github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 286 коммитов 1 533 Ветки 130 Теги 473 MiB
Граф коммитов

12286 Коммитов

Автор SHA1 Сообщение Дата
Esben Sparre Andreasen c6fa88af28 JS: change notes 2020-05-13 12:56:33 +02:00
Esben Sparre Andreasen 9552352d6a JS: address qhelp feedback 2020-05-13 12:53:59 +02:00
Esben Sparre Andreasen 7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen 69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
Esben Sparre Andreasen 344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
Esben Sparre Andreasen 99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Esben Sparre Andreasen 304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Dave Bartolomeo 8e9e3c8919
Merge pull request #3395 from jbj/IRBlock-unique 
C++: Use `unique` aggregate in IRBlock computation
 2020-05-03 07:54:51 -04:00
Jonas Jensen 0a59045dc3 C++: Use `unique` aggregate in IRBlock computation 
This gives a slight speedup, and I think it makes the code shorter and
clearer.

On Wireshark, the time from the beginning of the `IRBlock` stage until
just before evaluation of `getInstruction` drops from 44s to 34s.
 2020-05-03 10:07:09 +02:00
Dave Bartolomeo d8f32e3db5
Merge pull request #3392 from rdmarsh2/rdmarsh/cpp/qldoc-get-ConvertedResultExpression 
C++/C#: improve qldoc on IR get*ResultExpression
 2020-05-02 15:59:08 -04:00
semmle-qlci c66ec3c981
Merge pull request #3380 from asger-semmle/js/cache-amd 
Approved by erik-krogh
 2020-05-02 20:18:22 +01:00
Robert Marsh 83e222e5bd C++/C#: sync files 2020-05-01 14:17:43 -07:00
Robert Marsh 537db53a8d C++/C#: improve qldoc on IR get*ResultExpression 2020-05-01 14:12:44 -07:00
Nick Rolfe 4ce896b856
Merge pull request #3378 from matt-gretton-dann/codeql-c-extractor/49-consteval 
Add support for C++20's consteval specifier
 2020-05-01 17:56:56 +01:00
Geoffrey White c8292e4b8e
Merge pull request #3148 from jbj/minmax-to-unique 
C++: Replace "min = max" with "unique"
 2020-05-01 17:43:32 +01:00
Jonas Jensen 4ec0ae6698
Merge pull request #3388 from geoffw0/cleanupstuff 
C++: Small tidy up
 2020-05-01 17:29:12 +02:00
Jonas Jensen 62c7387a76
Merge pull request #3373 from sj/patch-4 
Update CODEOWNERS to use GitHub team identifiers after repo move
 2020-05-01 17:11:12 +02:00
Mathias Vorreiter Pedersen 2e3463740d
Merge pull request #3382 from jbj/escape-qualifier 
C++: Addresses may escape through call qualifiers
 2020-05-01 16:23:46 +02:00
Mathias Vorreiter Pedersen 37f30d3bd2
Merge pull request #3385 from jbj/dataflow-remove-from-post 
C++: Remove an unneeded local-flow case
 2020-05-01 16:19:04 +02:00
Geoffrey White 9b4884dfaf C++: Backticks. 2020-05-01 14:26:34 +01:00
Geoffrey White 200d7ed360 C++: Remove if-else. 2020-05-01 14:26:34 +01:00
Geoffrey White 4907677351 C++: Try to improve QLDoc on deconstructSizeExpr. 2020-05-01 14:26:33 +01:00
Jonas Jensen 9b9f5248af C++: Accept test changes 
Lambda invocations are apparently const. This was exposed by the fix in
the previous commit.
 2020-05-01 15:23:00 +02:00
Jonas Jensen 36bdcfa42d C++: Remove an unneeded local-flow case 
This case was added in dccc0f4db. The surrounding code has changed a lot
since then, and the case no longer seems to have an effect except to
create some dead ends and possibly cycles in the local flow graph.
 2020-05-01 15:08:15 +02:00
Taus 33f4503ac3
Merge pull request #3213 from RasmusWL/python-iter-str-seq-with-tests 
Python: supress non-useful results (w/ tests) for iter str/seq query
 2020-05-01 11:04:05 +02:00
Taus 40def2af05
Merge pull request #3311 from RasmusWL/python-parse_qs 
Python: Propagate taint through parse_qs
 2020-05-01 10:40:31 +02:00
Jonas Jensen 9fc27e9130 C++: Fix "is constant" check 
The check was supposed to check for constant type, not constant value.
This fixes a false negative that appeared in
`LargeParameter/test.cpp:106`.
 2020-05-01 09:04:31 +02:00
Rasmus Wriedt Larsen e569d7ae41 Merge branch 'master' into python-parse_qs 2020-04-30 17:05:17 +02:00
semmle-qlci 606a1145eb
Merge pull request #3331 from RasmusWL/python-improve-file-taint 
Approved by tausbn
 2020-04-30 13:58:03 +01:00
Jonas Jensen 8ffa124bf9 C++: Addresses may escape through call qualifiers 
Also clarify the docs on `Call` to decrease the likelyhood of such an
omission happening again.

