codeql

mirror of https://github.com/github/codeql.git synced 2026-01-22 02:44:45 +01:00

Author	SHA1	Message	Date
Dave Bartolomeo	48e92e2399	Merge pull request #2481 from calumgrant/cs/fix-ir-types C#: Fix some IR types that didn't compile.	2019-12-02 09:42:33 -08:00
Henning Makholm	e441e432ff	Merge pull request #2484 from asger-semmle/typescript-codeql-env-var JS: Make extractor aware of CodeQL env vars	2019-12-02 18:36:45 +01:00
Asger F	f162749044	Merge pull request #2418 from max-schaefer/js/file-locatable JavaScript: Make `File` not extend `Locatable` anymore.	2019-12-02 16:15:14 +00:00
Asger F	f988e9004f	JS: Autoformat FileExtractor.java	2019-12-02 16:06:37 +00:00
Asger F	c931beb853	TS: Make AutoBuild aware of CodeQL env vars	2019-12-02 16:06:27 +00:00
Anders Schack-Mulligen	2f8e92571a	Merge pull request #2483 from hmakholm/pr/move-test remove java test EmptyInterface	2019-12-02 16:18:08 +01:00
Henning Makholm	95c26a51af	remove java test EmptyInterface This is a test of an internal query for the Semmle repository. It cannot run against the public QL repository alone, and therefore should not be tested here. https://git.semmle.com/Semmle/code/pull/35690 adds the test back to the internal repo.	2019-12-02 15:29:42 +01:00
Rasmus Wriedt Larsen	387ab52855	Python: Add zope web tests from internal repo	2019-12-02 14:38:03 +01:00
Calum Grant	c05263ca98	C#: Fix some IR types that didn't compile.	2019-12-02 13:27:58 +00:00
Tom Hvitved	b3990c5a1d	Data flow: Revert reordering changes in `flowStore` and `flowRead`	2019-12-02 14:25:59 +01:00
Tom Hvitved	5baa133e6c	Data flow: Sync files	2019-12-02 13:41:17 +01:00
Max Schaefer	ec2ba735de	JavaScript: Update `Dependencies` library to not rely on `File`s being `Locatable`. Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.	2019-12-02 12:40:49 +00:00
Tom Hvitved	b1245eeac8	Data flow: Various performance tweaks	2019-12-02 13:38:10 +01:00
Nick Rolfe	d293418672	Merge pull request #2478 from jbj/mergeback-20191202 Mergeback from rc/1.23 to master	2019-12-02 12:28:20 +00:00
Calum Grant	fcd13dc595	Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode # Conflicts: # change-notes/1.24/analysis-csharp.md	2019-12-02 12:03:11 +00:00
Erik Krogh Kristensen	ea9d6189de	update expected test outpu	2019-12-02 12:52:39 +01:00
semmle-qlci	ceb9fff70c	Merge pull request #2479 from max-schaefer/localTaintStep Approved by asgerf	2019-12-02 11:35:43 +00:00
semmle-qlci	dc7a0c1b91	Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator Approved by calumgrant	2019-12-02 11:01:35 +00:00
Max Schaefer	aeda2d68f8	JavaScript: Introduce `localTaintStep` predicate. It's sometimes useful for exploratory queries, and the other languages have it as well.	2019-12-02 09:43:08 +00:00
Jonas Jensen	5b24b1efc3	Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 Conflicts solved: javascript/extractor/src/com/semmle/js/extractor/Main.java javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js	2019-12-02 09:57:34 +01:00
Erik Krogh Kristensen	c6c1ebe81a	Merge remote-tracking branch 'upstream/master' into typeAheadSink	2019-12-02 08:41:49 +01:00
Paulino Calderon	8026925a3a	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql Added missing quotes. Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:39:50 -05:00
Paulino Calderon	879d34d24d	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp Missing comma. Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:39:29 -05:00
Paulino Calderon	22964cba74	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp Rephrasing. Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:39:04 -05:00
