Dave Bartolomeo
|
d828ab7fd2
|
Merge pull request #6955 from github/codeql-ruby-3.3
RC 3.3: merge codeql-ruby repository into github/codeql
|
2021-11-02 09:57:49 -04:00 |
|
Erik Krogh Kristensen
|
5975e19f53
|
sync identical files
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
2a8807efe4
|
add change note
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
076a3dca1f
|
add qhelp
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
d9a214767b
|
add support for node-rsa
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
49ea53f32b
|
move ExpressJwt that was inside the Hasha module
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
2c013214f7
|
add Diffie-Hellman from the crypto library
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
1df8ec2cae
|
add insufficient key size model for node-forge
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
62039b866c
|
add cryptographic key model to the crypto-js library
|
2021-11-02 14:45:33 +01:00 |
|
Erik Krogh Kristensen
|
028799deb6
|
implement a simple InsufficientKeySize query
|
2021-11-02 14:45:30 +01:00 |
|
Erik Krogh Kristensen
|
7a9315f146
|
use set literal
|
2021-11-02 14:45:14 +01:00 |
|
yoff
|
97625d7c2c
|
Merge pull request #7023 from RasmusWL/toml
Python: Add modeling of `toml`
|
2021-11-02 14:42:06 +01:00 |
|
Rasmus Wriedt Larsen
|
cb6bcada4c
|
Merge branch 'main' into django-rest-framework
|
2021-11-02 14:33:16 +01:00 |
|
ihsinme
|
62b3c3c9a0
|
Update IncorrectChangingWorkingDirectory.ql
|
2021-11-02 16:16:17 +03:00 |
|
yoff
|
0240631510
|
Merge pull request #6782 from RasmusWL/fastapi
Python: Model FastAPI
|
2021-11-02 14:16:12 +01:00 |
|
ihsinme
|
738354b8e7
|
Update cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
|
2021-11-02 16:13:34 +03:00 |
|
Asger Feldthaus
|
971f032b5f
|
JS: Autoformat
|
2021-11-02 14:12:05 +01:00 |
|
Asger Feldthaus
|
46bd3e58a3
|
JS: Switch to instanceof base type
|
2021-11-02 14:12:05 +01:00 |
|
Asger Feldthaus
|
5f4c1dd19b
|
JS: Support regexp-based path traversal check
|
2021-11-02 14:12:05 +01:00 |
|
Asger Feldthaus
|
83edcf515b
|
JS: Add test for regexp-based sanitizer
|
2021-11-02 14:12:04 +01:00 |
|
Mathias Vorreiter Pedersen
|
3e6ac74d73
|
C++: Add 'InheritanceConversionInstruction' to the list of instructions that set 'certain = false' in 'explicitWrite'.
|
2021-11-02 13:02:46 +00:00 |
|
Mathias Vorreiter Pedersen
|
56cabb8f46
|
C++: Add comments to some of the disjuncts in 'addressFlow'.
|
2021-11-02 12:52:11 +00:00 |
|
Rasmus Wriedt Larsen
|
c52e453342
|
Python: Minor rewrite
|
2021-11-02 13:37:50 +01:00 |
|
Erik Krogh Kristensen
|
54fba2d6a1
|
Merge pull request #6781 from erik-krogh/ldap
JS: Move LDAP injection out of experimental
|
2021-11-02 13:35:32 +01:00 |
|
Anders Schack-Mulligen
|
7d0152f3c0
|
Merge pull request #6932 from aschackmull/dataflow/flow-features
Dataflow: Add support for call context restrictions on sources/sinks.
