codeql

mirror of https://github.com/github/codeql.git synced 2025-12-29 23:26:34 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	2ba7ed4940	Python: Add note about future work for getARequestHandler	2021-01-12 13:32:43 +01:00
Esben Sparre Andreasen	3c9c79a550	JS: remove flow labels from js/resource-exhaustion	2021-01-12 13:20:20 +01:00
Esben Sparre Andreasen	5965035c09	JS: add query js/resource-exhaustion	2021-01-12 13:20:20 +01:00
Rasmus Lerchedahl Petersen	a1ab5cc2b8	Python: start support for nested unpacking	2021-01-12 13:09:12 +01:00
Rasmus Lerchedahl Petersen	9c08467828	Python: add tests for conversion during unpacking	2021-01-12 12:46:51 +01:00
Rasmus Lerchedahl Petersen	4d9f5be2bc	Python: Add more unpacking tests	2021-01-12 12:30:03 +01:00
CodeQL CI	1c8547c897	Merge pull request #4774 from erik-krogh/forms Approved by asgerf	2021-01-12 02:01:38 -08:00
Mathias Vorreiter Pedersen	84f1b11448	Merge branch 'main' into mathiasvp/reverse-read-take-3	2021-01-12 10:37:32 +01:00
Esben Sparre Andreasen	847687974f	JS: only select non-nullable terms in the broken sanitizer	2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen	40cfbab335	JS: address review feedback	2021-01-12 08:49:08 +01:00
ihsinme	bbd3f7631e	Delete test.c sorry i was in a hurry	2021-01-11 23:52:26 +03:00
ihsinme	b92d63d5df	Delete CompilerRemovalOfCodeToClearBuffers.qlref sorry i was in a hurry	2021-01-11 23:51:37 +03:00
ihsinme	05f866e912	Delete CompilerRemovalOfCodeToClearBuffers.expected sorry i was in a hurry	2021-01-11 23:51:18 +03:00
ihsinme	d7a5e61f8e	Delete CompilerRemovalOfCodeToClearBuffers.qhelp sorry i was in a hurry	2021-01-11 23:50:47 +03:00
ihsinme	c38cfcb735	Delete CompilerRemovalOfCodeToClearBuffers.ql sorry i was in a hurry	2021-01-11 23:50:19 +03:00
ihsinme	65ff526eef	Delete CompilerRemovalOfCodeToClearBuffers.c sorry i was in a hurry	2021-01-11 23:49:53 +03:00
ihsinme	ed6d8e3d18	Add files via upload	2021-01-11 23:40:38 +03:00
ihsinme	b185a33157	Add files via upload	2021-01-11 23:39:02 +03:00
Geoffrey White	7409dd015e	C++: Autoformat.	2021-01-11 18:58:32 +00:00
ihsinme	b28444b55c	Update MemoryLeakOnFailedCallToRealloc.ql I thought since there is no work on this PR, I will delete the residual import.	2021-01-11 21:17:49 +03:00
intrigus	85286f362c	Java: Replace global flow by local flow	2021-01-11 19:02:07 +01:00
intrigus-lgtm	722bd4dafa	Java: Revise qhelp	2021-01-11 18:57:24 +01:00
intrigus-lgtm	4cfdb10ddc	Java: Improve QLDoc & simplify code Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-01-11 18:50:43 +01:00
Geoffrey White	1cde5e1828	C++: Test of taint through ConstructorDelegationInit.	2021-01-11 17:35:50 +00:00
CodeQL CI	4bc287e89b	Merge pull request #4933 from madneal/fix-for-predicates Approved by shati-patel	2021-01-11 06:01:33 -08:00
Max Schaefer	f40b406a2d	JavaScript: Address review comments.	2021-01-11 13:53:47 +00:00
Max Schaefer	c9132ca6f8	JavaScript: Refactor `trackUseNode` to avoid bad join order.	2021-01-11 13:53:47 +00:00
Max Schaefer	7a229d9381	JavaScript: Simplify NoSQL framework modelling.	2021-01-11 13:53:47 +00:00
Max Schaefer	b3ab6efd1d	JavaScript: Remove a bindingset annotation.	2021-01-11 13:53:47 +00:00
Max Schaefer	3853da0969	JavaScript: Teach API-graphs about bound arguments.	2021-01-11 13:53:46 +00:00
Max Schaefer	ecab17a626	JavaScript: Teach API graphs to handle `promisify`. Following a suggestion by Asger, we track use nodes through calls to `promisify`. When we see a call to a promisified function, we introduce a new synthetic API-graph node representing the callback argument synthesised by the promisification, and track the result of the call to an `await` (or other promise resolution), which is then considered to be a use of the first parameter of the synthetic callback (the zeroth parameter being an error code, which we do not model yet).	2021-01-11 13:53:46 +00:00
madneal	ee3ffa0700	add extra clarifications in the comments	2021-01-11 21:43:24 +08:00
Esben Sparre Andreasen	2dbd762bd9	JS: reintroduce reverted js/server-crash This reverts commit `0a8d15ccc4`.	2021-01-11 14:13:41 +01:00
Mathias Vorreiter Pedersen	59abcd6dae	Merge pull request #4938 from geoffw0/cpp302 C++: Tidy up old QL headers	2021-01-11 14:12:16 +01:00
intrigus	5c1e746c96	Java: Rename to `EnvReadMethod`	2021-01-11 13:42:08 +01:00
intrigus	1eb2b75389	Java: Further reduce FPs, simply Flag2Guard flow	2021-01-11 13:42:08 +01:00
intrigus	b4692734b2	Java: Add QLDoc improve query message	2021-01-11 13:42:08 +01:00
intrigus-lgtm	f4b912cd8a	Apply suggestions from doc review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-01-11 13:42:08 +01:00
intrigus	e11304a1ca	Java: Autoformat	2021-01-11 13:42:08 +01:00
intrigus-lgtm	b8f3e64a0f	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-01-11 13:42:08 +01:00
intrigus	502e4c39f5	Java: Fix Qhelp	2021-01-11 13:42:08 +01:00
intrigus-lgtm	355cb6eeec	Fix Qhelp format Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-01-11 13:42:07 +01:00
intrigus-lgtm	10fc2cf9f8	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-01-11 13:42:07 +01:00
intrigus	c88f07dde4	Java: Accept test output	2021-01-11 13:42:07 +01:00
intrigus	33b0ff28d8	Java: Update test	2021-01-11 13:42:07 +01:00
intrigus	9e2ef9bd74	Java: Filter results by feature flags. This ignores results that are guarded by a feature flag that suggests an intentionally insecure feature. Inspired by Go's `InsecureFeatureFlag.qll` and `DisabledCertificateCheck.ql`.	2021-01-11 13:42:07 +01:00
intrigus	a62a2e58dd	Java: Improve QL-Doc	2021-01-11 13:42:07 +01:00
intrigus	d98b171998	Java: Make `EnvTaintedMethod` public + QL-Doc	2021-01-11 13:42:07 +01:00
intrigus	e021158b5f	Java: Tighter model of `HostnameVerifier#verify` This more tightly models `HostnameVerifier#verify` previously it was possible to accidentally match other methods called `verify`.	2021-01-11 13:42:07 +01:00
intrigus	0a9df07df7	Apply suggestions from review.	2021-01-11 13:42:07 +01:00

... 24 25 26 27 28 ...

20350 Commits