hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 03:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
d18808698a adjust qhelp to focus on the execFile API 2020-05-18 12:22:46 +02:00
Esben Sparre Andreasen
aa87008775 JS: typo fixups 2020-05-18 12:19:46 +02:00
Erik Krogh Kristensen
9c294513c7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-18 12:18:20 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Erik Krogh Kristensen
c6276ddd1c update expected output after restricting precise array tracking to Promise.all 2020-05-18 11:49:07 +02:00
James Fletcher
bd6d2d899d Merge pull request #3495 from jf205/java-article-fix 
CodeQL docs: remove stray GH variable
 2020-05-18 10:23:22 +01:00
james
06f465bae7 docs: remove gh variable 2020-05-18 10:12:40 +01:00
Jonas Jensen
cc00f0f584 C++: Move identical declarations to shared.h file 
This cleans up the test results, which were confusing because functions
like `sink` had multiple locations.

There are some additional results now involving casts to `const char *`
because previously it varied whether `sink` used `const`, and now it
always does.
 2020-05-18 10:42:52 +02:00
Asger Feldthaus
a18e0b37cf JS: simplify sequelize model 2020-05-18 09:34:17 +01:00
Asger F
f52c827966 Apply suggestions from code review 
Base type of EscapingSanitizer

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:31:09 +01:00
Asger F
ffb22c061a Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:28:22 +01:00
Erik Krogh Kristensen
bd3c4d4077 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 07:51:19 +00:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
Anders Schack-Mulligen
bd114db862 Java: Add cfg edges for instanceof-pattern. 2020-05-18 09:49:32 +02:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
Erik Krogh Kristensen
8717f7bd0d restrict precise array elements to Promise.all() 2020-05-17 15:58:59 +02:00
Erik Krogh Kristensen
2d6e3a5784 support outdir in tsconfig.json 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
dfdecf1450 add change note 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
c8cf958c8a add test cases for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
59001bbdf4 add qhelp for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
5e647da0de add js/shell-command-constructed-from-input query 2020-05-17 10:32:15 +02:00
luchua-bc
6c24f36068 Java: CWE-297 insecure JavaMail SSL configuration 2020-05-17 02:43:26 +00:00
Erik Krogh Kristensen
a1a6826278 support non-SourceNode in IndirectCommandArgument#argumentList 2020-05-16 23:15:37 +02:00
Erik Krogh Kristensen
a6cd91bb49 add support for mz/fs and mz/child_process 2020-05-16 23:15:33 +02:00
Erik Krogh Kristensen
bb8905b46e add "valid" to the AdHocWhitelistCheckSanitizer 2020-05-16 22:43:36 +02:00
semmle-qlci
8d41ce1630 Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Mathias Vorreiter Pedersen
a42d80aa14 Merge pull request #3481 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Allow memory operands to lack a definition
 2020-05-16 11:53:00 +02:00
Asger Feldthaus
897a3e39c9 JS: Autoformat 2020-05-16 09:37:16 +01:00
Asger Feldthaus
0171c9e10c JS: Autoformat 2020-05-16 09:25:18 +01:00
Asger Feldthaus
d279845a43 JS: Minor fixes 2020-05-16 09:24:53 +01:00
yo-h
4f00e40257 Merge pull request #3474 from aschackmull/java/string-formatted 
Java: Add taint steps for String.formatted.
 2020-05-15 22:04:36 -04:00
yo-h
69ab158910 Merge pull request #3473 from aschackmull/java/switchexpr 
Java: Extend library support for switch expressions.
 2020-05-15 20:46:37 -04:00
Dave Bartolomeo
96c87b309b C++/C#: Use unique to get a better join order 
The previous changes made the optimizer choose a bad join order for the RHS of the antijoin in `addressOperandAllocationAndOffset`. Once again, `unique` to the rescue.
 2020-05-15 17:36:43 -04:00
Erik Krogh Kristensen
e2cd7e6230 more precise taint-tracking for Promise.all 2020-05-15 22:02:41 +02:00
Hector Cuesta
16e39414bc Reword of help file 2020-05-15 18:14:52 +01:00
Asger Feldthaus
435f9ea09f JS: Change note 2020-05-15 17:27:30 +01:00
Asger Feldthaus
5249e84359 JS: Type track spanner model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
d225715828 JS: Type track mssql model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
6dcee5a0ef JS: Type track sqlite model 2020-05-15 17:27:30 +01:00
Asger Feldthaus
84cd02cf01 JS: Type track pg model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
f7771f17d1 JS: Type track mysql model 2020-05-15 17:27:27 +01:00
Asger Feldthaus
3e9849b7c4 JS: Type track sequelize model 2020-05-15 17:27:24 +01:00
Hector Cuesta
ef53e443b7 Fix typo in comment 2020-05-15 17:17:42 +01:00
luchua-bc
4117cd73a7 Add JBoss logging 2020-05-15 16:14:41 +00:00
Geoffrey White
edd09f09cd C++: Add test cases where several specific values are permitted. 2020-05-15 17:01:23 +01:00
Hector Cuesta
a022086498 Add experimental query for Tainted WebClient 2020-05-15 16:30:10 +01:00
Calum Grant
da6c37d7dc C#: Update test output. 2020-05-15 15:40:49 +01:00