hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 23:14:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,680 Branches 158 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
CodeQL CI
58f51899c9 Merge pull request #4173 from erik-krogh/targetBlankFP 
Approved by esbena
 2020-09-04 08:21:22 +01:00
Tom Hvitved
7f18c3377e Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 
C#: Remove assembly prefixes from TRAP labels
 2020-09-04 09:20:39 +02:00
Jonas Jensen
fbe42fb64c C++: Support != constant in range analysis 2020-09-04 09:20:23 +02:00
Jonas Jensen
d061b09fe0 C++: Test showing no support for != and ! 2020-09-04 09:02:42 +02:00
Max Schaefer
cb433a0c0f JavaScript: Add test for custom API-graph entry points. 2020-09-03 22:28:09 +01:00
Max Schaefer
58702e4c52 JavaScript: Rename EntryPoint.getADef to getARhs. 2020-09-03 22:28:09 +01:00
Max Schaefer
f3173ca968 JavaScript: Add a few unit tests for API graphs. 2020-09-03 22:28:09 +01:00
Max Schaefer
985399f4cf JavaScript: Move ApiGraphs library to semmle.javascript and import it from javascript.qll. 2020-09-03 22:28:09 +01:00
Max Schaefer
aaa70e4ad3 JavaScript: Make API-graph edge labels accessible outside ApiGraphs.qll. 2020-09-03 22:28:09 +01:00
Max Schaefer
7239f1fb6f JavaScript: Distinguish more carefully between def and use nodes in API graphs. 
In particular, we now have two different kinds of module features: module definitions and module uses.

For the most part, `API::Definition`s correspond to right-hand sides in the data-flow graph, and `API::Use`s correspond to references. However, module definitions can have references (via the CommonJS `module` variable), and so can their exports (via `module.exports` or `exports`). Note that this is different from references to uses of the module, which are simply imports.
 2020-09-03 22:28:09 +01:00
Mathias Vorreiter Pedersen
b7774b2a82 Merge pull request #4201 from geoffw0/insert 
C++: Model iterator versions of string and vector methods
 2020-09-03 21:45:36 +02:00
Geoffrey White
1d04c89927 C++: Autoformat. 2020-09-03 18:54:36 +01:00
Geoffrey White
5124660831 C++: Change note. 2020-09-03 18:54:27 +01:00
Geoffrey White
2d7552358b C++: Put in a better fix. 2020-09-03 18:51:57 +01:00
Geoffrey White
a1c7fd8fec C++: Remove the workaround for CPP-331. 2020-09-03 18:51:21 +01:00
Geoffrey White
5150bf30e7 C++: Add another test case inspired by CPP-331. 2020-09-03 18:50:11 +01:00
Geoffrey White
1483306c4c C++: Add more tests. 2020-09-03 18:39:50 +01:00
CodeQL CI
f180497554 Merge pull request #4192 from max-schaefer/js/ssa__implicitinit 
Approved by asgerf
 2020-09-03 16:46:56 +01:00
Max Schaefer
d8fbf60cbf JavaScript: Weaken a few types to stay under BDD node limit. 
`SourceNode` in cached layers seems particularly problematic.
 2020-09-03 14:29:04 +01:00
Max Schaefer
e77948103f JavaScript: Remove AdditionalFeature from ApiGraphs. 
I ended up not using it for flow summaries, so at this point it is purely speculative generality. We can reintroduce it later if we need to.
 2020-09-03 14:29:04 +01:00
Max Schaefer
924ef6ae5d Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 14:04:23 +01:00
Rasmus Wriedt Larsen
29bf98ad26 Python: Fix CUSTOM_SOURCE dataflow regression test 2020-09-03 15:03:53 +02:00
Asger Feldthaus
c05f5c1bc2 JS: Change note 2020-09-03 14:02:08 +01:00
Asger Feldthaus
393db73d0a JS: Update test 2020-09-03 14:01:40 +01:00
Asger Feldthaus
bfcc434a61 JS: Use both local and global names in hasQualifiedName 2020-09-03 14:01:13 +01:00
Asger Feldthaus
f7552a77c3 JS: Add metric for number of types with qualified names 2020-09-03 14:01:13 +01:00
Rasmus Wriedt Larsen
febbe1229a Merge branch 'main' into python-more-complete-dataflow-tests 2020-09-03 14:58:20 +02:00
CodeQL CI
c8ffde20f4 Merge pull request #4195 from RasmusWL/python-taint-default-sanitizer 
Approved by tausbn
 2020-09-03 13:55:32 +01:00
Erik Krogh Kristensen
ed54fdcb06 Merge pull request #4118 from dellalibera/js/ldap 
[javascript] CodeQL to detect LDAP Injection
 2020-09-03 14:50:03 +02:00
Erik Krogh Kristensen
d56ea22018 Merge pull request #4200 from erik-krogh/typeaheadInconsistencyComment 
JS: adjust comment about inconsistency for XSS in typeahead
 2020-09-03 13:56:40 +02:00
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Nick Rolfe
b8ae87470d Merge pull request #4182 from github/igfoo/cfg 
C++: Remove some remnants of the extractor CFG
 2020-09-03 12:22:04 +01:00
Geoffrey White
50d9a85143 C++: Update change note. 2020-09-03 10:52:27 +01:00
Geoffrey White
d4cbb25e09 C++: Model std::string constructors and container constructors that use iterators. 2020-09-03 10:52:27 +01:00
Geoffrey White
1ac0aa169d C++: Add a few more test cases. 2020-09-03 10:52:26 +01:00
Geoffrey White
1ad404c605 C++: Extend model to include std::forward_list::insert_after. 2020-09-03 10:52:26 +01:00
Geoffrey White
fcacb22cad C++: Use [] in std::string begin model. 2020-09-03 10:52:26 +01:00
Geoffrey White
95ca4b674d C++: Add model for std::vector::insert. 2020-09-03 10:52:25 +01:00
Geoffrey White
f61c7ffc1a C++: Add support for iterator parameters to std::vector::assign. 2020-09-03 10:52:25 +01:00
Geoffrey White
8e9faac363 C++: Add support for std::vector begin and end. 2020-09-03 10:52:24 +01:00
Geoffrey White
4d47eaa08d C++: Add support for iterator parameters to std::string::assign. 2020-09-03 10:52:24 +01:00
Geoffrey White
98f84646d6 C++: Result changes due to iterators PR, which adds support for std::string begin and end, and iterator parameters to std::string::insert and some similar functions. 2020-09-03 10:52:24 +01:00
Geoffrey White
7917dff843 C++: Add test cases for std::string and std::vector using iterator methods. 2020-09-03 10:52:23 +01:00
Geoffrey White
fcdbe0f512 C++: Add a const conversion constructor to std::iterator in the tests. 2020-09-03 10:52:23 +01:00
Rasmus Wriedt Larsen
9a821bf449 Merge pull request #4 from yoff/RasmusWL-python-more-complete-dataflow-tests 
Python: Annotate test file
 2020-09-03 11:28:42 +02:00
Rasmus Lerchedahl Petersen
aad51af4ce Python: use concrete iterable source 2020-09-03 11:25:41 +02:00
yoff
8997799e4d Merge pull request #1 from RasmusWL/RasmusWL-python-more-complete-dataflow-tests 
Small fixups to your PR to my PR
 2020-09-03 11:14:52 +02:00
Rasmus Wriedt Larsen
b958c3b833 Python: Update comment for test8 2020-09-03 11:13:32 +02:00
CodeQL CI
aa4237c27c Merge pull request #4191 from erik-krogh/v8Syntax 
Approved by esbena
 2020-09-03 09:57:00 +01:00