codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Cornelius Riemenschneider	0e7a08201f	Address review by Anders.	2019-11-22 12:19:06 +01:00
Cornelius Riemenschneider	5d4b6c3a8c	Nullness: Track correlated conditions of equality tests of variables.	2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider	92f32a12d8	Add tests for nullness tracking by comparing variables.	2019-11-21 19:23:39 +01:00
Cornelius Riemenschneider	3e5324e772	More precise Nullness tracking by taking correlated instanceof expressions into account. Fixes #2238.	2019-11-21 18:38:27 +01:00
Cornelius Riemenschneider	d8aae1c126	Add tests to track nullness by instanceof checks.	2019-11-21 18:38:27 +01:00
Geoffrey White	403899ecbc	Merge pull request #2391 from jbj/CompareWhereAssignMeant-decltype C++: Fix FP for expression SFINAE with decltype	2019-11-20 17:34:09 +00:00
Jonas Jensen	ff96e3a8ea	C++: Also suppress ExprHasNoEffect in declspec etc	2019-11-20 15:44:39 +01:00
semmle-qlci	77c869f528	Merge pull request #2220 from erik-krogh/processEnvTaint Approved by esbena, max-schaefer	2019-11-20 13:16:43 +00:00
Jonas Jensen	4dafa16572	C++: Fix FP on unevaluated code This fixes false positives on tenzir/vast.	2019-11-20 10:42:36 +01:00
Geoffrey White	9cf819929d	Merge pull request #2383 from jbj/field-isStatic C++: Don't check if a Field is static	2019-11-20 09:05:03 +00:00
semmle-qlci	51a51d7e0c	Merge pull request #2387 from max-schaefer/js/incomplete-dotdot-sanitization Approved by asger-semmle	2019-11-19 16:39:35 +00:00
Jonas Jensen	a1af96e521	C++: Reproduce a reported FP	2019-11-19 16:17:49 +01:00
Max Schaefer	5565be14fc	JavaScript: Teach `IncompleteSanitization` to flag incomplete path sanitizers.	2019-11-19 15:06:16 +00:00
Rasmus Wriedt Larsen	b39bcde31c	Merge pull request #2375 from tausbn/python-fix-mutable-value-type-coercion-fp Python: Don't report mutable parameters that are in fact immutable.	2019-11-19 13:26:23 +01:00
Jonas Jensen	fbf2ef8625	C++: Don't check if a Field is static A `Field` in the C++ QL libraries can't be static, but I'd for some reason written two checks for `Field`s being static in the data-flow library.	2019-11-19 13:20:21 +01:00
Rasmus Wriedt Larsen	231414ceaf	Merge pull request #2374 from tausbn/python-fix-mappingproxytype-fp Python: Fix non-container FP relating to `MappingProxyType`.	2019-11-19 13:13:26 +01:00
Jonas Jensen	b43cbeb17f	Merge pull request #2372 from geoffw0/qhelpms CPP: Improve TlsSettingsMisconfiguration qhelp	2019-11-19 13:05:52 +01:00
Erik Krogh Kristensen	0a428a8f44	typo Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>	2019-11-19 13:05:13 +01:00
Erik Krogh Kristensen	d4f42d872a	change change-note to target 1.24 instead of 1.23	2019-11-19 11:10:34 +01:00
Taus	4c700882b6	Merge pull request #2190 from RasmusWL/python-modernise-tornado-library Python: modernise tornado library	2019-11-19 09:36:30 +01:00
Taus Brock-Nannestad	3491d90b1e	Python: Apply auto-format.	2019-11-18 16:50:32 +01:00
Taus Brock-Nannestad	1385f3c018	Python: Fix non-container FP relating to `MappingProxyType`. Fixes #2307. Also modernises the query to use the `Value` API.	2019-11-18 16:50:32 +01:00
Taus Brock-Nannestad	3c47394b7a	Python: Apply auto-format.	2019-11-18 16:28:54 +01:00
Taus Brock-Nannestad	cac261858c	Python: Don't report mutable parameters that are in fact immutable. Fixes #1832. In the taint sink, we add an additional check that the given control-flow node can indeed point to a value that is mutable. This takes care of the guard on the type. If and when we get around to adding configurations for all of the taint analyses, we may want to implement this as a barrier instead, pruning any steps that go through a type test where the type is not mutable.	2019-11-18 16:18:44 +01:00
Calum Grant	b9d1c38753	Merge pull request #2371 from max-schaefer/rc/1.23 Merge rc/1.23 into master	2019-11-18 14:15:31 +00:00
semmle-qlci	ed4657c201	Merge pull request #2340 from hvitved/csharp/nunit-assertions Approved by calumgrant	2019-11-18 13:02:49 +00:00
Nick Rolfe	9828315b6e	Merge pull request #2033 from ian-semmle/edg C++: Changes following EDG upgrade	2019-11-18 12:46:11 +00:00
Geoffrey White	ff15c01ab9	CPP: Comma.	2019-11-18 11:51:54 +00:00
semmle-qlci	34f4b11416	Merge pull request #2368 from asger-semmle/regexp-max-length Approved by max-schaefer	2019-11-18 11:49:46 +00:00
Geoffrey White	9a53706e87	CPP: Reword TlsSettingsMisconfiguration.qhelp.	2019-11-18 11:49:28 +00:00
Geoffrey White	2789c2dbac	CPP: Fix typos.	2019-11-18 11:48:13 +00:00
James Fletcher	21832a8550	Merge pull request #2350 from shati-patel/docs/vscode Docs: Update links to new products	2019-11-18 11:14:53 +00:00
Tom Hvitved	3d1ce55642	C#: Address review comments	2019-11-18 10:53:02 +01:00
Shati Patel	d6a673c91a	Docs: Update links to new products	2019-11-18 09:34:00 +00:00
Asger F	c02863842c	JS: Raise limit to 1000	2019-11-18 08:33:26 +00:00
Jonas Jensen	74ca0e428d	Merge pull request #2334 from rdmarsh2/rdmarsh/cpp/reword-pointeroverflow-qhelp C++: simplify PointerOverflow.qhelp	2019-11-18 08:37:19 +01:00
Asger F	6f15eff954	JS: Cap length of extracted string	2019-11-17 23:06:47 +00:00
Erik Krogh Kristensen	a59a414e0b	update expected output	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	8ff515a58d	address review feedback on MaskingReplacer	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	4ec2070e48	remove property reads on process.env as a taint step, and add a barrier for masking replace calls	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	052a331395	rename ProcessEnvLabel to PartiallySensitiveMap	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	2bd48db8cd	refactor isSanitizerEdge in clear-text-logging	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	92dc759cf9	remove type cast, and fix expected test results	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	850278c62f	some changes based on review. And change to only flag unknown reads of process.env	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	68c30aaef3	add flowlabels to js/clear-text-logging	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	14e4decffa	changes based on review feedback. No flow-labels yet	2019-11-16 15:20:42 +01:00
Erik Krogh Kristensen	1766f6a6d8	simplify global var "process" Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>	2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen	e1039d3a56	change note	2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen	297c71a64b	add process.env as source for js/clear-text-logging	2019-11-16 15:20:41 +01:00
Erik Krogh Kristensen	b12e255fd8	add indirect calls to logging methods as logging methods	2019-11-16 15:20:41 +01:00

1 2 3 4 5 ...

8703 Коммитов Все ветки Поиск

8703 Коммитов

Все ветки