github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 692 коммитов 1 541 ветка 130 Теги 480 MiB
Граф коммитов

448 Коммитов

Автор SHA1 Сообщение Дата
Mark Shannon 9f93bf8d17 Python: Fix 'unused import' to no longer give alerts for imported modules used in doctests. 2019-01-18 11:08:53 +00:00
Jonas Jensen f147b63bb8
Merge pull request #654 from geoffw0/lossyresultcast 
CPP: Work on Lossy function result cast query
 2019-01-17 17:07:29 +01:00
Max Schaefer bca941ddf6
Merge pull request #765 from asger-semmle/class-receiver-propagation 
JS: support flow out of "this" in constructor call
 2019-01-16 14:40:19 +00:00
Mark Shannon 65337ef835
Merge pull request #564 from taus-semmle/python-insecure-ssl-version 
Python: Check for insecure versions of SSL and TLS.
 2019-01-16 12:32:30 +00:00
Asger F a1c7f32fb6 JS: change note 2019-01-16 11:14:00 +00:00
Max Schaefer 4a7e0fe104
Merge pull request #766 from asger-semmle/ts-compiler-3.2 
TS: Support TypeScript 3.2
 2019-01-16 08:49:45 +00:00
semmle-qlci 5bc17923b1
Merge pull request #665 from asger-semmle/js-property-concat-sanitizer 
Approved by esben-semmle, xiemaisi
 2019-01-16 08:44:55 +00:00
semmle-qlci cf3a4ac956
Merge pull request #767 from esben-semmle/js/unknown-bound-event-handler-receiver 
Approved by xiemaisi
 2019-01-16 08:36:11 +00:00
semmle-qlci 8655e5ae17
Merge pull request #768 from xiemaisi/js/call-summaries 
Approved by asger-semmle
 2019-01-16 08:35:31 +00:00
Nick Rolfe 371c09d4e5
Merge pull request #740 from ian-semmle/inline_ns 
C++: Add inline namespace support
 2019-01-15 10:00:32 +00:00
Max Schaefer 0877ec845a JavaScript: Add change note. 2019-01-15 09:03:11 +00:00
Asger F 19dab71a6c TS: change note 2019-01-14 18:26:09 +00:00
Asger F ad6add383c JS: improve concatenation-sanitizer for property injection 2019-01-14 15:34:01 +00:00
semmle-qlci 7bb8edd16d
Merge pull request #720 from esben-semmle/js/more-flow-parsing 
Approved by xiemaisi
 2019-01-14 07:58:28 +00:00
Esben Sparre Andreasen 7f5dd1a4e8 JS: change notes for improved js/unbound-event-handler-receiver 2019-01-14 08:48:15 +01:00
Esben Sparre Andreasen 73af2adde0 JS: change notes for improved support for Flow 2019-01-13 22:10:56 +01:00
Esben Sparre Andreasen 9af6a81a58 JS: change note for ODASA-7636 fix 2019-01-11 08:37:01 +01:00
Ian Lynagh 8ce2890824 C++: Add a changenote for Namespace.isInline() 2019-01-10 12:56:16 +00:00
Taus Brock-Nannestad 41836cdf8c Add descriptions and remove leftovers from old change note. 2019-01-09 16:23:02 +01:00
Geoffrey White 45cd030a99 CPP: Change note. 2019-01-09 14:03:28 +00:00
Max Schaefer 89447846f1 JavaScript: Add change note. 2019-01-09 09:24:22 +00:00
semmle-qlci 688647491e
Merge pull request #727 from xiemaisi/js/restructure-sourcenode 
Approved by esben-semmle
 2019-01-09 08:01:26 +00:00
yh-semmle b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
Anders Schack-Mulligen 0a9222b772 Java: Add change note. 2019-01-08 15:50:14 +01:00
Max Schaefer de429752d1 JavaScript: Restructure implementation of `DataFlow::SourceNode`. 
It now uses a facade pattern similar to `InvokeNode`: the range of the class is defined by an abstract class `DataFlow::SourceNode::Range`, while the actual behaviour is defined by the (no longer abstract) `SourceNode` class itself.

