hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 21:16:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,905 Commits 1,714 Branches 162 Tags
243280dc0094409deecc4e2f4886e1f92cf0e82d
Commit Graph

1905 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
243280dc00 Python: New query to check for use of jinja2 templates without auto-escaping. 2018-11-28 10:45:19 +00:00
semmle-qlci
e66691a90c Merge pull request #551 from asger-semmle/js-extractor-shebang 
Approved by xiemaisi
 2018-11-28 08:49:44 +00:00
Mark Shannon
31ac33e723 Merge pull request #528 from taus-semmle/python-flask-debug 
Python: Implement check for flask debug mode.
 2018-11-27 19:42:26 +00:00
Taus Brock-Nannestad
7f94c257a7 Change precision to high. 2018-11-27 19:02:44 +01:00
Taus
2b340b4804 Merge pull request #530 from markshannon/python-no-cert-validation 
New query to check for making a request without cert verification.
 2018-11-27 19:01:10 +01:00
Taus Brock-Nannestad
6ebf504d97 Update test results after stub change. 2018-11-27 16:59:19 +01:00
Taus Brock-Nannestad
8d341ab467 Fix stub file. 2018-11-27 16:56:09 +01:00
Asger F
623a80fe90 TS: declassify files with unrecognized shebang line 2018-11-27 14:59:03 +00:00
Taus Brock-Nannestad
b393d9ad04 Add change note. 2018-11-27 15:21:02 +01:00
Taus Brock-Nannestad
a4da245809 Python: Implement check for flask debug mode. 2018-11-27 15:14:38 +01:00
Mark Shannon
698957e2cf Python: Correct case of query name and improve help. 2018-11-27 11:32:40 +00:00
Geoffrey White
a85dfb1c4e Merge pull request #548 from jbj/security-tags-1.19 
C++: Update security tag in change note
 2018-11-27 11:13:56 +00:00
Jonas Jensen
c8e34bff6c C++: Update security tag in change note 
These two queries have the `security` tag in the `.ql` file, but it was
missing in the change note.
 2018-11-27 11:03:42 +01:00
Aditya Sharad
7aef8fa945 Merge pull request #547 from pavgust/fix/cwe-497-performance 
C++: Refactor CWE-497 for clarity and performance
 2018-11-26 17:13:27 +00:00
Mark Shannon
516b29d2c9 Merge pull request #544 from pavgust/fix/python-hotfixes 
Pull recent Python fixes to RC branch
 2018-11-26 16:18:13 +00:00
Max Schaefer
8e54c7ab6c Merge pull request #503 from asger-semmle/unsafe-global-object-access 
JS: add method name injection query
 2018-11-26 15:56:20 +00:00
Tom Hvitved
7dc0a8132e Merge pull request #513 from calumgrant/cs/cwe-134 
C#: New query cs/uncontrolled-format-string
 2018-11-26 14:58:54 +01:00
Max Schaefer
a1772a9ae4 Merge pull request #543 from markshannon/python-backward-compat-default 
Python: Add default.qll for backwards compatibility with older queries and libraries.
 2018-11-26 11:27:17 +00:00
Mark Shannon
4d8f5e1020 Python: Add default.qll for backwards compatibility with older queries and libraries. 2018-11-26 11:25:28 +00:00
Arthur Baars
8d7ace25bf Merge pull request #535 from adityasharad/merge/master-next-231118 
Merge master into next.
 2018-11-25 20:19:23 +01:00
Taus
f0fbed76e7 Merge pull request #539 from markshannon/python-path-fix-siblings 
Python: Fix parents relation for path queries.
 2018-11-23 17:59:04 +01:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Taus
3cee874ee3 Merge pull request #536 from markshannon/python-more-shell-injection 
Python: Some additional sinks for command injection.
 2018-11-23 17:12:20 +01:00
yh-semmle
17b063f0b2 Merge pull request #473 from sb-semmle/add-properties-files-to-java-schema 
Add properties files to java schema
 2018-11-23 11:09:00 -05:00
yh-semmle
f4ec168666 Merge pull request #533 from aschackmull/java/inherit-bugfix-changenote 
Java: Add change note for #459.
