hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 19:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henning Makholm
a44c004ca3 README.md: Don't speak of QL4E anymore 2019-11-15 16:30:36 +01:00
Erik Krogh Kristensen
4073dfaf24 remove redundant code 2019-11-15 16:17:18 +01:00
Erik Krogh Kristensen
d36312cf9f update expected output 2019-11-15 16:08:13 +01:00
Erik Krogh Kristensen
3edd65f9ab changed the exceptional taint-steps to step through each call-site 2019-11-15 16:05:15 +01:00
yh-semmle
810a046428 Merge pull request #2346 from aschackmull/java/rangeanalysis-integral-fix2 
Java: Fix range analysis bug where int was assumed.
 2019-11-15 09:54:48 -05:00
Ian Lynagh
4442fd8407 C++: Accept changes to syntax-zoo tests 2019-11-15 14:42:36 +00:00
Ian Lynagh
2cf714a923 C++: Follow changes in lambda locations 2019-11-15 14:42:36 +00:00
Ian Lynagh
8e00516ecf C++: Accept changes in ir test 2019-11-15 14:42:36 +00:00
Erik Krogh Kristensen
e95cceef1d import all the shared XSS sources and sinks 2019-11-15 15:41:53 +01:00
Calum Grant
f5598db070 Merge pull request #2343 from hvitved/csharp/dataflow/assignment-flow 
C#: Add missing assignment data flow steps
 2019-11-15 14:21:13 +00:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Taus
78109db243 Merge pull request #2181 from RasmusWL/python-modernise-pyramid-library 
Python: modernise pyramid library
 2019-11-15 15:05:44 +01:00
Taus
cb94e7db72 Merge pull request #2140 from RasmusWL/python-fix-flask 
Python: Modernise flask + correctly handle flask.make_response
 2019-11-15 14:55:27 +01:00
Esben Sparre Andreasen
8e8215893f JS: fix mjs check for extensionless files 2019-11-15 14:38:27 +01:00
Erik Krogh Kristensen
65a018ceed use flow labels to avoid dual configurations 2019-11-15 14:37:46 +01:00
Tom Hvitved
20a1cb6fc8 C#: Teach assertion library about (classical) NUnit assertions 
This commit adds support for (classical) NUnit assertions (see
https://github.com/nunit/docs/wiki/Assertions). Modern constraint-based assertions,
such as `Assert.That(o, Is.Not.Null)` are currently not supported, because they
would require a restructuring of the assertion library.
 2019-11-15 14:07:28 +01:00
Erik Krogh Kristensen
f813e06680 Merge pull request #2345 from Semmle/esbena-patch-3 
Update FlowSteps.qll
 2019-11-15 14:04:14 +01:00
Erik Krogh Kristensen
8d2ae136b0 move String.prototype.match taint step to a general AdditionalTaintStep 2019-11-15 12:52:54 +01:00
semmle-qlci
2f63b89941 Merge pull request #2338 from esbena/js/model-get-them-args 
Approved by max-schaefer
 2019-11-15 11:50:45 +00:00
Max Schaefer
217eda374d Merge pull request #2252 from asger-semmle/regexp 
JS: Parse regular expressions from string literals
 2019-11-15 11:47:33 +00:00
Esben Sparre Andreasen
a3deb7d4e0 Update FlowSteps.qll 2019-11-15 12:44:04 +01:00
Asger F
e3b15a98c4 JS: Add prop names for array element pattern PropReads 2019-11-15 11:16:50 +00:00
Tom Hvitved
f9bff172d4 C#: Add missing assignment data flow steps 2019-11-15 11:36:05 +01:00
Tom Hvitved
f8791c884f C#: Add more data flow tests for assignments 2019-11-15 11:30:40 +01:00
Jonas Jensen
7d7d166113 C++: Remove whitespace at end of line 2019-11-15 11:21:08 +01:00
Jonas Jensen
6bdfebea96 C++: Rename i to n1 in all examples 
I see no reason why the Recommendation and Example sections should use
different variable names for the same thing.
 2019-11-15 11:20:00 +01:00
Jonas Jensen
9b89602a86 C++: Make var name in qhelp match source snippet 2019-11-15 11:16:34 +01:00
Calum Grant
aac360463b C#: Tests for default interface methods. 2019-11-15 10:13:04 +00:00
Jonas Jensen
7485cc76b2 C++: Edit Recommendation section 
1. The two last examples were misleading at best. The first of those two
   recommended casting to non-negative `int`s to `unsigned int` and then
   checking if their addition would overflow, but overflow was
   impossible because their sum (on 32-bit two's complement) could be at
   most 2^32 - 2. The second example could lead to the wrong condition
   (unsigned overflow) being checked if taken literally. Instead of
   keeping that example, I reworeded the first paragraph of the
   Recommendation section.
2. The assumptions about `delta` being positive was relaxed to
   non-negative.
3. There was no need to assume that an unsigned short was non-negative.
4. Some of the suggestions were missing `i >`.
 2019-11-15 11:05:00 +01:00
Esben Sparre Andreasen
a6dbf5fbad Update change-notes/1.23/analysis-javascript.md 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 10:43:04 +01:00
Esben Sparre Andreasen
c3fdfdecab JS: rename DefaultParsedCommandLineArgumentsAsSource 2019-11-15 10:40:15 +01:00
Asger F
7a489afdda JS: Add change note 2019-11-15 09:27:21 +00:00
Asger F
66db38266b JS: Add qldoc to HostnameRegexpShared 2019-11-15 09:27:21 +00:00
Asger F
6809eed543 JS: Stats and upgrade script 2019-11-15 09:27:21 +00:00
Asger F
607aed37ee Update javascript/ql/src/semmle/javascript/Expr.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
77e5305b9b Update javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
37aa85fe81 JS: Fix parsing of non-BMP chars before a quantifier 2019-11-15 09:27:21 +00:00
Asger F
8fcf7a265a JS: Remove unused OffsetTranslationBuilder class 2019-11-15 09:27:21 +00:00
Asger F
4d1f7836f2 JS: Check for [^.] 2019-11-15 09:27:21 +00:00
Asger F
a7a90b4b7e JS: Disregard capture groups in lookaround assertions 2019-11-15 09:27:20 +00:00
Asger F
2242df920f JS: More qldoc 2019-11-15 09:27:20 +00:00
Asger F
dc6c15cbb9 Update javascript/ql/src/semmle/javascript/Regexp.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:20 +00:00
Asger F
dd9274e42c JS: Docs regarding regexp terms in string literals 2019-11-15 09:27:20 +00:00
Asger F
c2e0c8cb39 JS: Do not extract string literal types as regexps 2019-11-15 09:27:20 +00:00
Asger F
57a9cad721 JS: Fix offsets of octal and unicode escape 2019-11-15 09:27:20 +00:00
Asger F
4680e3a89a JS: Simplify charpred of Match 2019-11-15 09:27:20 +00:00
Asger F
c01005a610 JS: Remove outdated comment 2019-11-15 09:27:20 +00:00
Asger F
e01a9846d8 JS: Update test annotations 2019-11-15 09:27:20 +00:00
Asger F
153d34638b JS: Fix a FP 2019-11-15 09:27:20 +00:00
Asger F
8c5b9b9195 JS: Add missing post-anchor case to MissingRegExpAnchor 2019-11-15 09:27:20 +00:00