semmle-qlci
|
48deb30756
|
Merge pull request #2573 from max-schaefer/js/generalise-alert-suppression
Approved by asgerf
|
2020-01-06 10:43:17 +00:00 |
|
Rasmus Wriedt Larsen
|
9b0b0c338f
|
Python: Cleanup overrides tests
|
2020-01-06 10:55:37 +01:00 |
|
Mathias Vorreiter Pedersen
|
7b5dd56009
|
C++: Added .stats file
|
2020-01-06 09:45:58 +01:00 |
|
semmle-qlci
|
5dcc5b3b1e
|
Merge pull request #2581 from erik-krogh/FlowUselessExpr
Approved by max-schaefer
|
2020-01-06 08:33:36 +00:00 |
|
Esben Sparre Andreasen
|
9279bfc8a2
|
JS: add test case for arrow functions with duplicate parameter names
|
2020-01-06 09:21:36 +01:00 |
|
Esben Sparre Andreasen
|
96748ca32e
|
JS: sharpen js/duplicate-parameter-name
|
2020-01-06 08:51:00 +01:00 |
|
Esben Sparre Andreasen
|
5718fbd98a
|
JS: update test
|
2020-01-06 08:33:38 +01:00 |
|
Grzegorz Golawski
|
4ce25c045d
|
Simplify the query
|
2020-01-05 22:05:00 +01:00 |
|
Grzegorz Golawski
|
ab49397bb8
|
Add check for disabled CSRF protection in Spring
|
2020-01-03 21:52:50 +01:00 |
|
Calum Grant
|
41b4d70504
|
C#: Refactor, improve documentation and add tests for cs/serialization-check-bypass
|
2020-01-03 18:46:39 +00:00 |
|
shati-patel
|
9b9d7121e8
|
Merge pull request #2583 from jf205/advanced-ql
CodeQL documentation: reorganize 'Advanced QL' topics
|
2020-01-03 16:02:28 +00:00 |
|
James Fletcher
|
47f61f3569
|
Update docs/language/learn-ql/writing-queries/debugging-queries.rst
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
|
2020-01-03 15:55:14 +00:00 |
|
james
|
537739c42d
|
docs: address review comments
|
2020-01-03 15:31:31 +00:00 |
|
Anders Schack-Mulligen
|
e74aa33f9d
|
Java: Include non-null final fields in clearlyNotNull.
|
2020-01-03 16:24:54 +01:00 |
|
Asger F
|
503bcdc5d7
|
JS: Dont capitalize Promise in prose
|
2020-01-03 14:16:31 +00:00 |
|
Asger F
|
3c601fce74
|
Apply suggestions from code review
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-01-03 14:15:52 +00:00 |
|
Asger F
|
30a8769dad
|
JS: Add more bad promise contexts
|
2020-01-03 14:12:55 +00:00 |
|
Mathias Vorreiter Pedersen
|
e926966e73
|
C++: Added more tests
|
2020-01-03 14:08:12 +01:00 |
|
Mathias Vorreiter Pedersen
|
cea78879b2
|
C++: Rename variables in tests to reflect their types
|
2020-01-03 14:07:19 +01:00 |
|
semmle-qlci
|
dc7863ce29
|
Merge pull request #2579 from asger-semmle/typescript-trace-resolution
Approved by max-schaefer
|
2020-01-03 12:57:43 +00:00 |
|
Jonathan Leitschuh
|
0e2c5db7b1
|
Netty Response Splitting use CompileTimeConstantExpr
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2020-01-03 07:51:55 -05:00 |
|
james
|
23d1e06aa4
|
docs: move abstract classes topic to handbook
|
2020-01-03 12:07:01 +00:00 |
|
james
|
e8016a2303
|
docs: delete equivalence topic
|
2020-01-03 12:07:01 +00:00 |
|
james
|
fe18c18619
|
docs: move folding predicates topic
|
2020-01-03 12:06:55 +00:00 |
|
Asger F
|
4772798d7b
|
JS: do not resolve arbitrary extensions to JavaScript files
