hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-24 03:42:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
2cddb82f10 Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference 
Approved by asger-semmle, esbena
 2019-10-29 08:08:51 +00:00
Jonas Jensen
0b2c2620cd Merge pull request #2184 from dave-bartolomeo/dave/AliasedUse 
C++/C#: Add `AliasedUse` instruction to all functions
 2019-10-29 08:37:57 +01:00
Robert Marsh
8076156cb1 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-10-28 16:50:34 -07:00
Robert Marsh
120fa6c330 C++: alias fixes for ReturnIndirection 2019-10-28 15:09:35 -07:00
Robert Marsh
5e946cc9f3 C++: add param read side effects to IR exit blocks 2019-10-28 15:09:04 -07:00
Geoffrey White
3584c0b2e5 CPP: Speed up InitializationFunctions.qll's getTarget. 2019-10-28 19:54:10 +00:00
Geoffrey White
2d64fedeb0 CPP: Speed up VirtualDispatch.qll's getAViableTarget. 2019-10-28 19:54:10 +00:00
Geoffrey White
c40c88ec4b CPP: Add test cases for ConditionallyUninitializedVariables.ql. 2019-10-28 18:43:00 +00:00
Geoffrey White
d693eb8c20 CPP: Correct the ConditionallyUninitializedVariable examples. 2019-10-28 17:39:45 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
Henning Makholm
ae554cf1e9 Make each upgrade directory a QL pack 2019-10-28 17:14:31 +01:00
Taus
04e3683035 Merge pull request #2194 from RasmusWL/python-improve-getbasetype-qldoc 
Python: Improve qldoc for ClassValue::getABaseType
 2019-10-28 17:07:19 +01:00
Anders Schack-Mulligen
d0842fc35d Java/C++/C#: Minor refactor following review comment. 2019-10-28 16:31:22 +01:00
Jonas Jensen
b13535ac7d C++: Implement DataFlow::BarrierGuard for AST+IR 
The change note is copied from the Java change note.
 2019-10-28 16:22:23 +01:00
Anders Schack-Mulligen
0ffcf9ce64 Merge pull request #2192 from JLLeitschuh/feature/JLL/http_response_splitting_netty 
Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders
 2019-10-28 15:01:20 +01:00
semmle-qlci
70b114b827 Merge pull request #2208 from hvitved/csharp/codeql/no-bundled-nuget 
Approved by p0
 2019-10-28 13:47:50 +00:00
Tom Hvitved
3f5ee5138b C#: Add change notes 2019-10-28 14:22:59 +01:00
Tom Hvitved
eb990525d7 C#: Add precision tags to UnsafeDeserialization[UntrustedInput].ql 2019-10-28 14:19:40 +01:00
Tom Hvitved
b0cf7cb39a C#: Move UnsafeDeserialization.qll 2019-10-28 13:38:53 +01:00
Tom Hvitved
c3f23f542a C#: Add change note 2019-10-28 13:15:20 +01:00
Tom Hvitved
1fc786bea7 C#: Add precision tag to cs/deserialized-delegate 2019-10-28 13:11:10 +01:00
shati-patel
d94b0cab29 Update docs/language/learn-ql/java/introduce-libraries-java.rst 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-10-28 12:05:51 +00:00
semmle-qlci
30a907861b Merge pull request #2193 from max-schaefer/js/autobuilder-exclude-node_modules 
Approved by asger-semmle
 2019-10-28 11:26:51 +00:00
Tom Hvitved
8a08038ff3 C#: Use system-nuget in Autobuilder when SEMMLE_PLATFORM_TOOLS is not set 2019-10-28 10:59:26 +01:00
Geoffrey White
8839bdd688 Merge pull request #1428 from jbj/infinite-loops-visible 
C++: Make cpp/comparison-with-wider-type visible
 2019-10-28 09:49:38 +00:00
Anders Schack-Mulligen
379ef1d2f9 Java: Fix bad magic and join-order. 2019-10-28 10:40:06 +01:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Ziemowit Laski
1500148c76 [CPP-434] Clarify Qhelp. 2019-10-27 11:23:54 -07:00
Erik Krogh Kristensen
b2c31701f3 add documentation to two predicates 2019-10-27 09:12:56 +01:00
Raul Garcia
e44229435c Merge pull request #6 from Semmle/master 
Merge
 2019-10-26 19:05:58 -07:00
Erik Krogh Kristensen
92cebea235 update tests to include empty reciever case 2019-10-27 00:25:59 +02:00
Erik Krogh Kristensen
c6f53199d4 ignore when the reciever is the empty array 2019-10-27 00:24:38 +02:00
Erik Krogh Kristensen
da23898eba update tests 2019-10-26 23:26:45 +02:00
Pavel Avgustinov
d501316c76 Merge pull request #2195 from hmakholm/pr/chain-to-codeql 
codeqlmanifest: explicitly chain to ./codeql if we have it
 2019-10-26 21:55:50 +01:00
Ziemowit Laski
6ee3d7d788 [CPP-434] Address more comments re .cpp test cases. 2019-10-25 15:50:00 -07:00
Ziemowit Laski
7204e13746 [CPP-434] Address comments re .cpp test cases. 2019-10-25 14:37:28 -07:00
Dave Bartolomeo
cc5a689293 C++/C#: Fix up after merge from master 2019-10-25 14:11:34 -07:00
Ziemowit Laski
f964fe8b0e [CPP-434] Address comments regarding .ql and .qhelp. 2019-10-25 14:08:30 -07:00
Dave Bartolomeo
f5e320e988 Merge from master 2019-10-25 13:24:19 -07:00
Dave Bartolomeo
56cbd0c152 C++/C#: Make AliasedUse access only non-local memory 
The `AliasedUse` instruction is supposed to represent future uses of aliased memory after the function returns. Since local variables from that function are no longer allocated after the function returns, the `AliasedUse` instruction should access only the set of aliased locations that does not include locals from the current stack frame.
 2019-10-25 13:10:39 -07:00
Ziemowit Laski
1d052a8e62 [CPP-434] Address comments re change notes. 2019-10-25 13:07:54 -07:00
Jonathan Leitschuh
934eed97df Apply suggestions from code review for netty DefaultHttpHeaders 
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2019-10-25 12:30:16 -04:00
Erik Krogh Kristensen
841dac1aba address review feedback 2019-10-25 17:46:55 +02:00
semmle-qlci
d2f3574427 Merge pull request #2165 from erik-krogh/dosHigh 
Approved by asger-semmle
 2019-10-25 16:28:07 +01:00
Erik Krogh Kristensen
5b26d03f1c introduce backtracking, and also marking join/slice calls 2019-10-25 16:50:09 +02:00
Jonas Jensen
d63cc3d287 Merge remote-tracking branch 'upstream/master' into infinite-loops-visible 
Moved the change note to 1.23.
 2019-10-25 15:44:03 +02:00
Max Schaefer
d4b9beb010 JavaScript: Teach autobuilder not to extract node_modules and bower_components folders. 2019-10-25 14:25:02 +01:00
Max Schaefer
bd6109484d JavaScript: Rename node_modules to vendor in AutoBuildTests. 2019-10-25 14:25:02 +01:00
Max Schaefer
89f68f47a0 JavaScript: Improve type inference for captured variables. 2019-10-25 14:22:24 +01:00