codeql

mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00

Author	SHA1	Message	Date
Max Schaefer	9aa26fa4bc	JavaScript: Add model for `foreground-child`. >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another `execa` function relevant for command injection.	2020-07-27 11:34:04 +01:00
Tom Hvitved	f5c1de8a17	Merge pull request #3960 from calumgrant/cs/tag-inefficient-containskey C#: Fix tags typo	2020-07-27 11:44:58 +02:00
Calum Grant	09f45ac9fe	Merge pull request #3877 from calumgrant/cs/autobuilder-alerts C#: Make fields readonly	2020-07-27 10:43:04 +01:00
Shati Patel	db09ca7b68	Update queries + outdated note	2020-07-27 11:42:10 +02:00
ubuntu	8dee3da4fe	Update .qhelp	2020-07-26 23:50:22 +02:00
ubuntu	ac7c511d86	Update .qhelp	2020-07-26 23:47:53 +02:00
ubuntu	2cec8f7e9d	Update .qhelp	2020-07-26 23:23:56 +02:00
ubuntu	c469f71957	Add Codeql query to detect if cookies are sent without the flag being set	2020-07-26 22:56:36 +02:00
luchua-bc	01fb51829c	Unsecure basic authentication	2020-07-24 20:35:09 +00:00
Shati Patel	bb05db5c98	Convert C/C++ article	2020-07-24 12:07:17 +02:00
Porcupiney Hairs	7a71ca3e0f	fix tests.	2020-07-24 00:57:19 +05:30
Rasmus Wriedt Larsen	c49311e69e	Python: Fix JinjaSSTISinks.expected	2020-07-23 20:11:27 +02:00
Rasmus Wriedt Larsen	03d22fa8e3	Python: Fix filenames in qhelp	2020-07-23 17:32:01 +02:00
Rasmus Wriedt Larsen	e283d289fd	Python: Update TemplateInjection.qhelp Moved things around so there is only a single `<example>` tag (and had to rewrite contents a bit).	2020-07-23 17:23:26 +02:00
Porcupiney Hairs	1e7921e575	add qhelp and fix tests.	2020-07-23 20:04:32 +05:30
porcupineyhairs	8e85dc755a	Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-07-23 19:37:40 +05:30
semmle-qlci	bb5b161d72	Merge pull request #3972 from shati-patel/merge-rc Approved by mchammer01	2020-07-23 11:30:45 +01:00
Shati Patel	2326f31749	Merge branch 'rc/1.24' into merge-rc	2020-07-23 12:18:30 +02:00
Rasmus Wriedt Larsen	a97f942a17	Python: Autoformat	2020-07-23 11:38:34 +02:00
Felicity Chapman	40c998fa13	Merge pull request #3969 from alexey-tereshenkov-oxb/master Python: Fix typo in qhelp file	2020-07-23 10:37:37 +01:00
Mathias Vorreiter Pedersen	a4242bcb5d	Merge pull request #3962 from rdmarsh2/ir-barrierguard-checks-expr C++: make IR BarrierGuard::checks match AST	2020-07-23 09:21:37 +02:00
Alexey Tereshenkov	7840dfce3b	Put the closing tag back	2020-07-22 20:51:29 +01:00
Alexey Tereshenkov	e2939377e9	Update python/ql/src/Expressions/WrongNumberArgumentsForFormat.qhelp Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2020-07-22 20:07:34 +01:00
Alexey Tereshenkov	a6eb3caa5f	Update python/ql/src/Expressions/WrongNumberArgumentsForFormat.qhelp Co-authored-by: Felicity Chapman <felicitymay@github.com>	2020-07-22 20:07:27 +01:00
Alexey Tereshenkov	a5f566b563	Fix typo	2020-07-22 15:39:50 +01:00
Remco Vermeulen	3320061178	Add and adjust QL docs for classes and predicates	2020-07-22 16:04:55 +02:00
Remco Vermeulen	2c42d3cca5	Extract additional taint steps This is done for logical cohesion. We already have the capability of extending additional taint steps by extending `TaintTracking::AdditionalTaintStep`.	2020-07-22 16:04:55 +02:00
Remco Vermeulen	57e7411c0a	Extract Ldap injection sanitizers to importable lib This includes a new abstract class that represents all the Ldap injection santizers and can be used to add additional santizers through extension.	2020-07-22 16:04:55 +02:00
Remco Vermeulen	0d5f9113a3	Extract ldap injection sink into importable library	2020-07-22 16:04:55 +02:00
Rasmus Wriedt Larsen	91e6222662	Python: Fix SSTI query by importing UntrustedStringKind Without a concrete ExternalStringKind class, there will be no flow for ExternalStringKind by default.	2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen	9dbd280d31	Python: Fix syntax error	2020-07-21 18:01:27 +05:30
Porcupiney Hairs	49df4169cf	Python : Add query to detect Server Side Template Injection	2020-07-21 18:01:27 +05:30
Raul Garcia (MSFT)	55473c65f1	Improving documentation	2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)	9d7d6b39cb	Small fixes based on feedback	2020-07-20 11:14:59 -07:00
Remco Vermeulen	c2733ad22e	Apply grammar suggestions Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-07-20 14:55:00 +02:00
intrigus	f94055fa2c	Move tainted path ad-hoc guard back.	2020-07-19 00:19:29 +02:00
intrigus	33526f61a8	Make path creation subclasses private.	2020-07-19 00:11:04 +02:00
intrigus	b705f7f3e9	Improve "PathCreation" Test.	2020-07-19 00:10:39 +02:00
intrigus	4570444c7e	Rename to getAnInput and clarify doc.	2020-07-19 00:10:13 +02:00
Robert Marsh	0bb6d0c7ca	C++: make IR BarrierGuard::checks match AST	2020-07-17 15:43:57 -07:00
Taus Brock-Nannestad	cec3694c89	Python: Add type tracker and step summary implementation.	2020-07-17 16:36:56 +02:00
Calum Grant	79f412ff54	C#: Fix tags typo	2020-07-17 15:30:33 +01:00
Raul Garcia (MSFT)	5387294168	Moving to experimental as requested	2020-07-16 09:32:17 -07:00
Geoffrey White	2e5af67626	Merge pull request #3952 from MathiasVP/output-parameter-index-for-UserDefinedFormattingFunction C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction class.	2020-07-15 18:11:09 +01:00
Nick Rolfe	c7b668193b	Merge pull request #3929 from igfoo/static_assert C++: Give static assertions an enclosing element	2020-07-15 18:03:26 +01:00
Mathias Vorreiter Pedersen	289a908eb8	C++: Update qldoc in reponse to PR comments	2020-07-15 16:24:47 +02:00
Mathias Vorreiter Pedersen	c4b97a3a62	C++: Accept more test changes	2020-07-15 16:19:51 +02:00
Geoffrey White	c4940aaa86	Merge branch 'master' into copymove	2020-07-15 15:01:01 +01:00
Mathias Vorreiter Pedersen	edc33b6516	C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction and accept test changes	2020-07-15 14:46:08 +02:00

... 17 18 19 20 21 ...

15458 Commits