Clients that want to add new source nodes need to extend `DataFlow::SourceNode::Range`, those that want to refine the behaviour of existing source nodes should extend `DataFlow::SourceNode` itself.

While this is technically a breaking API change, I think separating the two aspects in this way is cleaner and makes it easier to use, and improves performance as well.
 2019-01-08 08:01:20 +00:00
Taus Brock-Nannestad f9c6b0eedc Add change note for 1.20 2019-01-07 15:35:19 +01:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Max Schaefer b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
semmle-qlci 6b27dcabc5
Merge pull request #704 from asger-semmle/ts-binary-exprs 
Approved by esben-semmle
 2019-01-04 08:37:41 +00:00
semmle-qlci 8174fb51ae
Merge pull request #705 from asger-semmle/loop-index-concurrent-modification 
Approved by mc-semmle, xiemaisi
 2019-01-03 17:06:12 +00:00
Asger F 9f22da4557 JS: rename query to "Loop iteration skipped due to shifting" 2019-01-02 11:34:06 +00:00
Esben Sparre Andreasen c57f8a6d6e
Merge pull request #691 from asger-semmle/sendfile-root 
JS: Recognize 'root' option in Express res.sendFile
 2018-12-19 16:06:15 +01:00
semmle-qlci 495a1fcf3b
Merge pull request #698 from asger-semmle/remove-cookie-as-source 
Approved by esben-semmle
 2018-12-19 15:05:44 +00:00
semmle-qlci b11b714152
Merge pull request #696 from esben-semmle/js/host-request-forgery 
Approved by asger-semmle
 2018-12-19 15:04:08 +00:00
Asger F 60ae3e58b8 JS: update change note 2018-12-19 11:26:37 +00:00
Asger F 9440aab3d0 TS: add change note 2018-12-19 10:42:02 +00:00
Asger F f9da1dc03e JS: add change note 2018-12-19 10:25:49 +00:00
Asger F 1246de466a JS: add change note 2018-12-18 13:58:03 +00:00
Asger F e1c25c81f6 JS: add change note 2018-12-17 16:34:35 +00:00
Tom Hvitved e14259126e
Merge pull request #658 from calumgrant/cs/extractor/for-is 
C#: Fix extraction bug for variable declarations in for condition
 2018-12-17 16:16:00 +01:00
Jonas Jensen 5ac5aa0c2a Merge remote-tracking branch 'upstream/master' into mergeback-20181217 2018-12-17 13:42:45 +01:00
Asger F 7adf1d9958
Merge pull request #631 from esben-semmle/js/bad-url-regexing 
JS: add query: js/incomplete-url-regexp
 2018-12-17 11:53:22 +00:00
Tom Hvitved 5f269b2d87
Merge branch 'master' into cs/extractor/for-is 2018-12-17 11:14:50 +01:00
Esben Sparre Andreasen 3cd62234d4 JS: change notes for `js/request-forgery` improvements 2018-12-17 10:33:39 +01:00
Aditya Sharad 7bc729a7dc Merge master into next. 2018-12-14 10:16:47 +00:00
Esben Sparre Andreasen bb3e3a541d JS: address doc review comments 2018-12-14 10:24:30 +01:00
Tom Hvitved b11d5c5075
Merge pull request #679 from calumgrant/cs/omitted-array-size 
C#: Extract stackalloc initializers
 2018-12-14 07:48:46 +01:00
Aditya Sharad f71e5ac338 Merge master into next. 2018-12-13 17:57:31 +00:00
Aditya Sharad ce8ca5979b Merge rc/1.19 into next. 2018-12-13 12:23:59 +00:00
Max Schaefer e194021c3b
Merge pull request #629 from esben-semmle/js/persistent-read-taint 
JS: add persistent storage taint steps
 2018-12-13 08:24:42 +00:00