hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 15:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
a47b1dc774 JS: recognize Express header access with dynamic name 2018-09-26 08:22:21 +01:00
Esben Sparre Andreasen
097a2811e1 JS: change notes for AdHocWhitelistCheckSanitizer 2018-09-26 09:20:40 +02:00
Esben Sparre Andreasen
52061b35d8 JS: address review comments: improve regex, limit sanitizer usage 2018-09-26 09:20:07 +02:00
Asger F
e78a4e9f10 JS: update output from other Express tests 2018-09-26 07:58:44 +01:00
Asger F
ce11b5330d JS: recognize Express headers as RequestInputAccess 2018-09-26 07:58:44 +01:00
Geoffrey White
9c219b958c Merge pull request #225 from sauyon/sizeofcheck 
Allow void* pointer arithmetic with sizeof
 2018-09-25 22:53:07 +01:00
Aditya Sharad
accacdc9a4 Merge rc/1.18 into next. 2018-09-25 21:59:47 +01:00
Raul Garcia
54493eb990 Merge branch 'master' into master 2018-09-25 10:58:51 -07:00
Raul Garcia
d6d27df27b Removing all usage of single quotes 2018-09-25 10:50:34 -07:00
Aditya Sharad
28329562a7 Merge rc/1.18 into master. 2018-09-25 14:31:45 +01:00
Max Schaefer
0e63ea1b51 JavaScript: Update tests. 2018-09-25 11:27:12 +01:00
Max Schaefer
659c67c715 JavaScript: Produce friendlier message for empty-string replacements. 2018-09-25 11:27:12 +01:00
Max Schaefer
5fb22ba021 JavaScript: Handle zero-width assertions and sequences. 2018-09-25 11:27:12 +01:00
Max Schaefer
ec9a3c87a7 JavaScript: Do not flag case-insensitive replace. 2018-09-25 11:27:11 +01:00
Max Schaefer
1ab11109f9 JavaScript: Add new query flagging identity replacements. 2018-09-25 11:27:11 +01:00
Asger F
0936cda0e9 JS: avoid expensive join_rhs in callInputStep 2018-09-25 10:16:40 +01:00
Asger F
52c913b325 JavaScript: cache AdditionalPartialInvokeNode 2018-09-25 10:16:40 +01:00
Asger F
3ca7d6b4bf JavaScript: address comments 2018-09-25 10:16:40 +01:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
Jonas Jensen
3470ebc583 Merge pull request #223 from pavgust/imp/no-instantiation-mentions 
C++ definitions: Ignore type mentions of class inatantiations.
 2018-09-25 09:31:10 +02:00
Jonas Jensen
8f19efe2e8 Merge pull request #211 from raulgarciamsft/users/raulga/HESULT 
Cast between semantically different integer types: HRESULT to/from bool
 2018-09-25 09:01:35 +02:00
Sauyon Lee
614a8ef091 Allow void* pointer arithmetic with sizeof 
Technically this isn't allowed by the C spec, but it's been seen in the wild:
see 3763c7b338/files/src/csp_buffer.c\#x1d04047d2bb68c21:1
 2018-09-24 11:05:40 -07:00
Denis Levin
1438cae362 Correction to the test's expected file as the test was modified. 2018-09-24 10:45:54 -07:00
Geoffrey White
473252632c Merge pull request #221 from jbj/IntMultToLong-char 
C++: Suppress IntMultToLong alert on char-typed numbers
 2018-09-24 18:42:41 +01:00
Raul Garcia
a566ffae4a Fixed the test .expected file 2018-09-24 10:18:39 -07:00
Pavel Avgustinov
fa698380e2 C++ definitions: Ignore type mentions of class inatantiations. 
We currently erroneously keep mentions of class instantiations, which
can lead to bad performance on template-heavy code bases. We never
want to link those anyway, so we can simply suppress them.
 2018-09-24 18:18:30 +01:00
Raul Garcia
c75019726c Removing tabs & reformatting 2018-09-24 10:10:58 -07:00
Raul Garcia
c3b523cdc4 Fixing a missed reference to renamed file. 2018-09-24 10:02:52 -07:00
Geoffrey White
d975c09012 CPP: Change note. 2018-09-24 17:25:34 +01:00
Geoffrey White
4edc54df0c CPP: Use unspecified types everywhere (for simplicity and robustness). 2018-09-24 17:17:41 +01:00
Geoffrey White
b15db5d1e5 CPP: Add a test case that we handle poorly. 2018-09-24 17:17:41 +01:00
Jonas Jensen
a56376a2df C++: rename effectivelyConstant to likelySmall 
This reflects the existing QLDoc better and makes it more clear why it
includes char-typed expressions.
 2018-09-24 14:37:11 +02:00
Jonas Jensen
4d2e4c53f1 C++: Suppress IntMultToLong alert on char 2018-09-24 14:37:09 +02:00
Jonas Jensen
2b5d150829 C++: Test for IntMultToLong on char-typed numbers 2018-09-24 14:36:36 +02:00
semmle-qlci
7f56be6fe2 Merge pull request #216 from asger-semmle/lusca-csrf 
Approved by esben-semmle
 2018-09-24 11:34:24 +01:00
semmle-qlci
46178271d1 Merge pull request #213 from asger-semmle/sendfile 
Approved by xiemaisi
 2018-09-24 11:32:46 +01:00
Esben Sparre Andreasen
42fc28bc55 JS: add ad hoc whitelist checks as sanitizers 2018-09-24 11:17:35 +02:00
Jonas Jensen
d2f11dc18c Merge pull request #209 from dave-bartolomeo/dave/CNewLines 
LF all the things
 2018-09-24 09:02:54 +02:00
Dave Bartolomeo
396d7ea928 Mark several known binary extensions as -text 2018-09-23 16:24:32 -07:00
Dave Bartolomeo
1f36f5552f Normalize all text files to LF 
Use `* text=auto eol=lf`
 2018-09-23 16:24:31 -07:00
Dave Bartolomeo
26abf5d4a2 Force LF for basically everything. 2018-09-23 16:24:31 -07:00
Dave Bartolomeo
aa267c8302 C++: Force LF for .c,.cpp,.h,.hpp 2018-09-23 16:23:52 -07:00
Jonas Jensen
caf4a767ad Merge pull request #219 from geoffw0/resource-not-released 
C++: Exclude placement new from AV Rule 79.ql
 2018-09-22 17:41:36 +02:00
Raul Garcia
242ee10806 Major change in order to support the rule for C as well as cpp 2018-09-21 16:47:31 -07:00
Denis Levin
8152cefa60 Squished changes for HttpToFileAccess commint 2018-09-21 16:44:01 -07:00
Raul Garcia
925c3b51f9 Adding semmle-extractor-options: --microsoft to test 2018-09-21 15:21:07 -07:00
Geoffrey White
492d79ea53 CPP: Change note. 2018-09-21 21:13:37 +01:00
Raul Garcia
1fd7b4ad22 Merge branch 'master' of https://github.com/raulgarciamsft/ql 2018-09-21 13:07:45 -07:00
Raul Garcia
8519f1a9e1 Fixing tabs replaced to spaces 2018-09-21 13:07:39 -07:00
Raul Garcia
c22787293e Update .gitignore 2018-09-21 11:35:43 -07:00