|
2020-01-03 11:37:51 +00:00 |
|
Asger F
|
c5f73cb868
|
JS: Add test showing spurious .css import
|
2020-01-03 10:59:10 +00:00 |
|
semmle-qlci
|
29be46169a
|
Merge pull request #2576 from asger-semmle/typescript-cyclic-prop-fallthroughnode
Approved by max-schaefer
|
2020-01-03 10:50:05 +00:00 |
|
Asger F
|
f31d47c66e
|
TS: explain test case
|
2020-01-03 10:48:15 +00:00 |
|
Asger F
|
36546ce7fe
|
TS: Print warning when bailing out of symbol type
|
2020-01-03 10:45:18 +00:00 |
|
Erik Krogh Kristensen
|
c22d3d0b3a
|
add test for block-level flow type annotations
|
2020-01-03 11:07:35 +01:00 |
|
semmle-qlci
|
06d812a6ff
|
Merge pull request #2556 from erik-krogh/RegexpVoidCxt
Approved by max-schaefer
|
2020-01-03 08:38:56 +00:00 |
|
Asger F
|
3a4771c29c
|
TS: Wrap getTypeOfSymbolAtLocation in try/catch
|
2020-01-02 16:55:17 +00:00 |
|
Asger F
|
202746e92d
|
TS: Guard getTypeAtLocation with try/catch
|
2020-01-02 16:31:23 +00:00 |
|
Asger F
|
0388e9ca0c
|
TS: Add regression test
|
2020-01-02 16:28:49 +00:00 |
|
shati-patel
|
564013d188
|
Merge pull request #2578 from jf205/ql-spec-fixes
QL spec: fix bullet list in 'Aggregations' section
|
2020-01-02 15:55:49 +00:00 |
|
james
|
618a3f91d8
|
docs: fix list
|
2020-01-02 15:48:57 +00:00 |
|
Asger F
|
2ca0e7d232
|
TS: Disable output from tracing
|
2020-01-02 15:38:10 +00:00 |
|
Asger F
|
8f478f7caf
|
TS: Add test with traceResolution: true
|
2020-01-02 15:04:30 +00:00 |
|
Mathias Vorreiter Pedersen
|
7dbb191531
|
C++: Improve query precision
|
2020-01-02 15:53:22 +01:00 |
|
Mathias Vorreiter Pedersen
|
cfb839a8f9
|
C++: Add test demonstrating the false positive
|
2020-01-02 15:48:01 +01:00 |
|
James Fletcher
|
f48b8fef20
|
Merge pull request #2575 from shati-patel/qlhb/bindingset
QL HB: Add bindingset example
|
2020-01-02 14:46:21 +00:00 |
|
shati-patel
|
f38ae3c677
|
QL HB: Reword description
Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
|
2020-01-02 14:41:58 +00:00 |
|
Shati Patel
|
94d55e90b0
|
QL HB: Use "real" example
|
2020-01-02 14:25:44 +00:00 |
|
Asger F
|
bcf1533e71
|
TS: Blacklist cyclic property fallthroughFlowNode
|
2020-01-02 14:13:48 +00:00 |
|
Anders Schack-Mulligen
|
7e987c570f
|
Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution
Java: Use of HTTP/FTP to download/upload Maven artifacts
|
2020-01-02 14:47:30 +01:00 |
|
Shati Patel
|
b68f9f7e00
|
QL HB: Add bindingset example
|
2020-01-02 13:06:17 +00:00 |
|
Max Schaefer
|
8d1ad5c5f3
|
JavaScript: Alert suppression through single-line /* */ style comments.
|
2020-01-02 10:45:20 +00:00 |
|
Erik Krogh Kristensen
|
d1a77d6993
|
refactor isInterpretedAsRegExp to directly work on a DataFlow node
|
2020-01-02 11:18:14 +01:00 |
|
Max Schaefer
|
de02bb4a0d
|
JavaScript: Prevent joining on configuration in onPath.
|
2020-01-02 09:49:09 +00:00 |
|
Max Schaefer
|
2a55ba5d4f
|
JavaScript: Fix join order in PathNode.getASuccessor.
|
2020-01-02 09:48:57 +00:00 |
|