codeql

mirror of https://github.com/github/codeql.git synced 2026-01-02 09:16:34 +01:00

Author	SHA1	Message	Date
Max Schaefer	be67d5129a	JavaScript: Add QL library support for E4X.	2019-02-24 20:45:41 +00:00
Max Schaefer	5a89024507	JavaScript: Be more lenient about keywords used as identifiers.	2019-02-24 20:45:41 +00:00
Max Schaefer	dbbb961b48	JavaScript: Accept let expressions with an object literal as their body.	2019-02-24 20:45:41 +00:00
Max Schaefer	63ed569724	JavaScript: Recover from missing initializers in const/destructuring declarations.	2019-02-24 20:45:41 +00:00
Max Schaefer	fbf2774bb3	JavaScript: Accept expression-bodied function declarations in experimental mode.	2019-02-24 20:45:41 +00:00
Max Schaefer	a42bec7f44	JavaScript: Accept comments in E4X XML literals (but not in JSX HTML literals).	2019-02-24 20:45:41 +00:00
Max Schaefer	b2366c7a68	JavaScript: Refactor parsing of JSX element content.	2019-02-24 20:45:41 +00:00
Max Schaefer	88be67a4fc	JavaScript: Add support for `for-each-in` comprehensions.	2019-02-24 20:45:41 +00:00
Max Schaefer	d3ae2954ff	JavaScript: Add support for parsing postfix generator comprehensions.	2019-02-24 20:45:41 +00:00
Max Schaefer	bb93cef20a	JavaScript: Refactor parsing of parenthesised expressions.	2019-02-24 20:45:41 +00:00
Max Schaefer	92c8501e67	JavaScript: Refactor parsing of generator/array comprehensions.	2019-02-24 20:45:41 +00:00
Max Schaefer	f3ea810c21	JavaScript: Add parser support for E4X.	2019-02-24 20:45:41 +00:00
Max Schaefer	1ad4867f2a	JavaScript: Make parsing of decorators more restrictive. As per [the proposal](https://tc39.github.io/proposal-decorators/#sec-new-syntax), decorators can only contain identifiers or parenthesised expressions, optionally followed by property accesses and arguments.	2019-02-24 20:45:41 +00:00
Max Schaefer	0635e1ba02	JavaScript: Update change note. I've eliminated the clumsily worded "client-side code" and "server-side code" distinction, not least because Electron fits neither of those categories.	2019-02-23 21:46:39 +00:00
Max Schaefer	c6fc4e4764	JavaScript: Address review comments.	2019-02-23 21:43:13 +00:00
Max Schaefer	e7c95bae49	JavaScript: Add flow steps modelling Electron IPC.	2019-02-23 21:43:13 +00:00
Max Schaefer	a4e4957f31	JavaScript: Model `webContents` property.	2019-02-23 21:43:13 +00:00
Max Schaefer	ff83e600dc	JavaScript: Track Electron browser objects inter-procedurally.	2019-02-23 21:43:13 +00:00
Max Schaefer	d59c12e6eb	JavaScript: Recognise Electron browser objects based on TypeScript types when available.	2019-02-23 21:43:13 +00:00
Max Schaefer	143bb711f9	JavaScript: Slightly restructure Electron `BrowserWindow` class hierarchy.	2019-02-23 21:43:13 +00:00
Max Schaefer	20d41b85de	JavaScript: Delete an unused `package.json` in a test. While this file is part of the project used in the tutorial, it isn't necessary for the queries to work. It also specifies a dependency on a vulnerable version of Express, causing it to be (spuriously) flagged by security scanners.	2019-02-23 13:59:18 +00:00
Max Schaefer	db9ac72e7a	Merge pull request #957 from esben-semmle/js/another-autobinder-model JS: model one more 'autobind' for js/unbound-event-handler-receiver	2019-02-22 20:58:17 +00:00
Max Schaefer	12ed2ca000	Merge pull request #958 from esben-semmle/js/improve-tainted-path JS: add taint steps for fs.realpath and fs.realpathSync	2019-02-22 20:55:39 +00:00
Dave Bartolomeo	70bccf85fc	Merge pull request #970 from jbj/ir-block-count C++: Use the cached getInstructionCount	2019-02-22 10:19:39 -08:00
