hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
8402ee8374 JavaScript: Refactor getDefReachingEndOf to improve performance. 2018-10-25 15:31:46 +01:00
Max Schaefer
09ef1a719a JavaScript: Pull out auxiliary predicates to improve join order in liveAfterDef. 2018-10-25 15:31:46 +01:00
Max Schaefer
59bbd025a5 JavaScript: Pull out auxiliary predicate to improve join order in TPhi. 2018-10-25 15:31:46 +01:00
Max Schaefer
d2993b9e04 JavaScript: Model data flow of destructuring assignments more precisely. 2018-10-25 15:31:46 +01:00
Jonas Jensen
354f8bd0ff C++: Test of range analysis 64-bit rounding issue 2018-10-25 16:18:22 +02:00
Geoffrey White
4c6cc3abdb CPP: Change note. 2018-10-25 15:01:00 +01:00
Geoffrey White
2dcec4dce3 CPP: Don't require alloc in memberMayBeVarSize. 2018-10-25 15:01:00 +01:00
Geoffrey White
035823cff0 CPP: Fix array size bug in memberMayBeVarSize. 2018-10-25 15:01:00 +01:00
Ian Lynagh
eef8719a40 C++: Fix AV Rule 85 
We have to be careful to avoid giving alerts to functions that might be
correctly defined, but we can't see the definition as it wasn't
instantiated.
 2018-10-25 14:26:31 +01:00
calum
fde3341455 C#: Addressed documentation review. 2018-10-25 14:18:30 +01:00
calum
448b080d4f C#: Fix typos. 2018-10-25 13:45:46 +01:00
Anders Schack-Mulligen
26bcf4bf5f Java: Add change note. 2018-10-25 14:34:14 +02:00
Anders Schack-Mulligen
42e659c645 Java: Minor fixups. 2018-10-25 14:30:40 +02:00
Pavel Avgustinov
c577f6d9f8 Merge pull request #365 from aschackmull/java/response-splitting-whitelist-cookiename 
Java: Whitelist Cookie::getName for HTTP response splitting.
 2018-10-25 13:18:03 +01:00
Tom Hvitved
a3d74b00e0 C#: Address review comments 2018-10-25 14:15:09 +02:00
Anders Schack-Mulligen
8a27c09447 Java: Add .expected file. 2018-10-25 14:12:50 +02:00
Anders Schack-Mulligen
8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen
1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
Jonas Jensen
5cbfdd1029 C++: Cover more cases of returning *this 2018-10-25 10:41:56 +02:00
Geoffrey White
69785fcae6 CPP: Include offsetof type calculations in memberMayBeVarSize. 2018-10-25 09:09:29 +01:00
Jonas Jensen
d144f0d154 C++: Test for unreachable return statement 
This test shows that the previous fix did not solve the problem where a
bad return statement exists but is unreachable.
 2018-10-25 09:42:15 +02:00
semmle-qlci
cfe0b8803a Merge pull request #332 from raulgarciamsft/users/raulga/c6293a 
Approved by dave-bartolomeo
 2018-10-25 00:59:35 +01:00
Raul Garcia
e1efcb0b26 Update .gitignore 2018-10-24 15:23:40 -07:00
Raul Garcia
a04eb53189 Documentation bug fix. 
Encoding the "<" character
 2018-10-24 15:22:53 -07:00
calum
8cdfb8707c C#: Update change notes. 2018-10-24 17:54:10 +01:00
calum
3041756207 C#: Allow constructor parameters to shadow class members. 2018-10-24 17:48:51 +01:00
calum
5c0b9867f8 C#: Fix violations for cs/local-shadows-member 2018-10-24 17:36:51 +01:00
Nate Nystrom
33ba814551 fixed mixed tabs and spaces 2018-10-24 17:37:18 +02:00
Geoffrey White
ec205e995b CPP: Include sizeof(expr) expressions in isDynamicallyAllocatedWithDifferentSize. 2018-10-24 16:17:04 +01:00
Aditya Sharad
292189c1e0 Merge pull request #347 from xiemaisi/rc/1.18-master-merge 
Mergeback rc/1.18 to master
 2018-10-24 16:03:30 +01:00
Nate Nystrom
d228bd0b13 Fixed compilation error 2018-10-24 15:50:00 +02:00
Nate Nystrom
4ebfb019d8 ref to NumberFormatException.ql 2018-10-24 15:49:25 +02:00
Nate Nystrom
8228b46223 test case for NumberFormatException 2018-10-24 15:48:56 +02:00
Jonas Jensen
3c6bed4de6 C++: FP fix for "operator= doesn't return *this" 2018-10-24 15:44:00 +02:00
Jonas Jensen
47a548f564 C++: FP test for "operator= doesn't return *this" 
This rule should not apply to functions that never return.
 2018-10-24 15:42:39 +02:00
Nate Nystrom
d04fde7157 Fixed compilation error. 2018-10-24 15:27:23 +02:00
Anders Schack-Mulligen
1d716ae461 Java: Add remote user input sources for Spring servlets. 2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen
263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
semmle-qlci
21ff87d6a3 Merge pull request #353 from xiemaisi/js/port-tests 
Approved by asger-semmle, esben-semmle
 2018-10-24 12:47:48 +01:00
Jonas Jensen
fc2b64a8b3 C++: Add C++ analysis team to CODEOWNERS 
We previously removed our entry because the notifications got too noisy,
but we agreed recently in the C++ analysis team to try adding an entry
with just the analysis team and only in the public repository.
 2018-10-24 11:58:37 +02:00
Tom Hvitved
97904eb202 Revert "JavaScript: Patch CFG to improve support for non-top level import declarations." 
This reverts commit f05e777e64.
 2018-10-24 10:45:57 +01:00
Max Schaefer
9a856935db Merge remote-tracking branch 'upstream/rc/1.18' into rc/1.18-master-merge 2018-10-24 10:43:37 +01:00
Max Schaefer
f103b1a371 JavaScript: Copy over a test left in internal repo. 
This test seems to have been accidentally committed into the old location in the internal repo.
 2018-10-24 08:40:54 +01:00
Jonas Jensen
7affbe4a7d Merge pull request #341 from geoffw0/av_114 
CPP: Improve AV Rule 114.ql's understanding of return types.
 2018-10-24 09:39:51 +02:00
Dave Bartolomeo
f278f4fa47 C++: Operands as IPA types 
@rdmarsh2 has been working on various queries and libraries on top of the IR, and has pointed out that having to always refer to an operand of an instruction by the pair of (instruction, operandTag) makes using the IR a bit clunky. This PR adds a new `Operand` IPA type that represents an operand of an instruction. `OperandTag` still exists, but is now an internal type used only in the IR implementation.
 2018-10-23 14:58:44 -07:00
Jonas Jensen
640de0c947 Merge pull request #304 from geoffw0/resource-released 
CPP: Fix false positive in AV Rule 79.ql
 2018-10-23 20:24:23 +02:00
Nate Nystrom
e174ca6ed8 Query for uncaught NumberFormatException 2018-10-23 19:03:15 +02:00
semmledocs-ac
1f390f2f77 Merge pull request #326 from rdmarsh2/rdmarsh/cpp/dead-code-goto 
C++: new query for dead code after goto or break
 2018-10-23 16:55:14 +01:00
Geoffrey White
dda7069890 CPP: Look for destructors in the template. 2018-10-23 13:05:43 +01:00
Geoffrey White
76a5072c8b CPP: Change in results presumed to result from discover_walk extractor changes. 2018-10-23 13:05:43 +01:00