github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 570 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

73 Коммитов

Автор SHA1 Сообщение Дата
Anders Schack-Mulligen 944c082a8d Java: Fix FP in DoubleCheckedLocking.ql 2019-01-17 16:38:25 +01:00
Max Schaefer 89447846f1 JavaScript: Add change note. 2019-01-09 09:24:22 +00:00
semmle-qlci 688647491e
Merge pull request #727 from xiemaisi/js/restructure-sourcenode 
Approved by esben-semmle
 2019-01-09 08:01:26 +00:00
yh-semmle b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
Anders Schack-Mulligen 0a9222b772 Java: Add change note. 2019-01-08 15:50:14 +01:00
Max Schaefer de429752d1 JavaScript: Restructure implementation of `DataFlow::SourceNode`. 
It now uses a facade pattern similar to `InvokeNode`: the range of the class is defined by an abstract class `DataFlow::SourceNode::Range`, while the actual behaviour is defined by the (no longer abstract) `SourceNode` class itself.

Clients that want to add new source nodes need to extend `DataFlow::SourceNode::Range`, those that want to refine the behaviour of existing source nodes should extend `DataFlow::SourceNode` itself.

While this is technically a breaking API change, I think separating the two aspects in this way is cleaner and makes it easier to use, and improves performance as well.
 2019-01-08 08:01:20 +00:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Max Schaefer b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
semmle-qlci 6b27dcabc5
Merge pull request #704 from asger-semmle/ts-binary-exprs 
Approved by esben-semmle
 2019-01-04 08:37:41 +00:00
semmle-qlci 8174fb51ae
Merge pull request #705 from asger-semmle/loop-index-concurrent-modification 
Approved by mc-semmle, xiemaisi
 2019-01-03 17:06:12 +00:00
Asger F 9f22da4557 JS: rename query to "Loop iteration skipped due to shifting" 2019-01-02 11:34:06 +00:00
Esben Sparre Andreasen c57f8a6d6e
Merge pull request #691 from asger-semmle/sendfile-root 
JS: Recognize 'root' option in Express res.sendFile
 2018-12-19 16:06:15 +01:00
semmle-qlci 495a1fcf3b
Merge pull request #698 from asger-semmle/remove-cookie-as-source 
Approved by esben-semmle
 2018-12-19 15:05:44 +00:00
semmle-qlci b11b714152
Merge pull request #696 from esben-semmle/js/host-request-forgery 
Approved by asger-semmle
 2018-12-19 15:04:08 +00:00
Asger F 60ae3e58b8 JS: update change note 2018-12-19 11:26:37 +00:00
Asger F 9440aab3d0 TS: add change note 2018-12-19 10:42:02 +00:00
Asger F f9da1dc03e JS: add change note 2018-12-19 10:25:49 +00:00
Asger F 1246de466a JS: add change note 2018-12-18 13:58:03 +00:00
Asger F e1c25c81f6 JS: add change note 2018-12-17 16:34:35 +00:00
Tom Hvitved e14259126e
Merge pull request #658 from calumgrant/cs/extractor/for-is 
C#: Fix extraction bug for variable declarations in for condition
 2018-12-17 16:16:00 +01:00
Jonas Jensen 5ac5aa0c2a Merge remote-tracking branch 'upstream/master' into mergeback-20181217 2018-12-17 13:42:45 +01:00
Asger F 7adf1d9958
Merge pull request #631 from esben-semmle/js/bad-url-regexing 
JS: add query: js/incomplete-url-regexp
 2018-12-17 11:53:22 +00:00
Tom Hvitved 5f269b2d87
Merge branch 'master' into cs/extractor/for-is 2018-12-17 11:14:50 +01:00
Esben Sparre Andreasen 3cd62234d4 JS: change notes for `js/request-forgery` improvements 2018-12-17 10:33:39 +01:00
Aditya Sharad 7bc729a7dc Merge master into next. 2018-12-14 10:16:47 +00:00
Esben Sparre Andreasen bb3e3a541d JS: address doc review comments 2018-12-14 10:24:30 +01:00
Tom Hvitved b11d5c5075
Merge pull request #679 from calumgrant/cs/omitted-array-size 
C#: Extract stackalloc initializers
 2018-12-14 07:48:46 +01:00
Aditya Sharad f71e5ac338 Merge master into next. 2018-12-13 17:57:31 +00:00
Max Schaefer e194021c3b
Merge pull request #629 from esben-semmle/js/persistent-read-taint 
JS: add persistent storage taint steps
 2018-12-13 08:24:42 +00:00
Max Schaefer 969fe6e4f1
Merge pull request #657 from esben-semmle/js/classify-more-files 
JS: classify additional files
 2018-12-13 08:20:33 +00:00
Aditya Sharad f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
calum 5596bc8827 C#: Add change note. 2018-12-12 16:16:07 +00:00
Max Schaefer 4fc27aaa51
Merge branch 'master' into pseudo-random-bytes 2018-12-12 08:19:57 +00:00
Asger F a01a9dc5cc JS: add crypto.pseudoRandomBytes as source in InsecureRandomness.ql 2018-12-11 16:06:22 +00:00
calum f0fb47cde0 C#: Update change notes. 2018-12-11 10:31:45 +00:00
Esben Sparre Andreasen 36e36a414e JS: change notes for improve file classification 2018-12-11 10:01:54 +01:00
Max Schaefer 4d186e0edc JavaScript: Teach `Unused{Variable,Parameter}` to ignore variables with leading underscore. 2018-12-11 08:50:50 +00:00
Esben Sparre Andreasen 09e7124bb1 JS: update change notes for renamed query 2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen c65c7e700e JS: change notes for js/incomplete-url-regexp 2018-12-10 22:21:01 +01:00
Jonas Jensen a4b3b1e8c8
Merge pull request #653 from geoffw0/ex-ch-notes 
CPP: Additional change notes (for 1.20)
 2018-12-10 16:59:12 +01:00
Geoffrey White 709fd6382a CPP: Change note for #562. 2018-12-10 13:51:15 +00:00
Geoffrey White 6b7337d766 CPP: Change note for #540. 2018-12-10 13:42:17 +00:00
Geoffrey White d3c6d83786 CPP: Change note. 2018-12-07 18:43:27 +00:00
calumgrant 67d4099e3f
Merge pull request #593 from hvitved/csharp/nullness 
C#: Rewrite nullness queries
 2018-12-07 15:57:27 +00:00
semmle-qlci 9e73ed71b9
Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization 
Approved by mc-semmle
 2018-12-06 20:46:37 +00:00
Esben Sparre Andreasen 56fb63adbc JS: change notes for js/incomplete-url-substring-sanitization 2018-12-06 15:53:20 +01:00
semmle-qlci 3397533045
Merge pull request #628 from xiemaisi/js/setUnsafeHTML 
Approved by esben-semmle
 2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen bf048e7e49 JS: change notes for persistent storage taint step and cookie models 2018-12-06 14:53:22 +01:00
Max Schaefer ef347b3870 JavaScript: Teach Xss query about WinJS HTML injection functions. 2018-12-06 09:13:21 +00:00
Geoffrey White f6a87574f0 CPP: Add query ID to change note. 2018-12-05 13:55:46 +00:00