codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00

Author	SHA1	Message	Date
Felicity Chapman	616a57d6d4	Update article with code scanning example	2021-05-04 12:11:18 +01:00
Tamás Vajk	05c045070e	Merge pull request #5810 from tamasvajk/feature/culture C#: Use invariant culture in the extractor	2021-05-04 13:09:38 +02:00
Mathias Vorreiter Pedersen	568724bffd	C#: Fix getInstructionOpcode to make sure IRConstruction.qll compiles for C#.	2021-05-04 13:00:40 +02:00
Marcono1234	ab90fe18fd	Docs: Use GitHub links for guides, improve formatting	2021-05-04 12:35:23 +02:00
Mathias Vorreiter Pedersen	ded377bcd2	C++: Reorder getInstructionOpcode to produce better RA.	2021-05-04 12:13:34 +02:00
Tony Torralba	f79d2e06f9	Fix failing checks	2021-05-04 11:29:09 +02:00
Tamas Vajk	c547907784	C#: Use invariant culture in the extractor	2021-05-04 11:17:33 +02:00
Anders Schack-Mulligen	5bcf810a7c	Merge pull request #5821 from JarLob/patch-1 Update UncaughtServletException.qhelp	2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen	9ee9186a1a	Merge pull request #5825 from github/yo-h/java-diagnostic-queries Java: split extractor diagnostics query into two	2021-05-04 10:12:32 +02:00
Erik Krogh Kristensen	aaf754ebf5	recognize more library input	2021-05-04 10:06:14 +02:00
Tony Torralba	6b79ca6403	Fix warning	2021-05-04 09:32:03 +02:00
CodeQL CI	6931d9a6f7	Merge pull request #5785 from edvraa/httponlyjs Approved by esbena	2021-05-03 23:14:26 -07:00
luchua-bc	703fbf139a	Add more methods and update the library name	2021-05-04 02:54:49 +00:00
yo-h	edf1a90161	Java: split extractor diagnostics query into two	2021-05-03 20:27:07 -04:00
edvraa	6fa2f1e653	update test message	2021-05-04 00:32:01 +03:00
Jonathan Leitschuh	dfad1fc740	[Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-03 12:58:00 -04:00
Taus	483199878d	Merge pull request #5793 from RasmusWL/fix-qldoc Python: Minor fix to Django RawSQL QLDoc	2021-05-03 18:18:02 +02:00
Tony Torralba	e68c6e66a5	Remove qlref file	2021-05-03 17:53:37 +02:00
Tony Torralba	745a6f6fb4	Getters called on parameters propagate taint	2021-05-03 17:43:33 +02:00
Mathias Vorreiter Pedersen	2912c2e7f5	C++: Add more CWE tags to queries in the code scanning suite.	2021-05-03 16:58:47 +02:00
Edwin	27c680e28b	Apply suggestions from code review Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-05-03 16:41:09 +03:00
Jaroslav Lobačevski	38bce39baa	Update UncaughtServletException.qhelp There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.	2021-05-03 15:06:57 +03:00
Tony Torralba	4d5ec87de9	Use InlineTest	2021-05-03 13:27:24 +02:00
Tony Torralba	4bfd34b1fe	Moved from experimental	2021-05-03 13:15:24 +02:00
edvraa	cef845ac47	Support string expressions	2021-05-03 13:46:56 +03:00
Tony Torralba	38e052482c	More csv sinks and sources	2021-05-03 12:44:53 +02:00
edvraa	ea38f0d3bd	a new test for simple flow	2021-05-03 12:19:05 +03:00
edvraa	000826af11	typo	2021-05-03 12:18:43 +03:00
Tom Hvitved	182b2d0457	C#: Improve CFG for constructors when there are multiple implementations	2021-05-03 10:46:36 +02:00
Tom Hvitved	633f228dc2	C#: Add CFG tests for partial classes	2021-05-03 10:23:29 +02:00
Tom Hvitved	bb1cb73675	Merge pull request #5795 from hvitved/csharp/implicit-constructor-inits C#: Extract implicit constructor initializer calls	2021-05-03 10:21:04 +02:00
Tom Hvitved	b77b3da8d6	C#: Add change note	2021-05-03 09:40:13 +02:00
Jonas Jensen	c05ef1225c	Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType C++: Add nomagic to getUnspecifiedType	2021-05-03 09:03:58 +02:00
edvraa	65183cde80	Move to experimental	2021-05-03 09:59:52 +03:00
edvraa	bd99114cd6	Comments added	2021-05-03 09:55:04 +03:00
luchua-bc	4709e8139d	JPython code injection	2021-05-03 01:43:56 +00:00
edvraa	a24c1c8114	fix comment	2021-05-03 00:36:38 +03:00
edvraa	fa94fedfc3	simple dataflow for sensitive name	2021-05-03 00:36:26 +03:00
edvraa	97bc7e38d2	check for sensitive property name	2021-05-03 00:31:29 +03:00
edvraa	7ab91bb185	Inline getOptionsArgument	2021-05-03 00:09:15 +03:00
ihsinme	bb97507ebc	Update test.c	2021-05-02 22:59:56 +03:00
ihsinme	21f43252e6	Update DeclarationOfVariableWithUnnecessarilyWideScope.expected	2021-05-02 22:59:04 +03:00
ihsinme	0935c5a0f2	Update DeclarationOfVariableWithUnnecessarilyWideScope.ql	2021-05-02 22:58:30 +03:00
ihsinme	8c3980d80b	Update cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.c Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2021-05-02 22:54:43 +03:00
Tony Torralba	53e04d0d96	Refactor to CSV sink model	2021-04-30 17:53:43 +02:00
Mario Campos	ae857db657	Add React Native to JavaScript frameworks According to @asgerf, React Native is already supported 🎉	2021-04-30 10:47:08 -05:00
Timo Mueller	c22eeacbfc	Fixed accidential double init of variable	2021-04-30 16:28:56 +02:00
Timo Mueller	61d053f6b3	Fixed missing metadata description	2021-04-30 16:28:17 +02:00
Timo Mueller	15a3068f8a	Added query for insecure environment configuration RMI JMX (CVE-2016-8735)	2021-04-30 16:23:17 +02:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00

... 74 75 76 77 78 ...

26405 Commits