github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
59 709 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

1667 Коммитов

Автор SHA1 Сообщение Дата
Nick Rolfe f6e5be0af8
cherry-pick 35d31aee onto 1.18 branch 
This changenote was committed after the `rc/1.18 branch` was taken.
 2018-08-31 18:09:39 +01:00
Nick Rolfe 35d31aeefe C++: change note for designated intializer fixes 2018-08-31 13:15:53 +01:00
Max Schaefer 69ca103e06
Merge pull request #115 from esben-semmle/js/composed-function-taint 
JS: model composed functions
 2018-08-31 08:14:18 +01:00
Max Schaefer 7e18426fde
Merge pull request #113 from esben-semmle/js/pick-get-taint-steps 
JS: model property projection calls
 2018-08-31 08:13:40 +01:00
Max Schaefer fabd6c0864
Merge pull request #119 from esben-semmle/js/fix-change-note-libs 
JS: use https- and repo-links in change notes
 2018-08-30 14:23:34 +01:00
Esben Sparre Andreasen b7fd1e7a74 JS: use https- and repo-links in change notes 2018-08-30 14:54:15 +02:00
Esben Sparre Andreasen 6ee8f71d09 JS: add change notes for property projection libraries 2018-08-30 09:39:02 +02:00
Esben Sparre Andreasen c1e6280a0e JS: generalize change notes for improved array operation taint steps 2018-08-30 09:18:48 +02:00
Esben Sparre Andreasen dc72788746 JS: add a model of some function composition libraries 2018-08-30 08:17:01 +02:00
shati-semmle be254ef39a Update analysis-csharp.md 2018-08-29 11:06:27 +01:00
Geoffrey White c82ab3866f CPP: Extend change note. 2018-08-28 16:39:10 +01:00
Geoffrey White 0bd8d9a113 CPP: Spell out increment / decrement in change note. 2018-08-28 16:39:10 +01:00
Geoffrey White eaf4c6e319 CPP: Change notes. 2018-08-28 16:39:10 +01:00
Tom Hvitved d4551e5897
Merge pull request #81 from lukecartey/csharp/zipslip-reformat 
C#: ZipSlip - Rearrange query, add help and update doc
 2018-08-24 09:40:20 +02:00
Luke Cartey 86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Max Schaefer 2187b0c245
Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
calumgrant 7c521708ac
Merge pull request #76 from hvitved/csharp/cfg/generic-splitting 
C#: Generic control flow graph splitting
 2018-08-22 18:18:33 +01:00
Esben Sparre Andreasen fef257b1ec JS: remove emptiness checks from the type confusion `x.length` sinks 2018-08-22 13:25:22 +02:00
semmle-qlci 7e7e30c01c
Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci 7661a98909
Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen 6950bfe915 JS: review fixups in documentation and comments 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen 605695e117 JS: review fixups in documentation 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen 21c895368d JS: change notes for improved inter-procedural type inference 2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen eb356d8d0b
Merge branch 'master' into js/format-string-taint-step 2018-08-21 15:47:31 +02:00
semmle-qlci 6969466202
Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer 
Approved by xiemaisi
 2018-08-21 14:17:20 +01:00
Tom Hvitved bae32659e4 C#: Add change note 2018-08-21 09:11:31 +02:00
Esben Sparre Andreasen f522376217 JS: mention string formatting taint step in change notes 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen be8a32bb18 JS: add sanitizer support for `~whitelist.indexOf(x)` 2018-08-20 20:32:57 +02:00
Luke Cartey 0477bd781a C#: ZipSlip - Add change note. 2018-08-20 16:59:57 +01:00
semmle-qlci 0adeef73ff
Merge pull request #74 from xiemaisi/js/multi-step-export-from 
Approved by asger-semmle
 2018-08-20 12:36:26 +01:00
Max Schaefer b2e304951e
Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00
Max Schaefer a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci 44e4b25f42
Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen 0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Robert Marsh 4698d13a0d JavaScript: add change note 2018-08-17 10:16:51 -07:00
Asger F 7f77acf5f6 TypeScript: add change note 2018-08-17 14:48:53 +01:00
Max Schaefer 303b0a0027 JavaScript: Demote `HeterogenousComparison` to warning level. 2018-08-14 15:54:07 +01:00
Max Schaefer 886329689f JavaScript: Teach `globalVarRef` about top-level `this` and the `global` npm package. 2018-08-14 09:15:15 +01:00
Asger F 587e0f9175 JavaScript: add change note 2018-08-13 13:11:01 +01:00
semmle-qlci c0fe0a1d24
Merge pull request #46 from asger-semmle/html-sanitizers 
Approved by xiemaisi
 2018-08-13 10:16:15 +01:00
semmle-qlci 3d0748c542
Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer 14f14c1f6c JavaScript: Add change note. 2018-08-10 15:59:28 +01:00
semmle-qlci 2478c6e150
Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F 8074786af4 JavaScript: Add change note HTMLSanitizers 2018-08-10 12:36:55 +01:00
Asger Feldthaus 9a7da817b4 Add change note for Extend.qll 2018-08-10 09:56:35 +01:00
Max Schaefer e32dc08cd0
Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00
Max Schaefer 41da997651 JavaScript: Teach `IncompleteSanitization` to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Max Schaefer 854dc0cbeb
Merge pull request #28 from esben-semmle/js/whitelist-empty-functions 
JS: permit some calls with spurious arguments to empty functions
 2018-08-08 14:03:18 +01:00
Esben Sparre Andreasen e1947f04df JS: change alert location for js/incomplete-object-initialization 2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen 4e98ce21b4 JS: permit some calls with spurious arguments to empty functions 2018-08-08 10:13:02 +02:00
semmle-qlci 6fc36f6621
Merge pull request #6 from hvitved/csharp/query/constant-condition 
Approved by calumgrant
 2018-08-08 06:45:07 +01:00
Robert Marsh bad9c9acb6 C++/Doc: remove change notes from a migrated PR 2018-08-07 10:36:20 -07:00
semmle-qlci 4d97570a1a
Merge pull request #17 from xiemaisi/js/rename-unused-var 
Approved by esben-semmle
 2018-08-07 15:01:37 +01:00
semmle-qlci 6533ddfeaf
Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters 
Approved by xiemaisi
 2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen c06edd3745
Merge pull request #15 from xiemaisi/js/call-graph-data-flow 
JavaScript: Lift call graph library to data flow graph.
 2018-08-07 07:56:08 +02:00
Tom Hvitved 579d64cdd6 C#: Add change note 2018-08-06 13:46:00 -07:00
Dave Bartolomeo 797fc0784b
Merge pull request #13 from rdmarsh2/rdmarsh/cpp/change-notes 
C++/Doc: add change notes to github.com ql repo
 2018-08-06 11:37:22 -07:00
Robert Marsh f80fbe8ba0 C++/Doc: fix whitespace error in change notes 2018-08-06 10:16:37 -07:00
Esben Sparre Andreasen fa90c53b43 JS: update change notes for improved js/missing-rate-limiting 2018-08-06 15:15:44 +02:00
Max Schaefer 06f43748b8 JavaScript: Generalize description of `js/unused-local-variable`. 
The query also flags unused imports, functions and classes (which, of course, are just unused variables at the end of the day). This is now made more explicit in the description.
 2018-08-06 09:34:38 +01:00
Max Schaefer 9ba3d80bad JavaScript: Lift call graph library to data flow graph. 2018-08-06 08:34:06 +01:00
Max Schaefer d91218e248
Merge pull request #10 from asger-semmle/json-parsers 
JavaScript: Add model of JSON parsers
 2018-08-06 08:32:26 +01:00
Robert Marsh fd7168a365 C++/Doc: add change notes to github.com ql repo 2018-08-03 10:24:35 -07:00
Asger F 5e88eeb368 Sort change note list 2018-08-03 15:27:45 +01:00
Asger F b102692645 Add change note 2018-08-03 15:27:41 +01:00
Tom Hvitved d05109df76 C#: Update queries in `Bad Practices/Implementation Hiding` 2018-08-03 14:19:58 +02:00
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00