The updated test reflects that `f1.operator()` lets the address of `f1`
escape from the caller.
 2020-04-30 14:27:40 +02:00
Rasmus Wriedt Larsen e0b4518a3e Merge branch 'master' into python-improve-file-taint 2020-04-30 11:24:29 +02:00
Tom Hvitved b03e87f623
Merge pull request #3379 from calumgrant/cs/nullability-warning 
C#: Remove nullability warnings
 2020-04-30 08:38:28 +02:00
semmle-qlci 2b055de4d6
Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Calum Grant 86d032e2ea C#: Remove nullability warning by lifting local function. Warning seems to be caused by a compiler bug. 2020-04-29 15:21:43 +01:00
Matthew Gretton-Dann 7d605095a5 C++: Update expected test results 2020-04-29 14:31:35 +01:00
Matthew Gretton-Dann 5b29a49c73 C++: Add library support for consteval 2020-04-29 14:31:35 +01:00
Anders Schack-Mulligen 29a5ea121a
Merge pull request #2901 from ggolawski/java-spring-boot-actuators 
CodeQL query to detect open Spring Boot actuator endpoints
 2020-04-29 15:10:54 +02:00
Erik Krogh Kristensen 2ef13ef6e8 cousing -> sibling 2020-04-29 14:30:03 +02:00
Nick Rolfe 55301b4b2f
Merge pull request #3074 from matt-gretton-dann/codeql-c-extractor/50-char8_t 
Add support for C++20's char8_t type.
 2020-04-29 12:15:25 +01:00
Mathias Vorreiter Pedersen 8a1d96b313
Merge pull request #3374 from jbj/PartialDefinition-refactor 
C++: Refactor `PartialDefinition` charpred
 2020-04-29 13:03:40 +02:00
Jonas Jensen de3fa8e68b
Merge pull request #3337 from Cornelius-Riemenschneider/alloc-type 
C++: Allocation.qll: Provide getAllocatedElementType predicate for AllocationExprs.
 2020-04-29 11:55:02 +02:00
Anders Schack-Mulligen b6a7ab8bf4
Merge pull request #3372 from aibaars/spring-multipart 
Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource
 2020-04-29 11:35:04 +02:00
Matthew Gretton-Dann a6947e0296 C++: Complete support for char8_t 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann c0d0f7862b C++: Add DB Upgrade script 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann 52670dd956 C++: Update expected test output. 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann 2d898af2fe C++: Add library support for char8_t type. 2020-04-29 10:18:13 +01:00
Matthew Gretton-Dann 79b3a995e9 C++: Add DB support for C++20's char8_t 2020-04-29 10:18:13 +01:00
semmle-qlci 62b7cbfdb4
Merge pull request #3377 from shati-patel/mergeback 
Approved by jf205
 2020-04-29 09:15:04 +01:00
Shati Patel 5c80cd5032 Merge branch 'rc/1.24' into mergeback 2020-04-29 08:05:53 +01:00
semmle-qlci c104898694
Merge pull request #3376 from felicitymay/1.24/SD-57-update-url 
Approved by shati-patel
 2020-04-28 19:49:50 +01:00