shati-patel
|
09f3001048
|
Docs: Make TOC more visible and add note about CWE coverage
|
2021-08-05 10:55:41 +01:00 |
|
Anders Schack-Mulligen
|
c29353db80
|
Merge pull request #6424 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2021-08-05 09:48:53 +02:00 |
|
Tony Torralba
|
0356ed7f9e
|
Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check
Java: Promote Missing JWT signature check query from experimental
|
2021-08-05 09:43:03 +02:00 |
|
Anders Schack-Mulligen
|
1932f604dc
|
Merge pull request #6419 from smowton/smowton/admin/unsafe-deserialization-jabsorb
Add unsafe-deserialization support for Jabsorb
|
2021-08-05 09:04:23 +02:00 |
|
Erik Krogh Kristensen
|
d3ea58002d
|
fix a case in union where order wasn't necessarily preserved
|
2021-08-05 08:48:15 +02:00 |
|
Erik Krogh Kristensen
|
6ca53c8b25
|
a little more special casing in CFGExtractor union
|
2021-08-05 08:32:56 +02:00 |
|
CodeQL CI
|
475032780e
|
Merge pull request #6311 from asgerf/js/dom-element-methods
Approved by erik-krogh
|
2021-08-04 23:18:34 -07:00 |
|
Raul Garcia (MSFT)
|
7340a1293f
|
Fixing query & test
|
2021-08-04 19:37:57 -07:00 |
|
Raul Garcia (MSFT)
|
8544356f90
|
Adding Membership.GeneratePassword() as a bad source of random data because of the bias.
|
2021-08-04 17:12:00 -07:00 |
|
github-actions[bot]
|
9d13edb325
|
Add changed framework coverage reports
|
2021-08-05 00:08:17 +00:00 |
|
Erik Krogh Kristensen
|
7e422a656a
|
remove unused imports
|
2021-08-04 23:41:36 +02:00 |
|
Erik Krogh Kristensen
|
ff9943906d
|
micro optimize the hot loops by adding special cases and removing streams
|
2021-08-04 23:35:58 +02:00 |
|
Fosstars
|
b913928294
|
Renamed queries and merged qhelp files
|
2021-08-04 17:54:16 +02:00 |
|
Chris Smowton
|
1f08c3fe55
|
Move test files to appropriate package directories
|
2021-08-04 16:50:03 +01:00 |
|
edvraa
|
db2f9add53
|
Post merge
|
2021-08-04 18:37:17 +03:00 |
|
Chris Smowton
|
5a42448888
|
Code review suggestions
- Remove unneeded import
- Remove unnecessary `toLowerCase` call
|
2021-08-04 16:08:07 +01:00 |
|
Chris Smowton
|
69549e9ce3
|
Add unsafe-deserialization support for Jabsorb
This is partly extracted from https://github.com/github/codeql/pull/5954
|
2021-08-04 15:35:50 +01:00 |
|
Asger Feldthaus
|
1b67b43b40
|
JS: Change note
|
2021-08-04 16:25:59 +02:00 |
|
Asger Feldthaus
|
00f4694616
|
JS: Recognize methods returning DOM objects
|
2021-08-04 16:25:56 +02:00 |
|
Anders Schack-Mulligen
|
5f9f857c34
|
Update java/ql/src/semmle/code/java/security/JWT.qll
|
2021-08-04 16:23:21 +02:00 |
|
Anders Schack-Mulligen
|
78998d0ca1
|
Update java/ql/src/semmle/code/java/security/JWT.qll
|
2021-08-04 16:22:56 +02:00 |
|
Arthur Baars
|
e8f6cb65b8
|
Merge pull request #245 from github/aibaars/tweaks
Move UseDetect.ql to experimental for now
|
2021-08-04 16:05:06 +02:00 |
|
Arthur Baars
|
23f423ad66
|
Merge pull request #242 from github/regex_parsing_fixes
