hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
652 Commits 1,684 Branches 159 Tags
005e49fe94308a4977f3addcfbe3bead2fbdccfc
Commit Graph

57 Commits

Author SHA1 Message Date
Sauyon Lee
21bfaec0d3 TaintedPath: Add change note for tempfiles 2020-05-12 05:44:19 -07:00
Max Schaefer
994536e93b Add change note. 2020-05-07 11:46:31 +01:00
Sauyon Lee
164149b29a Merge pull request #129 from max-schaefer/fix-argument-post-update-nodes 
Fix and improve taint-tracking through function arguments
 2020-05-06 02:57:01 -07:00
Max Schaefer
a79f2b4f44 Add change note for CleartextLogging. 2020-05-05 12:05:09 +01:00
Sauyon Lee
a841077cbe Add support for Mux library 2020-05-05 03:25:08 -07:00
Max Schaefer
980241603b Switch to new-style change notes. 2020-05-01 07:57:13 +01:00
Sauyon Lee
cd1d699208 Improve BadRedirectCheck query 
We now look for a path from the variable being checked to a redirect.

Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.
 2020-05-01 07:13:16 +01:00
Felicity Chapman
70525d0e64 Minor editorial changes 2020-04-17 13:19:11 +01:00
Sauyon Lee
8ca310e6b6 Add change note for buffered i/o 2020-04-15 00:37:50 -07:00
Max Schaefer
95c2cb19cf Add two missing change notes. 2020-04-15 07:57:47 +01:00
Max Schaefer
d344687f52 Add change note. 2020-04-09 09:41:09 +01:00
Max Schaefer
c9ef6f77a2 Merge pull request #91 from max-schaefer/disabled-certificate-check 
Add new query DisabledCertificateCheck.
 2020-04-08 07:11:15 +01:00
Max Schaefer
8fba9a98d4 Add new query DisabledCertificateCheck. 2020-04-07 09:01:41 +01:00
Max Schaefer
76f2748cbc Teach SsaWithFields to properly handle implicit dereferences. 2020-04-06 09:23:07 +01:00
Sauyon Lee
dcd6aaf69a Alphabetize change notes 2020-04-03 00:01:19 -07:00
Sauyon Lee
3577d75607 RequestForgery: Add change note 2020-04-02 23:58:17 -07:00
Max Schaefer
77c282824e Merge pull request #81 from gagliardetto/system-executors 
Expand system executors (continuation of #70)
 2020-04-03 07:24:05 +01:00
Max Schaefer
510b6070c9 Introduce official environment variable for goroutine limiting. 
We've had to tell people how to do this, so we should have a name for it that doesn't refer to a defunct company.
 2020-04-02 10:45:52 +01:00
Slavomir
32beebd059 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-04-02 12:09:06 +03:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
intrigus
3a381b2fbf Add change note 2020-04-01 16:15:09 +02:00
Slavomir
a25a21eb11 Add change-note 2020-04-01 15:14:22 +03:00
Max Schaefer
efc9ecefc8 Introduce CODEQL_GO_EXTRACTOR_BUILD_COMMAND as an alias for LGTM_INDEX_BUILD_COMMAND. 
We've occasionally had to tell people to set this variable manually, so we might as well have an alias that doesn't refer to a soon-to-be obsolete product.
 2020-04-01 09:35:57 +01:00
Sauyon Lee
3d3f35cc48 Add change notes for Go 1.14 support 2020-03-30 13:45:37 -07:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Max Schaefer
49c5779112 Add model of go-pg/pg. 2020-03-17 12:08:42 +00:00
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps 
MistypedExponentiation: Add a heuristic to reduce FPs
 2020-03-13 15:46:03 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Sauyon Lee
ea5e6a324d Add change note 2020-03-13 03:10:55 -07:00
Sauyon Lee
5056b5f161 Apply review comments. 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-11 03:26:18 -07:00
Sauyon Lee
1f83aa4586 Add a -mod=vendor change note 2020-03-11 03:10:35 -07:00
Sauyon Lee
43fbf47da3 Add a change note about go.mod extraction 2020-03-06 06:51:28 -08:00
Shati Patel
6b0f8a4088 Mention cookbook queries in 1.24 changenotes 2020-02-17 14:38:46 +00:00
Sauyon Lee
39f5376eed ReflectedXss: Add change note for Fprintf FPs 2020-02-05 19:07:42 -08:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break 
Add query to find unsafe quoting
 2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Max Schaefer
69a91b537f Add change note for autobuilder changes 
https://git.semmle.com/Semmle/go/pull/210 did not include a change note.
 2020-01-30 11:36:23 +00:00
Sauyon Lee
3a73658a9c BadRedirectSanitizer: Bind e to hp 
Address doc review comments
 2020-01-27 17:33:51 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Max Schaefer
d78ba06a8d Add change note. 2020-01-21 09:56:59 +00:00
Max Schaefer
08ba795565 Sort lines in change notes. 2020-01-17 15:46:50 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24 
Switch RedundantExpr query back to using AST instead of global value numbering.
 2020-01-14 13:05:44 -08:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Shati Patel
e4346a17de Merge pull request #195 from max/impossible-interface-nil-check 
Add new query ImpossibleInterfaceNilCheck
 2019-11-27 11:15:05 +00:00
Max Schaefer
e5a12e9738 Add new query ImpossibleInterfaceNilCheck. 2019-11-26 20:28:53 +00:00