hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
5e720486d5 JS: recognize req.query.x as deep object taint 2018-10-10 17:15:56 +01:00
Asger F
d72d7345b8 JS: make NosqlInjection use object taint 2018-10-10 17:05:59 +01:00
Asger F
b70f70f722 JS: Add TaintedObject flow label library 2018-10-10 17:05:59 +01:00
Asger F
396ad336a3 JS: add RemoteFlowSource.isDeepObject() and populate it 2018-10-10 17:05:59 +01:00
Asger F
46b2015065 JS: fix an outdated comment 2018-10-10 17:05:59 +01:00
Asger F
03b479114f JS: preserve document.url label out of .href property 2018-10-10 17:05:59 +01:00
Asger F
ea297dd442 JS: bugfix in handling of custom flow labels 2018-10-10 16:06:44 +01:00
Jonas Jensen
a10c3bcffb C++: Suppress UnsignedGEZero in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-10 17:06:24 +02:00
Jonas Jensen
383dafac5c C++: Test for UnsignedGEZero with templates 2018-10-10 17:04:35 +02:00
Anders Schack-Mulligen
99846474eb QL style guide: Adjust style rules for if-then-else. 2018-10-10 16:42:34 +02:00
Anders Schack-Mulligen
31e1706c98 QL style guide: Address some review comments. 2018-10-10 16:42:34 +02:00
Anders Schack-Mulligen
6feb1d0766 QL style guide: Clarify some outstanding issues. 2018-10-10 16:42:34 +02:00
Esben Sparre Andreasen
6687dfd558 JS: improve model of express' req.sendFile 2018-10-10 15:46:43 +02:00
calum
518c901ddc C#: Merge latest changes. 2018-10-10 14:40:52 +01:00
calum
103d140e71 C#: Migrate extractor to this repository. 2018-10-10 14:40:52 +01:00
Esben Sparre Andreasen
358b6c3413 JS: change "remote request" to "network request" 2018-10-10 15:34:39 +02:00
Esben Sparre Andreasen
e93545d16e JS: address more review comments 2018-10-10 15:28:42 +02:00
Jonas Jensen
3e022ad36f Merge pull request #270 from geoffw0/negindex 
CPP: Improvements to Buffer.qll
 2018-10-10 14:59:41 +02:00
Esben Sparre Andreasen
c885490c7e JS: address review comments 2018-10-10 12:18:30 +02:00
Esben Sparre Andreasen
6b8fd49fba JS: add change notes for two new queries 2018-10-10 12:17:46 +02:00
Esben Sparre Andreasen
0da1ac4d75 JS: naming and documentation cleanup for NodeJS file system accesses 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
64b0d39390 JS: polish HttpToFileAccess.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
df72492f16 JS: polish FileAccessToHttp.qll 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
43f98a7ef8 JS: refactor NodeJSFileSystemRead* to FileStreamRead 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
30f7f41dff JS: refactor NodeJSFileSystemWrite to FileStreamWrite 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
e99b9d34c5 JS: polish characters of NodeJSFileSystemAccess*Call 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
4e4597a24d JS: replace HTTP::RequestBody with ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
0fc56e443e JS: introduce ClientRequest.getADataNode 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
3b2440e850 JS: remove useless externs definitions for tests 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
a3ec739210 JS: restructure FileSystemWriteAccess/FileSystemReadAccess API 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
b00aa36cdc JS: polish HttpToFileAccess.ql 2018-10-10 12:12:54 +02:00
Esben Sparre Andreasen
d261915598 JS: polish FileAccessToHttp.ql 2018-10-10 12:12:54 +02:00
Asger F
74f115fa40 JS: add test case 2018-10-10 10:46:40 +01:00
Asger F
2a87d53db4 JS: Add additional Mongoose/MongoDB sinks 2018-10-10 10:11:18 +01:00
Tom Hvitved
c064b1f41d Merge pull request #103 from lukecartey/csharp/zipslip-update 
C#: ZipSlip - Refine sanitizers
 2018-10-10 10:47:23 +02:00
Asger F
4e7f171f54 JavaScript: do not cache AdditionalPartialInvokeNode 2018-10-10 09:40:49 +01:00
Max Schaefer
8d8148d58e Merge pull request #294 from asger-semmle/canonical-this-source 
JS: Canonicalize 'this' in the data-flow graph
 2018-10-10 08:10:53 +01:00
Max Schaefer
355786c2d8 Merge pull request #296 from esben-semmle/js/more-array-creation 
JS: use DataFlow::ArrayCreationNode in additional places
 2018-10-10 08:10:17 +01:00
yh-semmle
fa3b9a6997 Java: add change note for java/unreachable-catch-clause 2018-10-09 21:31:19 -04:00
yh-semmle
26b630f700 Java: clarify help for java/unreachable-catch-clause 2018-10-09 21:15:51 -04:00
yh-semmle
001b9f8b56 Java: account for generic exceptions in java/unreachable-catch-clause 2018-10-09 21:15:45 -04:00
semmle-qlci
b1ece81e13 Merge pull request #297 from xiemaisi/csharp/line-endings 
Approved by hvitved
 2018-10-09 21:30:05 +01:00
Jonas Jensen
4b59c0cb80 Merge branch 'master' into hresult-boolean-qhelp 2018-10-09 14:56:58 +02:00
Max Schaefer
2d8f424ce8 C#: Convert tests/query-tests/Stubs/Test.cs to Unix line endings. 2018-10-09 13:01:00 +01:00
semmle-qlci
2a9abcbb8c Merge pull request #279 from hvitved/csharp/type-conversion-performance 
Approved by calumgrant
 2018-10-09 10:15:53 +01:00
Jonas Jensen
95abf557ac Merge pull request #292 from hvitved/mergeback-2018-10-08 
Merge master into next
 2018-10-09 11:10:44 +02:00
Tom Hvitved
8df657c9f0 Merge pull request #217 from calumgrant/cs/make_stubs 
C#: Tool to generate stubs for qltests
 2018-10-09 09:59:53 +02:00
Asger F
9fb73f41c9 JS: rename ReactComponent::getAThisAccess -> getAThisNode 2018-10-09 08:54:44 +01:00
Asger F
fd58039753 JS: update additional QL test output 2018-10-09 08:54:14 +01:00
Asger F
e551ff3818 JS: add change note 2018-10-09 08:54:14 +01:00