|
2021-11-02 13:24:17 +01:00 |
|
Ian Wright
|
6fa9413f8b
|
more efficient implementation of calleeApiName
|
2021-11-02 12:05:33 +00:00 |
|
Nick Rolfe
|
6dd5dad4a9
|
Merge pull request #7026 from github/nickrolfe/rb-prefix
Ruby: use the `rb/` prefix in all query ids
|
2021-11-02 12:04:50 +00:00 |
|
Arthur Baars
|
18a47227b3
|
Remove redundant permissions block
|
2021-11-02 13:04:45 +01:00 |
|
Erik Krogh Kristensen
|
f7f315adbb
|
Merge pull request #7022 from erik-krogh/cwe319
JS: add cwe-319 to js/clear-text-cookie
|
2021-11-02 12:47:53 +01:00 |
|
Erik Krogh Kristensen
|
7a96b8e9e1
|
Merge branch 'main' into ldap
|
2021-11-02 12:47:28 +01:00 |
|
Nick Rolfe
|
898f5ec596
|
Ruby: use the rb/ prefix in all query ids
|
2021-11-02 11:42:02 +00:00 |
|
Mathias Vorreiter Pedersen
|
6f4107ff23
|
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma.
|
2021-11-02 11:37:40 +00:00 |
|
Arthur Baars
|
53b03152f3
|
Use 'gh' command to download artifacts
|
2021-11-02 12:01:14 +01:00 |
|
Arthur Baars
|
501ff12abb
|
Use NUL character as separator
|
2021-11-02 12:01:13 +01:00 |
|
Arthur Baars
|
d1852af7b6
|
Add error messages
|
2021-11-02 12:00:11 +01:00 |
|
Mathias Vorreiter Pedersen
|
092beb8b73
|
C++: Don't count write operations as uses.
|
2021-11-02 10:59:34 +00:00 |
|
Rasmus Wriedt Larsen
|
8ee804a8c2
|
Python: Add toml modeling
|
2021-11-02 11:57:15 +01:00 |
|
Rasmus Wriedt Larsen
|
14bc297946
|
Python: Add toml encode/decode test
|
2021-11-02 11:57:06 +01:00 |
|
Geoffrey White
|
c1de4165a9
|
Update cpp/ql/lib/semmle/code/cpp/commons/NullTermination.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
|
2021-11-02 10:51:35 +00:00 |
|
Tom Hvitved
|
302373d154
|
Merge pull request #6858 from hvitved/python/type-tracker-changes
Python: Type tracker changes
|
2021-11-02 11:47:01 +01:00 |
|
CodeQL CI
|
d5e2026a26
|
Merge pull request #6934 from erik-krogh/more-instanceof
Approved by MathiasVP, esbena, yoff
|
2021-11-02 03:46:23 -07:00 |
|
CodeQL CI
|
5d62aa5b29
|
Merge pull request #6994 from erik-krogh/redundant-cast
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
|
2021-11-02 03:45:48 -07:00 |
|
Tom Hvitved
|
fe80c4a17b
|
Ruby: Sync files
|
2021-11-02 11:16:46 +01:00 |
|
Tom Hvitved
|
1e64893742
|
Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll
Co-authored-by: Taus <tausbn@github.com>
|
2021-11-02 11:16:32 +01:00 |
|
Tom Hvitved
|
660398aa78
|
Python: Introduce TypeBackTracker::getACompatibleTypeTracker()
|
2021-11-02 11:16:32 +01:00 |
|
Tom Hvitved
|
73fd66cfed
|
Python: Cache TypeBackTracker::prepend
|
2021-11-02 11:16:32 +01:00 |
|
Erik Krogh Kristensen
|
41e7dea943
|
add cwe-319 "Cleartext Transmission of Sensitive Information" to js/clear-text-cookie
|
2021-11-02 11:11:38 +01:00 |
|
Rasmus Wriedt Larsen
|
83389be8e2
|
Python: Add some missing QLDocs
|
2021-11-02 11:02:51 +01:00 |
|
Rasmus Wriedt Larsen
|
5c2734c643
|
Python: Fix experimental Django.qll
|
2021-11-02 10:55:44 +01:00 |
|
Rasmus Wriedt Larsen
|
fd12b144bc
|
Python: Add change-note
|
2021-11-02 10:55:44 +01:00 |
|