021 from aschackmull/dataflow/partial-path-perf Java/C++/C#: Fix performance issue in partial paths exploration.	2020-03-09 15:04:33 +01:00
Max Schaefer	3c785ecaa7	JavaScript: Move flow summaries to `experimental`. Also update description and change note to call out their experimental character more clearly.	2020-03-09 12:57:20 +00:00
Asger F	5a1bf94994	Merge pull request #2987 from asger-semmle/js/urls-not-sensitive-data JS: Declassify sensitive exprs with special characters	2020-03-09 12:29:47 +00:00
Asger Feldthaus	6c1f98a5ae	JS: Update vague variable name	2020-03-09 11:58:38 +00:00
Tom Hvitved	a2269158df	C#: Ignore `dotnet clean` exit code in autobuilder	2020-03-09 12:00:28 +01:00
Calum Grant	250afda7da	Merge pull request #2831 from hvitved/csharp/local-function-fresh-label C#: Generate fresh TRAP ID for local functions	2020-03-09 10:46:45 +00:00
Anders Schack-Mulligen	a2bbacf58d	Java/C++/C#: Fix performance issue in partial paths exploration.	2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen	4298a3a931	Java: Add test.	2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen	f491fcd5ae	Java/C++/C#: Sync.	2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen	7a74634cfd	Java/C++/C#: Simplify.	2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen	cf84a53573	Java/C++/C#: Fix bug in type pruning.	2020-03-09 11:04:24 +01:00
Erik Krogh Kristensen	0f0187d585	move `Array.from` to ArrayCreationNode	2020-03-09 10:26:21 +01:00
Erik Krogh Kristensen	dc4e361d75	add data-flow steps for arrays	2020-03-09 09:53:08 +01:00
Erik Krogh Kristensen	8e3cf5c9c8	add test for data-flow on arrays	2020-03-09 09:25:17 +01:00
Erik Krogh Kristensen	14740d4ccc	move existing array taint stracking into Arrays.qll	2020-03-09 09:20:45 +01:00
Asger Feldthaus	a9a9c14eea	JS: Change note	2020-03-07 15:15:13 +00:00
Asger Feldthaus	a1d479e975	JS: Declassify sensitive exprs with special characters	2020-03-07 15:15:13 +00:00
Asger Feldthaus	759631ae56	JS: Raise default memory limit to 2.4G	2020-03-07 15:13:53 +00:00
Asger Feldthaus	c55dcf88d5	JS: Improve error reporting	2020-03-07 15:13:52 +00:00
Asger Feldthaus	549d4e9b57	JS: Do not restart in the middle of a message	2020-03-07 15:13:52 +00:00
Asger Feldthaus	e1657b237b	JS: Extract compiler-restarting into a function	2020-03-07 15:13:52 +00:00
Asger Feldthaus	2ef21ea4b8	JS: Only evaluate relevant barrier guards	2020-03-07 15:13:20 +00:00
Asger Feldthaus	fd1a14d3bd	JS: Add qldoc to a private predicate	2020-03-07 15:13:20 +00:00
Asger Feldthaus	eed4204e04	JS: Lift some internal members to private top-level	2020-03-07 15:13:20 +00:00
Ted Reed	a425e5fb5c	Reduce false positives with small heuristics	2020-03-06 23:12:16 -05:00
SpaceWhite	5e912cbf8e	Move directory to experimental	2020-03-07 11:55:32 +09:00
SpaceWhite	8cdc2bb268	Merge branch 'master' into CWE-094	2020-03-07 11:54:31 +09:00
SpaceWhite	b7af1645aa	Move directory to experimental	2020-03-07 11:49:33 +09:00
SpaceWhite	2ec107bc2d	Merge branch 'master' into CWE-643	2020-03-07 11:47:53 +09:00
Rebecca Valentine	2f3967cf5e	Python: Fixes erroneous modernization bug	2020-03-06 18:31:38 -08:00
Rebecca Valentine	3e36c672cf	Python: Removes superfluous cast	2020-03-06 13:06:11 -08:00
Rebecca Valentine	7b49c8e6f8	Python: Fixes bug in modernization	2020-03-06 12:47:46 -08:00
Jonas Jensen	0cd3eb7b7e	C++: Accept test changes Some IR inconsistencies are "fixed" because we no longer translate constant initializers of static locals.	2020-03-06 20:20:47 +01:00
Rasmus Wriedt Larsen	8b2c74a4dd	Python: Modernise remaining Security/*.qll files	2020-03-06 17:30:02 +01:00
Rasmus Wriedt Larsen	14957345a3	Python: Fix formatting of isLegalExceptionType	2020-03-06 17:27:50 +01:00

... 175 176 177 178 179 ...

19777 Commits