hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
haby0
f41301f8f5 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:55:17 +08:00
haby0
0691cac5ab Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:41 +08:00
haby0
8142810455 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-30 16:54:28 +08:00
Tom Hvitved
ecd40e5cae Merge pull request #5808 from intrigus-lgtm/fix-lambda-typos 
Fix typo.
 2021-04-30 09:08:28 +02:00
haby0
711a74c9c9 Eliminate false positives\ 2021-04-30 10:31:40 +08:00
intrigus
08731fc6cf Fix typo. 2021-04-29 20:26:34 +02:00
Jorge
bd4b189373 Polish documentation consistency 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-29 16:26:28 +02:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
Geoffrey White
c4069362ce Merge pull request #5804 from MathiasVP/improve-detect-and-handle-memory-allocation-errors 
C++: Improve qhelp and tests for cpp/detect-and-handle-memory-allocation-errors
 2021-04-29 14:34:41 +01:00
haby0
e813257431 use hardCode 2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen
404a6c1506 Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs 
Document `SpringProperty::getSetterMethod`.
 2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen
c78285e557 Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent 
Java: Add StmtParent as superclass of SwitchExpr
 2021-04-29 15:02:05 +02:00
Tom Hvitved
c3890a9435 C#: Adjust CFG for instance constructors 2021-04-29 14:05:42 +02:00
Tom Hvitved
ee62522c51 C#: Extract implicit constructor initializer calls 2021-04-29 14:05:42 +02:00
Mathias Vorreiter Pedersen
c67ab8f1f0 C++: Respond to review comments. 2021-04-29 14:01:04 +02:00
Chris Smowton
2787c2f874 Document SpringProperty::getSetterMethod. 2021-04-29 12:28:26 +01:00
Mathias Vorreiter Pedersen
e81b40978e C++: Improve the description tag. 2021-04-29 12:10:29 +02:00
Arthur Baars
6693c5bdd0 Merge pull request #5395 from tausbn/python-share-typetracker 
Python: Make the type tracking implementation shareable
 2021-04-29 12:06:12 +02:00
Mathias Vorreiter Pedersen
9e39b08325 C++: Improve the qhelp for cpp/detect-and-handle-memory-allocation-errors. 2021-04-29 11:58:36 +02:00
Mathias Vorreiter Pedersen
44de127bff C++: Extend and improve the testcases for cpp/detect-and-handle-memory-allocation-errors. 2021-04-29 11:57:43 +02:00
Rasmus Wriedt Larsen
af0723c185 Merge pull request #5656 from asgerf/js/files-diagnostics 
JS: Add file diagnostics queries
 2021-04-29 11:53:11 +02:00
CodeQL CI
84d43946de Merge pull request #5755 from RasmusWL/non-alert-data-part1 
Approved by tausbn
 2021-04-29 02:51:34 -07:00
jorgectf
213d011a8c Edit code example in CompiledRegex 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-29 11:10:03 +02:00
Mathias Vorreiter Pedersen
39c7816ede C++: Dont allow magic in getUnspecifiedType. 2021-04-29 10:09:46 +02:00
Tom Hvitved
0cb826a511 Merge pull request #5797 from hvitved/cpp/has-multi-scope-node-noinline 
C++: Do not inline `Dominance::hasMultiScopeNode`
 2021-04-29 09:51:05 +02:00
CodeQL CI
3240536d0e Merge pull request #5798 from erik-krogh/trackLoc 
Approved by esbena
 2021-04-29 00:45:21 -07:00
Aditya Sharad
4d2db08934 Merge pull request #5801 from github/aeisenberg/fix-codescanning 
Actions: Fix code scanning workflow
 2021-04-28 15:21:43 -07:00
Andrew Eisenberg
0376a13dd8 Actions: Fix code scanning workflow 2021-04-28 15:05:13 -07:00
thank_you
d85b1a2d5f Replace recursive getAMember*() method 2021-04-28 16:54:49 -04:00
intrigus
a8865e2fa2 Java: Cleanup jwt stubs. 2021-04-28 20:46:09 +02:00
Erik Krogh Kristensen
dfd63e5d5a track window object to where .location is read 2021-04-28 18:52:00 +02:00
Shati Patel
d288b9216e Merge pull request #5790 from github/cklin-find-the-thief-conditions-sync 
Fix inconsistency in the find-the-thief exercise
 2021-04-28 17:16:58 +01:00
CodeQL CI
9c5ad44e27 Merge pull request #5782 from erik-krogh/domFP 
Approved by esbena
 2021-04-28 09:12:00 -07:00
Rasmus Lerchedahl Petersen
16bde2729d Python: add flow from methods to calls 2021-04-28 17:02:24 +02:00
Tom Hvitved
058925cca9 C++: Do not inline Dominance::hasMultiScopeNode 2021-04-28 16:50:08 +02:00
yoff
73521e22de Merge pull request #5791 from tausbn/python-limit-absolute-imports 
Python: Limit absolute imports
 2021-04-28 16:22:08 +02:00
Tom Hvitved
c35a2b959a Python: Update data-flow caching 2021-04-28 14:49:05 +02:00
Tom Hvitved
e8347c2c20 C++: Update data-flow caching 2021-04-28 14:49:05 +02:00
Erik Krogh Kristensen
902a4368a1 assume that all pipe elements that return something, return outputs 2021-04-28 12:36:07 +02:00
Erik Krogh Kristensen
2f14a6218a generalize RxJS pipes 2021-04-28 12:26:02 +02:00
Rasmus Wriedt Larsen
baa926359e Python: Minor fix to Django RawSQL QLDoc 2021-04-28 12:18:27 +02:00
Rasmus Wriedt Larsen
8b9c5f8228 Python/JS: Remove "Only added to aid with internal rewrite" 2021-04-28 11:50:06 +02:00
Erik Krogh Kristensen
d5450f1df6 use isWildcardLike in MetacharEscapeSanitizer 2021-04-28 11:46:50 +02:00
Erik Krogh Kristensen
d07c71c99d unlimited repetition of a wildcard is also a wildcard 2021-04-28 11:46:35 +02:00
Erik Krogh Kristensen
160fa148f1 move InfiniteRepetitionQuantifier to Regexp.qll 2021-04-28 11:39:28 +02:00
Erik Krogh Kristensen
e60628d463 add global replacements using inverted char classes as a sanitizer for DOM based XSS 2021-04-28 11:29:30 +02:00
Rasmus Wriedt Larsen
f2b4e31e7f Python: Make Diagnostics tests pass 
I had comitted a bad .expected file it seems, and since the encoding for UTF-8
is named differently from Python 2 to Python 3, we're only going to run the test
for one version.
 2021-04-28 10:21:59 +02:00
Tamás Vajk
310baab73f Merge pull request #5740 from tamasvajk/feature/diag 
C#: Add extraction error diagnostic query
 2021-04-28 08:46:35 +02:00
haby0
b0f745365d Node type restriction 2021-04-28 14:32:25 +08:00