Raul Garcia	9bb7816a3c	Making changes based on feedback.	2019-02-22 10:10:20 -08:00
Tom Hvitved	116997cf85	Merge pull request #961 from calumgrant/cs/cve-2019-0657 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657	2019-02-22 18:01:58 +01:00
Geoffrey White	315133bbb3	CPP: Change note.	2019-02-22 16:07:48 +00:00
Geoffrey White	dc0044288b	CPP: Add support for some Rtl* functions in BufferAccess.qll.	2019-02-22 15:54:16 +00:00
Felicity Chapman	e34cf86c47	Move support information to QL repository for easier maintenance	2019-02-22 15:21:16 +00:00
Taus	89216208be	Merge pull request #969 from markshannon/python-points-to-speed-up Python: Refactor three predicates to improve join-order.	2019-02-22 15:27:02 +01:00
Calum Grant	cd721f38b8	Merge pull request #967 from hvitved/csharp/ssa/block-precedes-var C#: Use explict recursion in `blockPrecedesVar()`	2019-02-22 14:08:26 +00:00
Calum Grant	e93140d136	Merge pull request #959 from hvitved/csharp/dispose-not-called-on-exc-performance C#: Improve performance of `cs/dispose-not-called-on-throw`	2019-02-22 14:04:48 +00:00
Jonas Jensen	6777c8c13c	C++: Use the cached getInstructionCount The object-oriented `IRBlock` interface was recomputing instruction counts instead of using the cached count that had already been computed.	2019-02-22 14:55:09 +01:00
Calum Grant	1386af46c1	Merge pull request #960 from hvitved/csharp/cache-get-arg C#: Cache `Call::getArgumentForParameter()`	2019-02-22 12:39:55 +00:00
Mark Shannon	d46467f526	Python: Update tests to account for packages having locations.	2019-02-22 12:16:34 +00:00
Mark Shannon	a1820fe4c3	Python: Refactor three predicates to improve join-order.	2019-02-22 11:48:39 +00:00
Geoffrey White	8302ac4644	Merge pull request #965 from evverx/alloca-in-a-loop CPP: add a query for catching alloca in a loop	2019-02-22 11:44:59 +00:00
Taus	69270d0a4e	Merge pull request #963 from markshannon/python-sanity-context-sensitive Python: Make points-to sanity check context sensitive.	2019-02-22 11:50:48 +01:00
Tom Hvitved	74377a28c9	C#: Improve join orders in `DataFlow` module	2019-02-22 09:31:19 +01:00
Jonas Jensen	21573d31f0	Merge pull request #966 from rdmarsh2/rdmarsh/cpp/ir-taint-tracking C++: IR-based taint tracking	2019-02-22 09:16:31 +01:00
Robert Marsh	07cbbdaf9a	C++: accept test output	2019-02-21 17:18:06 -08:00
Robert Marsh	aa97302671	make loads from tainted addresses tainted	2019-02-21 17:17:49 -08:00
Robert Marsh	9a9ec7bb17	C++: add IR-based taint tracking library	2019-02-21 17:09:09 -08:00
Robert Marsh	173ade1336	C++: add arithmetic/bitwise instruction classes	2019-02-21 17:09:08 -08:00
Jonas Jensen	7649e8758b	Merge pull request #846 from geoffw0/returnstack CPP: Improve ReturnStackAllocatedMemory.ql	2019-02-21 22:04:53 +01:00
Esben Sparre Andreasen	6c1b29e4b6	JS: add missing flowstep for unused parameter field initializers	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	6766716867	JS: add PropWrite tests for parameter field initializers	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	bdd8691e65	JS: add type inference for the return value of captured method calls	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	c84d898727	JS: change notes for js/unused-property and js/unused-variable	2019-02-21 21:44:28 +01:00
Esben Sparre Andreasen	8af501d4d5	JS: avoid double reporting dead code with js/unused-variable	2019-02-21 21:44:28 +01:00

... 325 326 327 328 329 ...

19777 Commits