hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

246 Commits

Author SHA1 Message Date
Max Schaefer
f181111886 JavaScript: Add model of http2 compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
semmle-qlci
da566a4484 Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci
769dce511b Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen
d6afd438ba add model for chrome-remote-interface as a ClientRequest 2020-02-13 10:58:07 +01:00
Taus
12113e947f Merge pull request #2603 from RasmusWL/python-fix-http-source-sink 
Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink
 2020-02-12 13:42:22 +01:00
Robert Marsh
5269fb713f Merge pull request #2812 from geoffw0/nospacezero 
C++: Improve NoSpaceForZeroTerminator.ql
 2020-02-11 14:37:32 -05:00
Geoffrey White
87781a944b C++: Change note. 2020-02-11 15:25:59 +00:00
Tom Hvitved
1948446ad3 Address review comments 2020-02-11 11:56:40 +01:00
Tom Hvitved
dc27ee7b9f C#: Add change note 2020-02-10 20:33:57 +01:00
Tom Hvitved
2b2bb5db80 Merge pull request #2803 from calumgrant/cs/stackalloc-expr 
C#: Handle implicitly-typed stackallocs
 2020-02-10 20:28:16 +01:00
Erik Krogh Kristensen
67cd303a91 add change note 2020-02-10 13:51:48 +01:00
Calum Grant
a95ef31984 C#: Analysis change notes 2020-02-10 11:36:30 +00:00
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Calum Grant
389e6266d9 Merge pull request #2773 from hvitved/csharp/useless-assignment-to-local-default 
C#: Remove false positives for `cs/useless-assignment-to-local`
 2020-02-07 10:37:19 +00:00
Asger Feldthaus
91a5385e7f JS: Add libraries to change note 2020-02-06 14:59:52 +00:00
Asger Feldthaus
75c008eec1 JS: Change note 2020-02-06 14:33:20 +00:00
Tom Hvitved
69d9d4122a C#: Add change note 2020-02-05 20:12:41 +01:00
Felicity Chapman
d0e7bfce28 Merge pull request #2738 from aschackmull/java/ldapinjection-changenote 
Java: Add change note for LDAP injection query.
 2020-02-05 11:29:29 +00:00
semmle-qlci
53763c789f Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
Anders Schack-Mulligen
cf815351a9 Java: Elaborate change note. 2020-02-04 16:18:35 +01:00
Tom Hvitved
00fdc70155 Merge pull request #2710 from calumgrant/cs/short-circuit-out 
C#: Remove false positive in cs/non-short-circuit
 2020-02-04 12:09:17 +01:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Asger Feldthaus
9abf5f06e6 TS: Resolve imports using TypeScript symbols 2020-02-03 09:32:56 +00:00
Esben Sparre Andreasen
7f25c1bf47 JS: address doc-review comments 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
semmle-qlci
d995d5a4a0 Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Anders Schack-Mulligen
7647d94068 Java: Add change note for LDAP injection query. 2020-01-31 16:48:35 +01:00
yo-h
563be9f817 Merge pull request #2719 from aschackmull/java/deprecate-parexpr 
Java: Deprecate ParExpr
 2020-01-30 18:23:13 -05:00
Anders Schack-Mulligen
843fd37c75 Java: Add change note. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen
b7a8d0e903 Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-01-30 10:41:13 +01:00
Anders Schack-Mulligen
2039ec37e5 Java/C++/C#: Add change note for taint-getters. 2020-01-29 16:26:23 +01:00
Tom Hvitved
474815bf57 Merge pull request #2660 from calumgrant/cs/release-notes 
C#: Add release notes and precisions to queries
 2020-01-29 16:05:45 +01:00
Esben Sparre Andreasen
a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Calum Grant
aff0a7534c Update change-notes/1.24/analysis-csharp.md 
Fix indentation

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-01-29 11:44:17 +00:00
semmle-qlci
fb90c2ba52 Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Jonas Jensen
27b5902258 Merge pull request #2707 from geoffw0/taint-format 
C++: Add TaintFunction model to FormattingFunction
 2020-01-29 08:20:34 +01:00
Calum Grant
6b377d7ad4 C#: Analysis change notes 2020-01-28 14:59:25 +00:00
Geoffrey White
fc1816cbd7 C++: Update change note. 2020-01-28 14:53:18 +00:00
Rasmus Wriedt Larsen
9b2ca0c9c7 Python: Update web libraries to use HttpSources and HttpSinks 2020-01-28 13:06:48 +01:00
Anders Schack-Mulligen
4cb28d9b1d Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant. 2020-01-28 10:13:34 +01:00
Geoffrey White
1ddabee1b8 C++: Change note. 2020-01-28 08:46:46 +00:00
yo-h
8c00671f24 Merge pull request #2698 from aschackmull/java/changenote-csrf-query 
Java: Add change note for java/spring-disabled-csrf-protection.
 2020-01-27 21:09:15 -05:00
Chris Gavin
708890add3 Java: Add a change note for java/suspicious-date-format. 2020-01-27 11:57:56 +00:00
Anders Schack-Mulligen
efe8981129 Java: Add change note for java/spring-disabled-csrf-protection. 2020-01-27 11:33:31 +01:00
semmle-qlci
7d9956e3f3 Merge pull request #2675 from erik-krogh/WebSocket 
Approved by esbena
 2020-01-27 08:40:37 +00:00
yo-h
50320c7828 Merge pull request #2628 from aschackmull/java/no-adhoc-testclass 
Java: Replace ad-hoc TestClass detection.
 2020-01-23 14:09:11 -05:00
Asger Feldthaus
406c6eb981 JS: Sharpen missing CSRF middleware query 2020-01-23 14:22:49 +00:00
Anders Schack-Mulligen
0bbe571064 Update change-notes/1.24/analysis-java.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-23 13:13:51 +01:00
Anders Schack-Mulligen
fd141917c7 Java: Add change note. 2020-01-23 11:08:35 +01:00
Jonas Jensen
ceeb9ab718 Merge pull request #2622 from MathiasVP/implicit-function-declaration 
C++: Add 'implicit function declaration' query
 2020-01-23 09:23:44 +01:00