hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

250 Commits

Author SHA1 Message Date
Max Schaefer
f9de1d44ca JavaScript: Add change notes. 2018-11-28 08:16:31 +00:00
Mark Shannon
31ac33e723 Merge pull request #528 from taus-semmle/python-flask-debug 
Python: Implement check for flask debug mode.
 2018-11-27 19:42:26 +00:00
Taus
2b340b4804 Merge pull request #530 from markshannon/python-no-cert-validation 
New query to check for making a request without cert verification.
 2018-11-27 19:01:10 +01:00
Taus Brock-Nannestad
b393d9ad04 Add change note. 2018-11-27 15:21:02 +01:00
Mark Shannon
698957e2cf Python: Correct case of query name and improve help. 2018-11-27 11:32:40 +00:00
Jonas Jensen
c8e34bff6c C++: Update security tag in change note 
These two queries have the `security` tag in the `.ql` file, but it was
missing in the change note.
 2018-11-27 11:03:42 +01:00
Max Schaefer
8e54c7ab6c Merge pull request #503 from asger-semmle/unsafe-global-object-access 
JS: add method name injection query
 2018-11-26 15:56:20 +00:00
Tom Hvitved
e069041bd5 Merge pull request #431 from calumgrant/cs/extractor/fsharp-core 
C#: Fix extraction of method signatures
 2018-11-26 15:07:33 +01:00
Tom Hvitved
7dc0a8132e Merge pull request #513 from calumgrant/cs/cwe-134 
C#: New query cs/uncontrolled-format-string
 2018-11-26 14:58:54 +01:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
yh-semmle
f4ec168666 Merge pull request #533 from aschackmull/java/inherit-bugfix-changenote 
Java: Add change note for #459.
 2018-11-23 10:53:44 -05:00
Mark Shannon
bfc001cc68 Python: Add change note for requests without cert verification query. 2018-11-23 14:48:19 +00:00
Mark Shannon
7f5d46b32f Python: Add change note for new sinks. 2018-11-23 14:30:57 +00:00
Taus
ceb316df60 Merge pull request #527 from markshannon/python-security-change-note 
Collated python change notes
 2018-11-23 15:28:18 +01:00
Anders Schack-Mulligen
d24145831b Java: Add change note for #459. 2018-11-23 14:21:30 +01:00
Aditya Sharad
10dc183495 Merge pull request #512 from hvitved/csharp/autobuilder/dirs-proj 
C#: Recognize `.proj` files in autobuilder
 2018-11-23 13:18:04 +00:00
Mark Shannon
4f5cfbc336 Correct change for extractor logging levels. 2018-11-23 13:03:16 +00:00
Mark Shannon
95f1935eaa Python change notes: Merge in internal change notes. 2018-11-23 12:55:04 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
calum
051dd191ac C#: Change notes. 2018-11-23 12:11:10 +00:00
Tom Hvitved
836daaf07b C#: Recognize .proj files in autobuilder 
When determining the target of `msbuild` or `dotnet build`, first look for `.proj`
files, then `.sln` files, and finally `.csproj`/`.vcxproj` files. In all three cases,
choose the project/solution file closest to the root.
 2018-11-23 09:32:12 +01:00
Geoffrey White
16be502d61 CPP: Add change note. 2018-11-22 15:50:13 +00:00
Esben Sparre Andreasen
8c7ca38b8d JS(extractor): improve parser support for flowtype syntax 2018-11-22 14:09:09 +01:00
Esben Sparre Andreasen
b780f82869 JS: sharpen js/clear-text-logging (ODASA-7485) 2018-11-22 13:38:43 +01:00
calum
64de7489fe C#: Analysis change notes. 2018-11-22 11:21:35 +00:00
Mark Shannon
2ac2233e69 Add change note for enhance visibility of security alerts and conversion to path-queries. 2018-11-22 11:01:35 +00:00
Jonas Jensen
1739cab896 Merge pull request #504 from geoffw0/more-change-notes 
CPP: Change notes
 2018-11-22 08:30:20 +01:00
semmle-qlci
62db19bee7 Merge pull request #492 from geoffw0/offsetuse 
Approved by dave-bartolomeo
 2018-11-21 17:26:48 +00:00
semmle-qlci
4e72a08b8d Merge pull request #507 from esben-semmle/js/mixed-static-intance-this-access-inheritance 
Approved by xiemaisi
 2018-11-21 16:07:25 +00:00
semmle-qlci
f5d3274655 Merge pull request #508 from esben-semmle/js/indirect-global-call-with-default-arguments 
Approved by xiemaisi
 2018-11-21 16:06:46 +00:00
semmle-qlci
746b13a1bc Merge pull request #510 from xiemaisi/js/exclude-minified 
Approved by asger-semmle
 2018-11-21 16:06:22 +00:00
Geoffrey White
1b69006c20 CPP: Combine two of the Missing return statement change notes. 2018-11-21 15:09:09 +00:00
Geoffrey White
cab6f1e87c CPP: Backticks. 2018-11-21 14:39:22 +00:00
Asger F
27c9326e70 JS: address doc review 2018-11-21 14:19:14 +00:00
Jonas Jensen
4e2d40aad8 Merge pull request #484 from geoffw0/limitedscopefile 
CPP: Fix Limitedscopefile.ql
 2018-11-21 14:30:48 +01:00
Asger F
4ae2493798 JS: rename query to Unsafe Dynamic Method Access 2018-11-21 12:34:18 +00:00
Max Schaefer
19aa12106c JavaScript: Teach AutoBuild to exclude minified files from extraction by default . 
This adds default exclusion filters for `**/*.min.js` and `**/*-min.js` to the JavaScript auto-builder, meaning that files matching these patterns will no longer be extracted,
unless they are re-included in the `.lgtm.yml` file.

