hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,904 Commits 1,671 Branches 157 Tags
215682f67cda4c1fbb67db5bd32f0845769b5152
Commit Graph

1477 Commits

Author SHA1 Message Date
Max Schaefer
215682f67c JavaScript: Add change note. 2020-05-26 10:49:30 +01:00
Dave Bartolomeo
12688f80ce Merge pull request #3559 from jbj/vcs-remove 
C++: Remove VCS.qll and all queries using it
 2020-05-25 14:30:31 -04:00
Jonas Jensen
e28ed848a4 C++: Remove VCS.qll and all queries using it 
All these queries have been deprecated since 2018. There is
unfortunately no way to deprecate a library, but it's been years since
we populated any databases using the VCS library, so nobody should be
using it.
 2020-05-25 19:28:06 +02:00
Jonas Jensen
bc09720704 Merge pull request #3479 from geoffw0/fp2762 
C++: Allow equality to block taint (security taint tracking)
 2020-05-25 15:11:10 +02:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Erik Krogh Kristensen
b79b25ef87 correct cwe-78 to cwe-078 2020-05-21 12:38:44 +00:00
semmle-qlci
c15d22d9f8 Merge pull request #3516 from asger-semmle/js/typescript-3.9.2 
Approved by erik-krogh
 2020-05-20 11:31:57 +01:00
semmle-qlci
2bbc1c2af0 Merge pull request #3478 from erik-krogh/PromiseAll 
Approved by asgerf, esbena
 2020-05-20 11:03:05 +01:00
semmle-qlci
29b8a0db92 Merge pull request #3508 from asger-semmle/js/shared-data-flow-node 
Approved by esbena
 2020-05-20 10:58:09 +01:00
Tom Hvitved
e9839198f4 Merge pull request #3484 from calumgrant/cs/index-initializers 
C#: Extract indexed initializers correctly
 2020-05-20 09:22:47 +02:00
semmle-qlci
26dfca80f6 Merge pull request #3510 from max-schaefer/cull-boring-queries 
Approved by asgerf, esbena
 2020-05-19 15:41:53 +01:00
Max Schaefer
a803120414 Lower precision for a number of queries. 
These queries are currently run by default, but don't have their results displayed.

Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`).

With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
 2020-05-19 13:43:17 +01:00
Geoffrey White
7d630c458e Merge branch 'master' into fp2762 2020-05-19 11:43:50 +01:00
Asger Feldthaus
0db0ddf476 JS: Add a change note 2020-05-19 11:07:35 +01:00
Asger Feldthaus
f49b36aec7 JS: Change note 2020-05-19 09:52:26 +01:00
semmle-qlci
0c081a8e87 Merge pull request #3497 from esbena/js/yield-and-local-objects 
Approved by asgerf, erik-krogh
 2020-05-19 09:02:22 +01:00
Erik Krogh Kristensen
aa396a39d3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 20:57:51 +00:00
Asger F
96d6115452 Merge branch 'master' into js/sql-type-tracking 2020-05-18 15:58:42 +01:00
Erik Krogh Kristensen
70a28f60e3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 14:05:37 +00:00
Max Schaefer
bdd778f989 JavaScript: Add change note. 2020-05-18 12:08:36 +01:00
Esben Sparre Andreasen
a9ba6ac659 JS: make LocalObjects::isEscape aware of yield 2020-05-18 12:43:46 +02:00
Erik Krogh Kristensen
bd3c4d4077 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 07:51:19 +00:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
Erik Krogh Kristensen
dfdecf1450 add change note 2020-05-17 10:32:27 +02:00
semmle-qlci
8d41ce1630 Merge pull request #3480 from erik-krogh/moreSlip 
Approved by esbena
 2020-05-16 21:17:27 +01:00
Asger Feldthaus
435f9ea09f JS: Change note 2020-05-15 17:27:30 +01:00
Asger Feldthaus
e311cc7689 JS: Change note 2020-05-15 13:06:37 +01:00
Calum Grant
53ca3ccf53 C#: Update changenotes 2020-05-15 13:06:17 +01:00
Geoffrey White
48f3db3fbe Merge branch 'master' into fp2762 2020-05-15 09:55:30 +01:00
Erik Krogh Kristensen
4eb96848a6 add change note for bluebird and "Promise" 2020-05-15 09:58:33 +02:00
Erik Krogh Kristensen
7df35a6bab update change note 2020-05-15 09:52:59 +02:00
semmle-qlci
a536069059 Merge pull request #3408 from esbena/js/unsafe-html-expansion 
Approved by asgerf, mchammer01
 2020-05-15 08:24:12 +01:00
Geoffrey White
6579c71866 C++: Change note. 2020-05-14 18:44:06 +01:00
Geoffrey White
df5e16c45d C++: Add a 1.25 change note file (didn't we used to have templates for these?). 2020-05-14 18:41:14 +01:00
semmle-qlci
23532ae49a Merge pull request #3467 from erik-krogh/tarSlip 
Approved by esbena
 2020-05-14 14:06:42 +01:00
semmle-qlci
57f44c5a81 Merge pull request #2886 from asger-semmle/js/call-graph-exploration 
Approved by erik-krogh, esbena
 2020-05-14 14:01:23 +01:00
Erik Krogh Kristensen
422ade16db Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-14 10:05:59 +02:00
Erik Krogh Kristensen
ce5356f592 change note 2020-05-14 09:48:50 +02:00
Calum Grant
f5daeea618 Merge pull request #3421 from hvitved/csharp/dataflow/change-note 
C#/Java/C++: Add change note for #3110
 2020-05-13 13:53:01 +01:00
Esben Sparre Andreasen
c6fa88af28 JS: change notes 2020-05-13 12:56:33 +02:00
Esben Sparre Andreasen
7722d77c86 JS: add the NoSQL $where as a sink for js/code-injection 2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen
20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
Erik Krogh Kristensen
83d34b939c change note 2020-05-12 14:24:04 +02:00
Erik Krogh Kristensen
8b3e86c4f8 change note 2020-05-11 13:40:59 +02:00
Tom Hvitved
c837ab7d1a Apply suggestions from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:42:50 +02:00
Tom Hvitved
948c2f7f7e C++: Add change note 2020-05-07 16:01:55 +02:00
Tom Hvitved
0b85f3fed4 Address review comments 2020-05-07 15:58:46 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
Tom Hvitved
f19b1045d6 Java: Add change note 2020-05-06 15:52:49 +02:00