github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 594 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

5594 Коммитов

Автор SHA1 Сообщение Дата
Jonas Jensen 473d4d44a3 Add Alistair as code owner for *.qhelp within cpp 2019-06-26 12:10:22 +02:00
Mark Shannon 347e3f3bd0 Python regex: Fix handling of character sets where first character in set is '['. 2019-06-26 10:55:47 +01:00
Asger F 102fd11e8d JS: Change to queries of @kind metric 2019-06-25 22:12:11 +01:00
Taus 76f8da8986
Merge pull request #1484 from markshannon/python-aggressive-pruning 
Python: Use aggressive dead-code elimination when pruning.
 2019-06-25 19:17:44 +02:00
Geoffrey White ac5b62ccff CPP: Update comment in qhelp sample for accuracy and consistency. 2019-06-25 17:26:46 +01:00
Geoffrey White fe315a9a1c CPP: Make things private. 2019-06-25 17:08:35 +01:00
Geoffrey White cb80aa3772 CPP: Rename the classes for time structs. 2019-06-25 16:49:25 +01:00
Geoffrey White 2e31f48a7a CPP: Clean up StructFieldAccess. 2019-06-25 16:43:24 +01:00
Asger F 57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Geoffrey White 66dffdde05 CPP: Correct overuse of 'toString'. 2019-06-25 16:38:16 +01:00
Mark Shannon 6f1399be9b Python: Better handle calls on edge of context. 2019-06-25 16:15:39 +01:00
Tom Hvitved 51d093add0 C#: Address review comments 2019-06-25 17:01:48 +02:00
Mark Shannon 7bbe39ef01 Python: Don't report uninitialized locals in unreachable code. 2019-06-25 15:52:48 +01:00
Geoffrey White bc5fb24371 CPP: Correct overuse of 'matches'. 2019-06-25 15:13:38 +01:00
Geoffrey White ab543aa0eb CPP: QLDoc pass. 2019-06-25 15:12:27 +01:00
Geoffrey White 627fba81ce CPP: Improve wording of UnsafeArrayForDAysOfYear.ql. 2019-06-25 14:42:18 +01:00
Geoffrey White db6e2904a8 CPP: Simplify to 'CrementOperation'. 2019-06-25 14:17:20 +01:00
Geoffrey White 51caee67b0 CPP: Update comment so that it no longer contains (incorrect) line numbers. 2019-06-25 14:15:09 +01:00
Asger F aa4d28028e JS: Add test 2019-06-25 14:15:06 +01:00
Geoffrey White fa1347f7ef CPP: Remove security tags that haven't been justified. 2019-06-25 14:11:56 +01:00
Asger F 71100bb68a JS: Do not require predecessor to be a SourceNode 2019-06-25 14:03:57 +01:00
Jonas Jensen d2f8029625
Merge pull request #1492 from geoffw0/exprnoeffectweak 
CPP: Fix for 'Expression has no effect' on calls to weak functions
 2019-06-25 10:58:28 +02:00
Jonas Jensen de65dc5501
Merge pull request #1490 from geoffw0/leapyeararith 
CPP: Improvements to LeapYear.qll
 2019-06-25 10:46:12 +02:00
Max Schaefer 0fa41f7a21
Merge pull request #1493 from chrisgavin/owasp-cheat-sheet 
JavaScript: Update link to the OWASP XSS prevetion cheat sheet.
