github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 014 коммитов 1 544 Ветки 132 Теги 502 MiB
Граф коммитов

2014 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci 83ccddff7a
Merge pull request #707 from hvitved/csharp/bounded-fast-tc 
Approved by calumgrant
 2018-12-19 19:20:42 +00:00
Esben Sparre Andreasen c57f8a6d6e
Merge pull request #691 from asger-semmle/sendfile-root 
JS: Recognize 'root' option in Express res.sendFile
 2018-12-19 16:06:15 +01:00
semmle-qlci 495a1fcf3b
Merge pull request #698 from asger-semmle/remove-cookie-as-source 
Approved by esben-semmle
 2018-12-19 15:05:44 +00:00
semmle-qlci b11b714152
Merge pull request #696 from esben-semmle/js/host-request-forgery 
Approved by asger-semmle
 2018-12-19 15:04:08 +00:00
calumgrant e15481a622
Merge pull request #702 from hvitved/csharp/remove-deprecated 
C#: Remove deprecated predicates
 2018-12-19 12:10:49 +00:00
Asger F ce18aca62b JS: update expected output 2018-12-19 11:30:46 +00:00
Asger F 60ae3e58b8 JS: update change note 2018-12-19 11:26:37 +00:00
Asger F 78334af354 JS: remove cookie source; rely on persistent flow steps instead 2018-12-19 11:23:51 +00:00
Tom Hvitved e5cbac5c13 C#: Replace a use of `boundedFastTC` with `fastTC` 2018-12-19 11:37:22 +01:00
Asger F f9da1dc03e JS: add change note 2018-12-19 10:25:49 +00:00
Asger F 0e40717358 JS: recognize res.sendfile root option 2018-12-19 10:25:15 +00:00
Asger F f84301e476 JS: add tests with res.sendFile root option 2018-12-19 10:25:15 +00:00
semmle-qlci 595634126f
Merge pull request #706 from asger-semmle/jquery-location-sink 
Approved by esben-semmle
 2018-12-18 21:14:08 +00:00
Asger F 1246de466a JS: add change note 2018-12-18 13:58:03 +00:00
Asger F 7f538e82c0 JS: add test case for non-whitelisted use of location 2018-12-18 13:55:05 +00:00
Asger F 02978c97f1 JS: whitelist $(location) in simple cases 2018-12-18 13:11:42 +00:00
Asger F c17eca90a1 JS: add test case for $(location) 2018-12-18 13:06:12 +00:00
calumgrant b051b7546d
Merge pull request #638 from hvitved/csharp/split-dominance-performance 
C#: Speedup `Assertions::strictlyDominates()` and `ControlFlowElement::controlsBlock()`
 2018-12-18 13:05:36 +00:00
Tom Hvitved edf1df1577 C#: Remove tests for deprecated predicates 2018-12-18 10:43:12 +01:00
semmle-qlci c37d655fe8
Merge pull request #697 from esben-semmle/js/fix-heuristics-compilation-time 
Approved by asger-semmle
 2018-12-18 09:07:36 +00:00
semmle-qlci 7fd1d64d97
Merge pull request #699 from esben-semmle/js/add-lastIndexOf 
Approved by asger-semmle
 2018-12-18 09:07:17 +00:00
Tom Hvitved d9ae5933d4 C#: Remove deprecated predicates 2018-12-17 16:20:41 +01:00
Tom Hvitved e14259126e
Merge pull request #658 from calumgrant/cs/extractor/for-is 
C#: Fix extraction bug for variable declarations in for condition
 2018-12-17 16:16:00 +01:00
Tom Hvitved e822510d6b C#: Fix typo 2018-12-17 15:33:05 +01:00
calumgrant 6648c8414f
Merge pull request #680 from hvitved/csharp/data-flow-performance-tweaks 
C#: Minor data flow performance tweaks
 2018-12-17 14:25:51 +00:00
calumgrant dbd0c7e80a
Merge pull request #674 from hvitved/csharp/cache-get-label 
C#: Cache `NamedElement::getLabel()`
 2018-12-17 14:24:01 +00:00
calumgrant f50d0e373a
Merge pull request #642 from hvitved/csharp/extractor/nullness-refactorings 