 2018-11-23 10:53:44 -05:00
Mark Shannon
3190b12544 Python: Fix parent relation for path-queries. 2018-11-23 15:04:01 +00:00
Mark Shannon
bfc001cc68 Python: Add change note for requests without cert verification query. 2018-11-23 14:48:19 +00:00
Mark Shannon
6588606739 Python: Account for other 'falsey' values in query. 2018-11-23 14:42:45 +00:00
Mark Shannon
06e5bc8359 Python: Add qhelp for new query. 2018-11-23 14:42:45 +00:00
Mark Shannon
45e864a395 Python: New query to test for requests without validation. 2018-11-23 14:42:45 +00:00
Mark Shannon
f0206a2ff4 Python: Tests for new query: requests called with verify=False. 2018-11-23 14:42:45 +00:00
Mark Shannon
7f5d46b32f Python: Add change note for new sinks. 2018-11-23 14:30:57 +00:00
Mark Shannon
b94493aec3 Python: Add extra sinks for command-injection query. 2018-11-23 14:29:02 +00:00
Taus
ceb316df60 Merge pull request #527 from markshannon/python-security-change-note 
Collated python change notes
 2018-11-23 15:28:18 +01:00
Pavel Avgustinov
d4b2c01634 Lift out intermediate helper predicate. 2018-11-23 14:22:44 +00:00
Taus
61f5c2e834 Merge pull request #516 from markshannon/python-path-queries 
Python path queries
 2018-11-23 15:20:19 +01:00
Anders Schack-Mulligen
d24145831b Java: Add change note for #459. 2018-11-23 14:21:30 +01:00
Aditya Sharad
10dc183495 Merge pull request #512 from hvitved/csharp/autobuilder/dirs-proj 
C#: Recognize `.proj` files in autobuilder
 2018-11-23 13:18:04 +00:00
Mark Shannon
4f5cfbc336 Correct change for extractor logging levels. 2018-11-23 13:03:16 +00:00
Mark Shannon
95f1935eaa Python change notes: Merge in internal change notes. 2018-11-23 12:55:04 +00:00
semmle-qlci
04c2b23abd Merge pull request #520 from esben-semmle/js/clear-text-logging-taint-kinds 
Approved by asger-semmle
 2018-11-23 12:40:40 +00:00
Mark Shannon
61bd8682df Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly. 2018-11-23 12:32:14 +00:00
semmle-qlci
817456ee9f Merge pull request #529 from asger-semmle/js-line-map 
Approved by xiemaisi
 2018-11-23 12:00:17 +00:00
Anders Schack-Mulligen
a0d8888224 Merge pull request #531 from yh-semmle/java/deprecate-vcs 
Java: deprecate queries that use `VCS.qll`
 2018-11-23 11:59:17 +01:00
Geoffrey White
0a27022dd4 Merge pull request #523 from jbj/placement-new-never-freed 
C++: Detect non-allocating placement new in cpp/memory-never-freed
 2018-11-23 09:40:11 +00:00
Tom Hvitved
1939773684 C#: Address review comments 2018-11-23 09:32:12 +01:00
Tom Hvitved
c3ccdfa7f9 C#: Guard against cyclic inclusions in project files 2018-11-23 09:32:12 +01:00
Tom Hvitved
e4f68ae324 C#: Address review comments 2018-11-23 09:32:12 +01:00
Tom Hvitved
836daaf07b C#: Recognize .proj files in autobuilder 
When determining the target of `msbuild` or `dotnet build`, first look for `.proj`
files, then `.sln` files, and finally `.csproj`/`.vcxproj` files. In all three cases,
choose the project/solution file closest to the root.
 2018-11-23 09:32:12 +01:00
Tom Hvitved
b95d7e5302 C#: Move autobuilder into separate folder 2018-11-23 09:32:12 +01:00