codeql

mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	5a489a386a	Merge pull request #6329 from havron/qhelp-typo Fix qhelp typo in RequestWithoutValidation	2021-07-20 10:18:35 +02:00
Artem Smotrakov	158a75e5a1	Import UnsafeDeserializationQuery in unsafeDeserialization.ql	2021-07-20 10:14:50 +02:00
Tony Torralba	0f199601f8	Refactor GroovyInjection.qll	2021-07-20 09:44:37 +02:00
Anders Schack-Mulligen	47528b3379	Merge pull request #6332 from github/workflow/coverage/update Update CSV framework coverage reports	2021-07-20 09:27:59 +02:00
github-actions[bot]	bed08a6f4f	Add changed framework coverage reports	2021-07-20 00:06:37 +00:00
Ethan P	1cf5386824	Create publishing-and-using-codeql-packs.rst	2021-07-19 18:42:01 -04:00
Ethan P	a5cbc560e3	Add conceptual info for creating and working with CodeQL packs	2021-07-19 18:41:44 -04:00
Porcuiney Hairs	c6c925d67a	Python : Improve Xpath Injection Query	2021-07-20 03:31:30 +05:30
Aditya Sharad	48778ce9a4	Merge pull request #6160 from timoles/patch-1 Add information for generating qhelp files locally	2021-07-19 14:14:22 -07:00
Ethan P	26a36592ce	Add intros and Overview headers	2021-07-19 16:29:18 -04:00
Ethan P	511e01aa1b	shorten title for `full-cwe`	2021-07-19 16:23:57 -04:00
Sam Havron	733e5b45bf	Fix qhelp typo in RequestWithoutValidation	2021-07-19 16:01:06 -04:00
Timo Müller	b24c096a76	Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2021-07-19 21:12:59 +02:00
Aditya Sharad	20fa8e49c8	Merge pull request #6326 from adityasharad/codeowners/codeql-tools Codeowners: Add reviewer teams for CodeQL tools and associated docs	2021-07-19 11:15:58 -07:00
Ethan P	5028fccee5	Create new CWE coverage overview and full CWE coverage page	2021-07-19 14:01:42 -04:00
Ethan P	618e8b34dc	Create individual language pages for CWE tables	2021-07-19 14:01:18 -04:00
Aditya Sharad	94b2b174c1	Merge pull request #6177 from skyzyx/patch-1 Update getting-started-with-the-codeql-cli.rst	2021-07-19 10:58:43 -07:00
Geoffrey White	ab4b2c2342	C++: Fix 'rename'.	2021-07-19 18:58:39 +01:00
Geoffrey White	95ec8f5394	C++: Add support for '_wfsopen'.	2021-07-19 18:36:09 +01:00
Aditya Sharad	c26a4d315d	Codeowners: Add reviewer teams for CodeQL tools and associated docs	2021-07-19 10:35:59 -07:00
Chris Smowton	7819d32784	Make MediaType stub constants actually constant This is required to use them in annotations	2021-07-19 18:28:30 +01:00
Chris Smowton	a0297d51e5	Note fixed test result the Optional type has now been modelled	2021-07-19 18:28:06 +01:00
Chris Smowton	82ea2592ad	Spring HTTP: Fix test mistakes Classes without RestController and methods without GetMapping or similar were never going to be detected.	2021-07-19 18:21:13 +01:00
Chris Smowton	392e405f5d	Add Spring-XSS test This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql	2021-07-19 18:21:11 +01:00
Chris Smowton	16c5952167	Add and improve Spring-web stubs	2021-07-19 18:20:37 +01:00
Chris Smowton	8051a7cd83	Add change note	2021-07-19 18:11:05 +01:00
Chris Smowton	34a4b71891	Add models of JSON-java, aka `org.json`	2021-07-19 17:57:27 +01:00
Arthur Baars	43c68eae94	Merge pull request #6324 from github/aibaars/include-diagnostic-summary Code Scanning selectors: Include diagnostic and summary metric queries	2021-07-19 17:16:48 +02:00
Arthur Baars	ed054acd8e	Merge pull request #6305 from intrigus-lgtm/patch-5 C# remove spurious spaces in <code> tag	2021-07-19 17:09:36 +02:00
Arthur Baars	d960ef2dac	Code Scanning selectors: Include diagnostic and summary metric queries	2021-07-19 17:05:43 +02:00
Rasmus Wriedt Larsen	5249591747	Python: Fix test folder for InsecureProtocol	2021-07-19 16:57:00 +02:00
Rasmus Wriedt Larsen	5939128a76	Python: Fix test folder for InsecureDefaultProtocol it was named wrong before. whoops.	2021-07-19 16:56:07 +02:00
Rasmus Wriedt Larsen	77021ae119	Python: Restructure security tests to contain query name We were mixing between things, so this is just to keep things consistent. Even though it's not strictly needed for all queries, it does look nice I think	2021-07-19 16:54:34 +02:00
Rasmus Wriedt Larsen	da021feb8b	Python: Move `py/incomplete-hostname-regexp` tests to own folder	2021-07-19 16:48:21 +02:00
Rasmus Wriedt Larsen	7939a1372e	Python: Move Jinja2WithoutEscaping tests to own folder	2021-07-19 16:44:41 +02:00
Geoffrey White	c85edb6c03	C++: Use [, ] in the query.	2021-07-19 15:24:25 +01:00
Geoffrey White	7684796d63	C++: Fix handling of the 'stat' pointer argument.	2021-07-19 15:13:19 +01:00
Mathias Vorreiter Pedersen	7bc18abbb0	Merge pull request #6150 from geoffw0/toctou C++: Tests for cpp/toctou-race-condition	2021-07-19 15:51:35 +02:00
Tony Torralba	70081b6a1e	Refactor MvelInjection.qll	2021-07-19 15:36:35 +02:00
Artem Smotrakov	47e4cf4180	Make UnsafeDeserializationSink public	2021-07-19 15:34:33 +02:00
Geoffrey White	0c029898bb	C++: Autoformat.	2021-07-19 13:58:25 +01:00
Geoffrey White	49bbfefb4d	C++: Fix uses of 'rename' in tests.	2021-07-19 13:57:16 +01:00
Tony Torralba	45a72ff6eb	Fix InsecureBasicAuth test expectations	2021-07-19 13:56:31 +02:00
Tony Torralba	46faf68d64	Decouple MvelInjection.qll to reuse the taint tracking configuration	2021-07-19 13:50:03 +02:00
Tony Torralba	5ca8b380e9	Merge branch 'main' into atorralba/promote-mvel-injection	2021-07-19 13:45:10 +02:00
Nick Rolfe	8d21f95ffc	Merge pull request #235 from github/comment_fix Move comment so it's not treated as part of the precision metadata	2021-07-19 12:39:13 +01:00
Nick Rolfe	ce35d74447	Move comment so it's not treated as part of the precision metadata	2021-07-19 12:29:16 +01:00
shati-patel	69dab49073	Docs: Running query on multiple DBs in CodeQL for VS Code	2021-07-19 12:24:05 +01:00
Artem Smotrakov	035f7ac669	Refactored libs for unsafe deserialization	2021-07-19 13:19:36 +02:00
Tony Torralba	1c91e74269	Rename sink models class	2021-07-19 13:05:37 +02:00

... 80 81 82 83 84 ...

29908 Commits