codeql

mirror of https://github.com/github/codeql.git synced 2025-12-30 23:58:15 +01:00

Author	SHA1	Message	Date
Max Schaefer	4860364d91	JavaScript: Add explicit `nodes` query predicate in `PathGraph`. This is needed to correctly handle the case where `edges` is empty.	2018-11-14 09:16:40 +00:00
Max Schaefer	60a1357092	JavaScript: Make all taint-based security queries have `@kind path-problem`.	2018-11-14 09:16:40 +00:00
Max Schaefer	65bcf0f526	JavaScript: Refactor security queries for uniformity.	2018-11-14 09:16:40 +00:00
Max Schaefer	9b4ae9e4d3	JavaScript: Refactor `HostHeaderPoisoningInEmailGeneration` query.	2018-11-14 09:16:40 +00:00
Max Schaefer	c51cd50133	JavaScript: Remove a few unnecessary imports.	2018-11-14 09:16:40 +00:00
semmle-qlci	d83381918d	Merge pull request #458 from xiemaisi/js/more-externs Approved by asger-semmle	2018-11-14 08:31:15 +00:00
Arthur Baars	969c2796a0	Merge pull request #457 from adityasharad/merge/1.18-master-131118 Merge rc/1.18 into master.	2018-11-13 22:25:03 +01:00
yh-semmle	758e74a8f9	Merge pull request #455 from felicity-semmle/java/SD-2779-qhelp-updates Java: Update qhelp for queries with CWE tags (SD-2779)	2018-11-13 14:49:32 -05:00
Max Schaefer	a499009f59	Merge pull request #395 from esben-semmle/js/useless-defensive-code JS: add query: js/useless-defensive-code	2018-11-13 16:55:59 +00:00
Max Schaefer	4fdfbb77cc	Merge pull request #444 from esben-semmle/js/browser-based-client-requests JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 16:53:52 +00:00
Felicity Chapman	c6af79979c	Update for feedback	2018-11-13 16:50:00 +00:00
Felicity Chapman	fe15159756	Update for feedback	2018-11-13 16:34:06 +00:00
Anders Schack-Mulligen	fe8dfeec0d	Java: Add some this-qualifiers.	2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen	411891c303	Java: Don't inherit methods from co-/contra-variant supertypes.	2018-11-13 14:56:22 +01:00
Max Schaefer	96989a1fd6	Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata Eclipse plugins: Remove plugin metadata.	2018-11-13 13:12:49 +00:00
calum	9f04ace4ae	C#: Update change notes.	2018-11-13 10:59:41 +00:00
calum	a5d50fc1db	C#: Handle `in` arguments, and add `AssignableAccess::isInArgument()` predicate.	2018-11-13 10:58:43 +00:00
Aditya Sharad	bc06831d01	Merge rc/1.18 into master.	2018-11-13 10:55:08 +00:00
Esben Sparre Andreasen	daed0653cb	JS: support property tracking of custom abstract values	2018-11-13 11:42:09 +01:00
Esben Sparre Andreasen	1d87c580b3	JS: introduce DefinedCustomAbstractValue	2018-11-13 11:40:31 +01:00
Jonas Jensen	cd874f7982	Merge pull request #454 from geoffw0/move-tests CPP: Move the tests from library-tests/queries	2018-11-13 10:19:56 +01:00
semmle-qlci	86e31a584e	Merge pull request #447 from esben-semmle/js/indirect-sanitization Approved by asger-semmle	2018-11-13 09:14:28 +00:00
Tom Hvitved	17414f0395	Merge pull request #451 from jbj/mergeback-20181112 Mergeback master -> next	2018-11-13 09:52:33 +01:00
Max Schaefer	851e71c7d0	JavaScript: Warn about externs trap cache absence/miss.	2018-11-13 08:41:53 +00:00
Max Schaefer	d9d4051184	JavaScript: Extract auxiliary method.	2018-11-13 08:41:38 +00:00
Max Schaefer	79a6cfdf38	JavaScript: Add generic externs for BDD/TDD-style testing frameworks.	2018-11-13 08:30:35 +00:00
Esben Sparre Andreasen	5666deac14	JS: rename js/useless-defensive-code to js/unneeded-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	1db2e6ca55	JS: add source code examples to docstrings	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	3aae1d17db	JS: avoid two uses of `getChildExpr(0)`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	15123da0b7	JS: minor fixup: only traverse `LogNotExpr`s	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8ea9fd4cca	JS: address review comments	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8b71b25a2a	JS: annotate test file with expected results	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a636319c97	JS: change notes for js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7d4cf49545	JS: fixup double reporting of alerts	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	f440c9221a	JS: replace some `Expr.stripParens` with `Expr.getUnderlyingValue`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	358e6188d9	JS: downgrade other alerts to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	e29c57a58e	JS: add whitelist to js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	b073fcfca2	JS: add query: js/useless-defensive-code	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	7b215ecb2b	JS: recognize defensive programming patterns using `typeof`	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c403416fef	JS: recognize defensive expressions that prevents exceptions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	6e77489a3b	JS: add utilities for expression guards to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a2ecf40878	JS: recognize defensive expressions for null/undefined	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	2b6ef24bc2	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	8086e88587	JS: add utilities to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	a5eeba3c3a	JS: prepare DefensiveProgramming.qll for additions	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	c2fb14640e	JS: move isDefensiveInit to DefensiveProgramming.qll	2018-11-13 08:19:38 +01:00
Esben Sparre Andreasen	37b7b39ec6	JS: change notes for improved js/request-forgery	2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen	577b225429	JS: sort change notes table	2018-11-13 08:17:24 +01:00
Esben Sparre Andreasen	ce0dd241f6	JS: add models of $.ajax, $.getJSON and XMLHttpRequst	2018-11-13 08:14:51 +01:00
semmle-qlci	2f0e693b38	Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options Approved by esben-semmle	2018-11-12 20:32:35 +00:00

... 362 363 364 365 366 ...

19777 Commits