hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
e444fb8bfa Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash 
Python: ObjectAPI to ValueAPI: HashedButNoHash
 2020-02-21 22:19:58 +01:00
Rebecca Valentine
14273fc677 Adds missing result to expected file 2020-02-21 11:25:03 -08:00
Peter Stöckli
e1e03e326b Add query documentation header 2020-02-21 18:22:05 +00:00
Peter Stöckli
9de2be8eba Fix whitespace issues in OpenStream.java 2020-02-21 17:13:04 +00:00
Peter Stöckli
b622e2ae06 Java: Calling openStream on URLs created from remote source can lead to local file disclosure. 2020-02-21 17:51:15 +01:00
Rasmus Wriedt Larsen
bfa7553095 Python: urlsplit sanitizer handles in [KNOWN_VALUE] 2020-02-21 16:03:29 +01:00
mchammer01
b4c72f610a pre-migration tasks: start adding intros 2020-02-21 14:51:38 +00:00
Rasmus Wriedt Larsen
798db91f71 Python: Add more urlsplit tests 2020-02-21 15:51:33 +01:00
Erik Krogh Kristensen
44db0f4e5d better printing of the options arg 2020-02-21 15:39:49 +01:00
Asger Feldthaus
d1df251b92 JS: Proto pollution: Add is-plain-object sanitizer 2020-02-21 14:38:33 +00:00
Erik Krogh Kristensen
90e5671d98 Merge branch 'master' of git.semmle.com:Semmle/ql into CVE481 2020-02-21 15:25:07 +01:00
Rasmus Wriedt Larsen
31ff652cb3 Python: Make Sanitizer available for urlsplit taint 
It isn't used by default, it has to *actively* be enabled.
 2020-02-21 15:18:53 +01:00
Mathias Vorreiter Pedersen
d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
Asger Feldthaus
1ee112a341 JS: Add change note 2020-02-21 13:55:27 +00:00
Asger Feldthaus
a673539c98 JS: Update expected output 2020-02-21 13:51:23 +00:00
Asger Feldthaus
b780bc4d59 JS: Also track into callbacks 2020-02-21 13:51:22 +00:00
Asger Feldthaus
e8e649102f JS: Also propagate out of returns 2020-02-21 13:51:22 +00:00
Asger Feldthaus
8c36b999cc JS: Track flow into calls to bound functions 2020-02-21 13:51:20 +00:00
semmle-qlci
ee5cf95f5b Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
semmle-qlci
e163d8d8c8 Merge pull request #2796 from asger-semmle/js/partial-invoke-receiver 
Approved by esbena
 2020-02-21 13:48:43 +00:00
Rasmus Wriedt Larsen
083dd4380b Python: Add example for how to write your own sanitizer 2020-02-21 14:28:48 +01:00
Erik Krogh Kristensen
75410e5760 big refactor of UselessUseOfCal 2020-02-21 14:26:42 +01:00
Rasmus Wriedt Larsen
e804e98d60 Python: Update change-notes 2020-02-21 14:08:09 +01:00
Mathias Vorreiter Pedersen
da41cbca06 C#: Add similar fix to translation of switch statements in C# 2020-02-21 13:33:54 +01:00
Rasmus Wriedt Larsen
abbc9293db Merge pull request #2891 from tausbn/python-special-operations 
Python: Add AST support for special operations.
 2020-02-21 13:16:22 +01:00
semmle-qlci
382e4bc06a Merge pull request #2895 from max-schaefer/js/improve-param-qldoc 
Approved by asgerf
 2020-02-21 12:01:02 +00:00
mchammer01
6da729c6a6 pre-migration tasks: replace titles 2020-02-21 11:50:37 +00:00
Asger Feldthaus
01fed95fe6 JS: Add change note 2020-02-21 11:49:20 +00:00
Max Schaefer
75495d7aad Update javascript/ql/src/semmle/javascript/Variables.qll 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-02-21 10:06:32 +00:00
Geoffrey White
ad45a4b079 Merge pull request #2890 from nickrolfe/range_based_for 
C++: add more extensive test for desugaring of range-based-for loops
 2020-02-21 09:31:34 +00:00
Erik Krogh Kristensen
6ea14532ab small changes based on review 2020-02-21 10:27:57 +01:00
Max Schaefer
fc4afe6eb2 JavaScript: Improve qldoc for Parameter to clarify that it also contains catch-clause parameters. 2020-02-21 09:14:00 +00:00
Anders Schack-Mulligen
771cb754c2 Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context 
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
 2020-02-21 10:02:06 +01:00
Jonas Jensen
1d786abebd Merge pull request #2881 from rdmarsh2/ir-release-note 
C++/Docs: release notes for IR taint tracking and GVN
 2020-02-21 09:49:16 +01:00
Tom Hvitved
0cc3218115 Merge pull request #2872 from aschackmull/dataflow/pathstep-localflow-join 
Java/C++/C#: Improve join-order in pathStep predicate
 2020-02-21 09:39:17 +01:00
Rebecca Valentine
2b1d9c8d16 Updates last library difference 
I'm not entirely sure if `getLiteralObject` and `getLiteralValue` are equivalent, and there don't see to be library tests for this
 2020-02-20 20:20:56 -08:00
Rebecca Valentine
210387a8be Adds bulk of modernizations 2020-02-20 17:32:42 -08:00
Rebecca Valentine
df7f43ee86 Adds modernization 2020-02-20 17:07:56 -08:00
Rebecca Valentine
2f3ea10cf8 Move the query and examples over to 2/query-tests 2020-02-20 16:31:58 -08:00
Rebecca Valentine
376638e9c0 Move query over to Rasmus's API for NumericValue 2020-02-20 16:18:54 -08:00
Rebecca Valentine
ab1fcb32ae autoformats 2020-02-20 16:17:43 -08:00
Rebecca Valentine
5d9d724d43 Removes conflicting NumericValue definition 2020-02-20 16:17:33 -08:00
Rebecca Valentine
28be3b47fc Replaces name-reference to the class with canonical predicate. 2020-02-20 15:41:51 -08:00
Rebecca Valentine
5acd982d59 Swaps ...obj for ...val 2020-02-20 15:41:51 -08:00
Rebecca Valentine
91ea46f5ee Adds test output. 2020-02-20 15:41:51 -08:00
Rebecca Valentine
115495450d Adds test cases. 2020-02-20 15:41:51 -08:00
Rebecca Valentine
96b8d78650 Adds modernized files. 2020-02-20 15:41:51 -08:00
Mathias Vorreiter Pedersen
780010d8f9 C++/C#: Sync identical files 2020-02-20 22:15:06 +01:00
Mathias Vorreiter Pedersen
6c08783158 C++: Accept output 2020-02-20 22:13:37 +01:00
Mathias Vorreiter Pedersen
4545ad0f93 C++: Add sanity check to Instruction.qll 2020-02-20 22:09:02 +01:00