Alerts in minified code aren't shown by default anyway, so we can save ourselves some work by not analyzing them in the first place.

While including minified files in the snapshot can in theory improve analysis results in non-minified files, this is likely to be rare in practice.
 2018-11-21 12:27:39 +00:00
Esben Sparre Andreasen
caea6212ed JS: use inheritance in js/mixed-static-instance-this-access 2018-11-21 09:48:37 +01:00
Esben Sparre Andreasen
00587ba7b4 JS(extractor): support optional chaining 2018-11-21 08:57:10 +01:00
Geoffrey White
ae91581204 CPP: Change note. 2018-11-20 16:52:36 +00:00
Geoffrey White
d8381ef448 CPP: Add change notes for some more changes. 2018-11-20 16:42:17 +00:00
Geoffrey White
7df7d8dd9e CPP: Add change notes for new query contributions. 2018-11-20 16:14:22 +00:00
Geoffrey White
e8f967a477 CPP: Add change notes for my recent changes. 2018-11-20 16:14:22 +00:00
Asger F
2239f863f7 JS: add query MethodNameInjection 2018-11-20 15:57:18 +00:00
semmle-qlci
1c1d2e943a Merge pull request #496 from esben-semmle/js/yui-directives 
Approved by xiemaisi
 2018-11-20 12:59:55 +00:00
Esben Sparre Andreasen
82fc8ae32a JS: support indirection with extra args in js/missing-this-qualifier 2018-11-20 11:29:03 +01:00
Jonas Jensen
cc28d04ba7 Merge pull request #405 from geoffw0/selfcompare 
CPP: Fix false positives in PointlessSelfComparison.ql
 2018-11-20 09:25:10 +01:00
Esben Sparre Andreasen
54fea1a4cb JS: support "xyz:nomunge" YUI compressor directives 2018-11-20 09:00:33 +01:00
Geoffrey White
646bb01a5f CPP: Change note. 2018-11-19 14:04:14 +00:00
Max Schaefer
1b59a28be0 JavaScript: Downgrade a few "error" rules to "warning". 
For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.
 2018-11-19 09:09:26 +00:00