Regex parsing fixes
|
2021-08-04 16:04:54 +02:00 |
|
Arthur Baars
|
9ca0e81953
|
Move UseDetect to experimental for now
|
2021-08-04 15:52:48 +02:00 |
|
Anders Schack-Mulligen
|
6a09a5667d
|
Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection
Java: Promote JNDI Injection query from experimental
|
2021-08-04 15:48:44 +02:00 |
|
Owen Mansel-Chan
|
2e04319d9f
|
Manually improve tests
|
2021-08-04 14:27:01 +01:00 |
|
Owen Mansel-Chan
|
a538699a0a
|
Add automatically generated tests
|
2021-08-04 14:27:00 +01:00 |
|
Owen Mansel-Chan
|
b82389088b
|
Model interfaces in Apache Commons Collections main package
|
2021-08-04 14:26:59 +01:00 |
|
Owen Mansel-Chan
|
39ea0a989a
|
Model *Utils classes
|
2021-08-04 14:26:58 +01:00 |
|
Tony Torralba
|
bc9563c073
|
Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2021-08-04 14:40:32 +02:00 |
|
Arthur Baars
|
8ded688b72
|
Add queries.xml for legacy tooling
|
2021-08-04 14:34:20 +02:00 |
|
Tony Torralba
|
989afb446e
|
Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
|
2021-08-04 14:07:10 +02:00 |
|
edvraa
|
d1e41689bb
|
Merge with main
|
2021-08-04 14:25:34 +03:00 |
|
Tony Torralba
|
a046d75ea6
|
Apply suggestions from code review
|
2021-08-04 13:15:49 +02:00 |
|
edvraa
|
e790ee7c2e
|
Fix formatting
|
2021-08-04 14:06:27 +03:00 |
|
Tony Torralba
|
452fd9a8e3
|
Refactor to path query
|
2021-08-04 13:05:18 +02:00 |
|
Anders Schack-Mulligen
|
fe654dc8ee
|
Merge pull request #6418 from github/cwe-918-add-sec-sev
Update Security-Severity for CWE-918
|
2021-08-04 13:04:40 +02:00 |
|
Tamas Vajk
|
6405b89443
|
Add DB upgrade script to change generic type names to undecorated ones
|
2021-08-04 12:38:16 +02:00 |
|
Tamas Vajk
|
f1a596ee81
|
Fix code review findings
|
2021-08-04 12:38:16 +02:00 |
|
Tamas Vajk
|
62f5af9ac8
|
Fix TupleType::getName
|
2021-08-04 12:38:16 +02:00 |
|
Tamas Vajk
|
d3803b01e4
|
Fix nested generic type qualified names
|
2021-08-04 12:38:16 +02:00 |
|
Tamas Vajk
|
99fe9d8d07
|
Fix erroneous space in type name
|
2021-08-04 12:38:16 +02:00 |
|
Tamas Vajk
|
0cfd73c818
|
Adjust QL getName to the extracted undecorated names
|
2021-08-04 12:38:15 +02:00 |
|
Tamas Vajk
|
8df77060ba
|
C#: Remove type args/params from generic type names in extractor
|
2021-08-04 12:38:15 +02:00 |
|
turbo
|
a8f84da7ac
|
Update Security-Severity for CWE-918
|
2021-08-04 12:17:21 +02:00 |
|
Tony Torralba
|
b586f3ec9c
|
Make the additional flow step abstract
|
2021-08-04 12:11:17 +02:00 |
|
Tony Torralba
|
f4bc4df8c1
|
Renamed JWTQuery so that it's named after the actual query name
|
2021-08-04 12:08:08 +02:00 |
|
Tom Hvitved
|
0eaeb3b5a6
|
Rename moduleImport to getTopLevelMember
|
2021-08-04 10:57:57 +02:00 |
|
Tom Hvitved
|
8451286754
|
API graphs: Remove MkModule
|
2021-08-04 10:28:30 +02:00 |
|
Anders Schack-Mulligen
|
1a078c38ad
|
Merge pull request #6412 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2021-08-04 09:58:34 +02:00 |
|