codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Geoffrey White	a5e10a7ae2	C++: More change notes.	2019-12-17 11:56:23 +00:00
Geoffrey White	19835cd11d	C++: Change note.	2019-12-17 10:27:13 +00:00
Geoffrey White	acca39bfc7	C++: Repair following merge.	2019-12-16 14:12:32 +00:00
Geoffrey White	0da826f0c3	Merge branch 'master' into overflowcalc	2019-12-16 13:48:38 +00:00
Calum Grant	a5b2549f6f	Merge pull request #2514 from hvitved/csharp/code-contracts C#: Recognize Code Contract assertions	2019-12-16 13:00:01 +00:00
Geoffrey White	91af51cf46	CPP: Change note.	2019-12-13 16:58:37 +00:00
Tom Hvitved	78f63a3679	C#: Add change note	2019-12-11 16:57:35 +01:00
Calum Grant	3049bf2c85	Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest Adds CodeQL query to check for Pages with disabled built-in validation	2019-12-09 13:05:03 +00:00
yo-h	ed97be459f	Merge pull request #2454 from aschackmull/java/explicit-mul-zero Java: Allow explicit zero multiplication in java/evaluation-to-constant.	2019-12-06 18:13:43 -05:00
Anders Schack-Mulligen	5a2ed9fd81	Java: Add change note.	2019-12-06 11:50:27 +00:00
Calum Grant	59ce8842bb	Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest # Conflicts: # change-notes/1.24/analysis-csharp.md	2019-12-05 15:58:47 +00:00
Calum Grant	73c8888361	Merge pull request #2356 from cldrn/ASPNetRequestValidationMode Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET	2019-12-04 17:02:08 +00:00
Geoffrey White	b752a6c8ed	Merge pull request #2381 from jbj/StackVariable C++: Add StackVariable class, preferred over LocalScopeVariable	2019-12-03 10:35:16 +00:00
semmle-qlci	cfcd18b411	Merge pull request #2429 from erik-krogh/typeAheadSink Approved by esbena	2019-12-03 08:07:25 +00:00
Paulino Calderon	24b2471533	Update change-notes/1.24/analysis-csharp.md tag update Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-12-02 16:44:25 -05:00
Calum Grant	fcd13dc595	Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode # Conflicts: # change-notes/1.24/analysis-csharp.md	2019-12-02 12:03:11 +00:00
semmle-qlci	dc7a0c1b91	Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator Approved by calumgrant	2019-12-02 11:01:35 +00:00
Erik Krogh Kristensen	c6c1ebe81a	Merge remote-tracking branch 'upstream/master' into typeAheadSink	2019-12-02 08:41:49 +01:00
Calum Grant	a4251f67a2	C#: Analysis change notes.	2019-11-29 10:32:04 +00:00
Max Schaefer	f958916c76	Merge pull request #2330 from erik-krogh/exceptionXss JS: Added query for detecting XSS that happens through an exception	2019-11-29 09:04:45 +00:00
semmle-qlci	73e08eba43	Merge pull request #2468 from max-schaefer/js/regexp-predecessor Approved by asgerf	2019-11-28 16:57:31 +00:00
Jonas Jensen	763b18cd11	Merge remote-tracking branch 'upstream/master' into StackVariable Conflicts: change-notes/1.24/analysis-cpp.md cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql	2019-11-28 17:51:20 +01:00
Max Schaefer	a788bf87a0	JavaScript: Fix `RegExpTerm.getPredecessor` and `getSuccessor`. These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching). However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order. Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.	2019-11-28 15:14:50 +00:00
Calum Grant	5833b15f0e	C#: Analysis change notes.	2019-11-27 17:30:02 +00:00
Erik Krogh Kristensen	34e44e89fd	Merge remote-tracking branch 'upstream/master' into typeAheadSink	2019-11-27 15:19:06 +01:00
Erik Krogh Kristensen	9351cd44e4	Merge remote-tracking branch 'githubsemmle/master' into HEAD	2019-11-27 13:45:59 +01:00
semmle-qlci	4916bed9cd	Merge pull request #2433 from asger-semmle/import-js-file Approved by max-schaefer	2019-11-27 10:55:59 +00:00
Erik Krogh Kristensen	6d63d75d87	remove superfluous line break Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>	2019-11-27 10:52:01 +01:00
Erik Krogh Kristensen	b5a57986c6	small changes based on review feedback	2019-11-26 15:57:31 +01:00
Erik Krogh Kristensen	5a0cabb039	Merge remote-tracking branch 'upstream/master' into typeAheadSink	2019-11-26 14:37:40 +01:00
Tom Hvitved	355c4f7154	C#: Add change note	2019-11-26 13:54:19 +01:00
Jonas Jensen	b1745f588c	Merge pull request #2402 from geoffw0/nospace CPP: Make NoSpaceForZeroTerminator.ql more conservative.	2019-11-26 13:36:05 +01:00
Erik Krogh Kristensen	b06acd1ed0	add change note	2019-11-26 12:52:41 +01:00
Erik Krogh Kristensen	0f948339af	add change note	2019-11-26 11:23:30 +01:00
Asger F	e3e15a6015	JS: Rephrase change note	2019-11-25 17:20:42 +00:00
Asger F	2508da7971	JS: Add change note	2019-11-25 17:01:32 +00:00
Geoffrey White	1d233f2f9e	CPP: Change notes for the queries.	2019-11-22 15:27:08 +00:00
Geoffrey White	62008597d4	CPP: Change notes for the library.	2019-11-22 15:27:08 +00:00
Erik Krogh Kristensen	9fc20cd9b0	add change note	2019-11-22 15:58:00 +01:00
Max Schaefer	a3a46bfdc2	JavaScript: Add change note.	2019-11-22 09:27:14 +00:00
semmle-qlci	62859d140d	Merge pull request #2394 from esbena/js/support-getDerivedFromError Approved by max-schaefer	2019-11-22 07:45:45 +00:00
Esben Sparre Andreasen	edb94db6ef	JS: add change notes	2019-11-21 13:20:08 +01:00
Esben Sparre Andreasen	6328a0a8b9	JS: improve FP filter for js/unbound-event-handler-receiver	2019-11-21 13:13:40 +01:00
Geoffrey White	5c855fc925	CPP: Change note.	2019-11-20 15:34:41 +00:00
Jonas Jensen	0731309b1e	C++: Change note for StackVariable	2019-11-19 11:44:03 +01:00
Erik Krogh Kristensen	d4f42d872a	change change-note to target 1.24 instead of 1.23	2019-11-19 11:10:34 +01:00

1 2 3 4 5

246 Commits