codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
ihsinme	a9dd868348	Update IncorrectChangingWorkingDirectory.qhelp	2021-11-03 18:38:30 +03:00
ihsinme	c94b64cbca	Update IncorrectChangingWorkingDirectory.qhelp	2021-11-03 18:28:57 +03:00
Tom Hvitved	16d96d2ad3	Ruby: Remove `Node::getEnclosingCallable` and `ParameterNode::isParameterOf`	2021-11-03 15:59:29 +01:00
Arthur Baars	b9bf597044	Address comments	2021-11-03 15:15:36 +01:00
Erik Krogh Kristensen	523c15cd72	don't include mode-of-operation into the algorithm names	2021-11-03 14:54:50 +01:00
luciaromeroML	e50938588e	formatting qll file	2021-11-03 10:30:35 -03:00
Mathias Vorreiter Pedersen	4095c2012e	C++: Add comments on why 'ReferenceToInstruction' is interpreted like a 'LoadInstruction' at certain places.	2021-11-03 13:27:26 +00:00
Tom Hvitved	df6962143d	Shared SSA: Sync files	2021-11-03 14:21:50 +01:00
Tom Hvitved	5539b7ffed	Shared SSA: Improved dominance frontier calculation	2021-11-03 14:21:39 +01:00
Erik Krogh Kristensen	3638892d35	Merge pull request #6881 from erik-krogh/add-missing-noinline JS: add pragma[noinline] to predicates where the qldoc mentions join-order	2021-11-03 14:21:27 +01:00
Mathias Vorreiter Pedersen	43a4795272	C++: Remove redundant conjunct.	2021-11-03 13:19:43 +00:00
Erik Krogh Kristensen	f01ee5914b	add a docstring, and rename rawString -> foldedString	2021-11-03 14:19:31 +01:00
Rasmus Wriedt Larsen	84b38b6c32	Python: Add test with custom django json response (FP)	2021-11-03 14:17:08 +01:00
Erik Krogh Kristensen	7b0ebd3f1a	use the context to determine whether or not a node is an operand of a binop	2021-11-03 14:09:44 +01:00
Arthur Baars	ddc9ad3187	Merge remote-tracking branch 'upstream/rc/3.3' into main	2021-11-03 14:01:51 +01:00
Arthur Baars	1327d7c8d5	Merge pull request #7043 from aibaars/fix-ql-tests-3.3 Ruby: Fix QL tests and Rust compilation error	2021-11-03 13:59:29 +01:00
Asger Feldthaus	712614a03c	JS: Block prototype pollution flow into this	2021-11-03 13:33:50 +01:00
Erik Krogh Kristensen	737c747dbb	early exit if string becomes too big	2021-11-03 13:28:03 +01:00
Erik Krogh Kristensen	1ba6f448cd	compute concatenated string and offset at the same time	2021-11-03 13:26:19 +01:00
Erik Krogh Kristensen	be46c1f679	remove unused import	2021-11-03 13:25:09 +01:00
Asger Feldthaus	08bc80ffdb	JS: Block prototype pollution assignment flows through .replace()	2021-11-03 13:24:29 +01:00
Mathias Vorreiter Pedersen	1f89b4987b	C++: Rename 'valueFlow' to 'conversionFlow' and add a QLDoc that explains its purpose.	2021-11-03 12:22:27 +00:00
Asger Feldthaus	76e841830f	JS: Check for labeled barriers in reachableFromInput	2021-11-03 13:10:20 +01:00
Erik Krogh Kristensen	9cf34f19bb	Merge branch 'main' into extractBigReg	2021-11-03 13:08:51 +01:00
Erik Krogh Kristensen	264f4ab5ab	add js/session-fixation query	2021-11-03 13:04:41 +01:00
Nick Rolfe	dd17271ec8	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-03 11:55:42 +00:00
Arthur Baars	aab8c64973	Ruby: fix compilation error	2021-11-03 12:32:45 +01:00
Arthur Baars	2c5d5ecdd8	Ruby: QLTest: fix pack search path for upgrades	2021-11-03 12:14:58 +01:00
Arthur Baars	32765e9bc1	Ruby: trigger jobs on workflow change	2021-11-03 12:14:58 +01:00
Mathias Vorreiter Pedersen	dfbfbe4953	Merge branch 'main' into use-shared-ssa-in-ir-dataflow	2021-11-03 10:39:22 +00:00
Mathias Vorreiter Pedersen	ad5619ff07	Revert "C++: Don't count write operations as uses." This reverts commit `092beb8b73`.	2021-11-03 10:37:32 +00:00
Tom Hvitved	ab37ae6613	Merge pull request #7036 from hvitved/ruby/truncate-get-value-text Ruby: Truncate concatenated strings in `getValueText`	2021-11-03 10:57:43 +01:00
Rasmus Lerchedahl Petersen	05aa314ac9	Python: Add tests for non-async constructs	2021-11-03 10:54:36 +01:00
ihsinme	c175f0aa9d	Update IncorrectChangingWorkingDirectory.ql	2021-11-03 12:25:30 +03:00
Tom Hvitved	51f4f57617	C#: Use `cs/` prefix in all query IDs	2021-11-03 10:25:21 +01:00
Anders Schack-Mulligen	e6145f04d2	Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead	2021-11-03 10:20:09 +01:00
Erik Krogh Kristensen	ab4780c505	Merge pull request #7032 from erik-krogh/cwe497 JS: add CWE-497 to js/stack-trace-exposure	2021-11-03 08:55:49 +01:00
Ethan P	b9eb278380	Add new file to index	2021-11-02 21:55:25 -07:00
Ethan P	98eb848e22	add link to new article	2021-11-02 21:35:39 -07:00
Ethan P	06cacfdd83	Create extractor-options.rst	2021-11-02 21:21:31 -07:00
Pierre	cf5b317eb1	Add updated framework support for JS/Java Release: https://github.com/github/releases/issues/1724	2021-11-02 22:02:05 +01:00
Mathias Vorreiter Pedersen	4a2894a707	Merge pull request #7025 from MathiasVP/nomagic-parameterCand Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma	2021-11-02 20:40:44 +00:00
Arthur Baars	eb645ba963	Merge remote-tracking branch 'origin/rc/3.3' into 'main'	2021-11-02 21:10:41 +01:00
Tom Hvitved	8b287a7846	Ruby: Truncate concatenated strings in `getValueText`	2021-11-02 18:19:49 +01:00
Erik Krogh Kristensen	9d99ce12c4	add CWE-497 to js/stack-trace-exposure	2021-11-02 15:43:55 +01:00
Rasmus Wriedt Larsen	8cd9fdebf9	Python: Model `flask_admin`	2021-11-02 15:43:13 +01:00
Rasmus Wriedt Larsen	ab88d945e2	Python: Add `flask_admin` tests	2021-11-02 15:41:57 +01:00
Rasmus Wriedt Larsen	c2632cff3d	Python: Add RequestHandler meta query	2021-11-02 15:41:57 +01:00
Rasmus Lerchedahl Petersen	768932d7b3	Python: Add tainttracking step that was removed when the correpsonding datadlow step was removed.	2021-11-02 15:01:47 +01:00
Rasmus Lerchedahl Petersen	07d5086b07	Python: support user defined taint source	2021-11-02 15:00:23 +01:00

... 16 17 18 19 20 ...

29908 Commits