C#: nullness related extractor refactorings
 2018-12-17 14:16:51 +00:00
Esben Sparre Andreasen 4a631b42d4 JS: use `.lastIndexOf` in js/incomplete-url-substring-sanitization 2018-12-17 13:22:31 +01:00
Asger F 7adf1d9958
Merge pull request #631 from esben-semmle/js/bad-url-regexing 
JS: add query: js/incomplete-url-regexp
 2018-12-17 11:53:22 +00:00
Tom Hvitved 5f269b2d87
Merge branch 'master' into cs/extractor/for-is 2018-12-17 11:14:50 +01:00
Esben Sparre Andreasen 50cba92f5f JS: remove slow test Security/heuristics/AdditionalCommandInjections 2018-12-17 10:58:46 +01:00
Esben Sparre Andreasen 3cd62234d4 JS: change notes for `js/request-forgery` improvements 2018-12-17 10:33:39 +01:00
Esben Sparre Andreasen c6b4e29b93 JS: add "host" as a sink for `js/request-forgery` 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen 60fe0176ed JS: add ClientRequest::getHost 2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen 3a5962aa34 JS: minor fixups in ClientRequests.qll 2018-12-17 10:32:30 +01:00
Geoffrey White b8877f1d5f
Merge pull request #690 from jbj/prepareQueries-fix-warnings-2 
C++: Delete dead code with warnings in it
 2018-12-14 14:23:19 +00:00
Esben Sparre Andreasen 487b8c52c6
JS: fix <p></p> issue 2018-12-14 13:04:10 +01:00
Jonas Jensen 23a2bf1756 C++: Delete dead code with warnings in it 2018-12-14 10:59:41 +00:00
Tom Hvitved 654f2ae290 C#: Address review comment 2018-12-14 10:38:34 +00:00
Esben Sparre Andreasen bb3e3a541d JS: address doc review comments 2018-12-14 10:24:30 +01:00
semmle-qlci 936094d0b6
Merge pull request #671 from xiemaisi/js/more-unhelpful-magic 
Approved by asger-semmle
 2018-12-14 08:44:45 +00:00
Max Schaefer f9106b3bfe
Merge pull request #685 from asger-semmle/useless-conditional-as-value 
JS: fix FPs in UselessConditional
 2018-12-14 08:44:10 +00:00
semmle-qlci 7f21f145e2
Merge pull request #678 from asger-semmle/function-receiver 
Approved by xiemaisi
 2018-12-14 08:39:04 +00:00
Tom Hvitved b11d5c5075
Merge pull request #679 from calumgrant/cs/omitted-array-size 
C#: Extract stackalloc initializers
 2018-12-14 07:48:46 +01:00
Asger F f737830f18 JS: fix typo 2018-12-13 15:56:00 +00:00
Asger F ae4b55de9a JS: fix FPs in UselessConditional 2018-12-13 15:41:41 +00:00
Geoffrey White b21e832ee2
Merge pull request #683 from jbj/prepareQueries-fix-warnings 
C++: Fix all prepareQueries errors and warnings
 2018-12-13 15:30:44 +00:00
calum 9fba643fb0 C#: Address review comments. 2018-12-13 13:53:58 +00:00
calumgrant 16c065274d
Merge pull request #666 from hvitved/csharp/useless-upcast-performance 
C#: Improve performance of `cs/useless-upcast`
 2018-12-13 12:04:12 +00:00
Jonas Jensen bee2ddaf26 C++: Fix all prepareQueries errors and warnings 
With these changes we can run `odasa prepareQueries --check-only
--fail-on-warnings` on the C++ query directory. Two changes were needed:

1. The `Metrics/queries.xml` file had to be deleted. It existed because
   the built distribution has a different file layout, where `Metrics`
   is moved to the top-level query dir `odasa-cpp-metrics`. Since
   internal PR 28230 this file is created as needed as part of the dist
   build process, so it doesn't need to be checked in with the sources.
2. All uses of the `deprecated` and stubbed-out Objective C classes were
   removed.
 2018-12-13 11:13:50 +00:00