 2019-06-24 16:09:02 -07:00
Chris Gavin bce153648e JavaScript: Update link to the OWASP XSS prevetion cheat sheet. 2019-06-24 23:21:14 +01:00
Geoffrey White 6800abdf23 CPP: Change note. 2019-06-24 22:07:55 +01:00
Geoffrey White 9a0645ac0b CPP: Calls to weak functions should be considered impure. 2019-06-24 22:04:12 +01:00
Geoffrey White aee2af7ca1 CPP: Add a test of ExprHasNoEffect.ql with a call to a 'weak' function. 2019-06-24 22:01:46 +01:00
Taus a254a84cca
Merge pull request #1489 from markshannon/python-fix-nested-import-stars 
Python: fix nested import stars
 2019-06-24 17:37:20 +02:00
Geoffrey White 562141759a CPP: Autoformat LeapYear.qll. 2019-06-24 15:20:24 +01:00
Mark Shannon 9bf67e19c2 Python points-to: Fix up some oddities with nested from ... import *. 2019-06-24 15:20:15 +01:00
Geoffrey White 69533a7fd3 CPP: Clean up duplication in Adding365DaysPerYear.ql. 2019-06-24 15:18:29 +01:00
Mark Shannon a917019915 Python: Add failing tests for undefined variable as value and nested 'from import *'. 2019-06-24 14:54:25 +01:00
Geoffrey White 7fca220eda CPP: Fix UncheckedLeapYearAfterYearModification FPs. 2019-06-24 11:21:48 +01:00
Esben Sparre Andreasen 4f9a7d0b71 JS: updated expected output for different SnakeYaml version 2019-06-24 09:24:12 +02:00
Asger F 207ed1e14a JS: Add query for measuring call graph quality 2019-06-24 01:01:13 +01:00
Max Schaefer a417884173 JavaScript: Fix potential null-pointer exception in YAML extractor. 
`ScalarEvent.getStyle()` is documented as returning `null` for plain
scalars, so we need to handle that specially (cf
https://github.com/Semmle/ql/blob/master/javascript/ql/src/semmle/javascript/YAML.qll#L100
for the corresponding code in the library, which expects plain style to
be encoded as zero).
 2019-06-23 21:56:02 +02:00
Geoffrey White cff3f9bdaf CPP: Add another test case based on a real world case. 2019-06-21 17:43:17 +01:00
Mark Shannon 9d6df78d44 Python: Dataflow: Remove IterationDefinition ESSA definition and add iteration assignment to ESSA assignment definition. 
Enhance points-to and taint-tracking to add operational step sequence to next(iter(seq)) in for statement.
 2019-06-21 15:55:27 +01:00
Geoffrey White b1f6294083 CPP: Add a test case where a date is created. 2019-06-21 14:32:44 +01:00
Esben Sparre Andreasen 6885b5cf1f JS: fix yaml StringIndexOutOfBoundsException 2019-06-21 15:18:56 +02:00
Taus 1c91b926a8
Merge pull request #1482 from markshannon/python-fix-odasa-7104 
Backport #1407 to rc/1.21
 2019-06-21 15:05:32 +02:00
Taus 927d72414b
Merge pull request #1483 from markshannon/merge-121 
Merge rc/1.21 into master
 2019-06-21 14:11:07 +02:00
Mark Shannon a5f741e504 Python: Use aggressive dead-code elimination when pruning. 2019-06-21 13:03:36 +01:00
Geoffrey White 09b33bc1a7 CPP: Adjust file name case for consistency. 2019-06-21 12:53:04 +01:00
Geoffrey White 1a7269b206 CPP: Rename the test subdirectories. 2019-06-21 12:51:25 +01:00
semmle-qlci 59dd3b2fb7
Merge pull request #1477 from asger-semmle/ts-debug-failure-in-tsconfig 
Approved by xiemaisi
 2019-06-21 12:45:13 +01:00
Taus 832abc7835
Merge pull request #1473 from markshannon/python-points-to-more-unknowns 
Python: Fix getOperand for 'not' node and make sure it can only point-to a boolean.
 2019-06-21 11:03:23 +02:00
Mark Shannon 26f870bc7f Merge branch 'rc/1.21' into master 2019-06-21 09:52:44 +01:00
Mark Shannon bbf25f3a23 Python points-to. If __all__ is overly complex, treat all 'public' symbols as exported. 2019-06-21 09:47:50 +01:00