Paulino Calderon	a2dfd551f6	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp built in to built-in Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:38:42 -05:00
Tom Hvitved	c845a1ba91	C#: Improve performance of dispatch library	2019-11-29 15:32:00 +01:00
Jonas Jensen	4494d61e56	Merge pull request #2473 from aschackmull/java/field-flow-rev-read Java/C++/C#: Bugfix for field flow through reverse read.	2019-11-29 14:45:12 +01:00
Calum Grant	a4251f67a2	C#: Analysis change notes.	2019-11-29 10:32:04 +00:00
Calum Grant	30a2620a8c	C#: Tidy up docs, query metadata and add tests.	2019-11-29 10:31:58 +00:00
Tom Hvitved	a062d7d41c	C#: Add regression test	2019-11-29 10:10:24 +01:00
Max Schaefer	f958916c76	Merge pull request #2330 from erik-krogh/exceptionXss JS: Added query for detecting XSS that happens through an exception	2019-11-29 09:04:45 +00:00
semmle-qlci	a40ad9f276	Merge pull request #2456 from felicitymay/1.23/SD-4095-finalize-change-notes-js Approved by erik-krogh, max-schaefer	2019-11-29 08:59:29 +00:00
Anders Schack-Mulligen	333d0a69d2	Java/C++/C#: Bugfix for field flow through reverse read.	2019-11-29 09:38:24 +01:00
Geoffrey White	3477c4a8fb	Update cpp/ql/src/semmle/code/cpp/commons/Alloc.qll Co-Authored-By: Jonas Jensen <jbj@github.com>	2019-11-28 17:30:36 +00:00
Geoffrey White	aae9f88413	CPP: Model 'alloca'.	2019-11-28 17:27:37 +00:00
semmle-qlci	73e08eba43	Merge pull request #2468 from max-schaefer/js/regexp-predecessor Approved by asgerf	2019-11-28 16:57:31 +00:00
Jonas Jensen	763b18cd11	Merge remote-tracking branch 'upstream/master' into StackVariable Conflicts: change-notes/1.24/analysis-cpp.md cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql	2019-11-28 17:51:20 +01:00
Jonas Jensen	d816701e07	Revert "C++: Use StackVariable in Nullness.qll" It looks like allowing statics in `Nullness.qll` is fine since it's a "may be null" analysis rather than a "must be null" analysis. This reverts commit `f5b9837e19`.	2019-11-28 17:44:42 +01:00
Jonas Jensen	d22df24cab	Merge pull request #2467 from geoffw0/speedup1 CPP: Speed up isCompiledAsC.	2019-11-28 17:31:27 +01:00
semmle-qlci	198b3b34a3	Merge pull request #2432 from asger-semmle/install-typescript-deps Approved by max-schaefer	2019-11-28 16:08:46 +00:00
Max Schaefer	7487c79271	JavaScript: Add missing qldoc.	2019-11-28 15:54:52 +00:00
Max Schaefer	47cbf0bf88	JavaScript: Override `Locatable.getLocation()` for `@file`s.	2019-11-28 15:54:03 +00:00
Max Schaefer	a788bf87a0	JavaScript: Fix `RegExpTerm.getPredecessor` and `getSuccessor`. These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching). However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order. Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.	2019-11-28 15:14:50 +00:00
Tom Hvitved	04cecc04dd	C#: Update EntityFrameworkCore test	2019-11-28 15:28:50 +01:00
Paulino Calderon	eeffd7cf8d	Adds CodeQL query to check for Pages validateRequest directive	2019-11-28 14:22:08 +00:00
Tom Hvitved	af453d081e	C#: Only track taint through conversion operators defined in libraries	2019-11-28 15:21:04 +01:00
semmle-qlci	d59ea3d53c	Merge pull request #2466 from esbena/js/fix-mjs-check Approved by asgerf	2019-11-28 13:37:43 +00:00
Taus	20513561a0	Merge pull request #2459 from RasmusWL/python-modernise-TurboGears-library Python: modernise TurboGears library	2019-11-28 14:36:01 +01:00
Tom Hvitved	ba4fb82a08	C#: Add DB upgrade script	2019-11-28 14:30:21 +01:00
Tom Hvitved	b79fc87961	C#: Split up `localvars` database relation into two relations	2019-11-28 14:30:21 +01:00

... 213 214 215 216 217 ...

19777 Commits