hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
356 Commits 1,684 Branches 159 Tags
2c751f2945e496cf47d8fd85b436ac03a0f2bc29
Commit Graph

28 Commits

Author SHA1 Message Date
Sauyon Lee
5056b5f161 Apply review comments. 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-11 03:26:18 -07:00
Sauyon Lee
1f83aa4586 Add a -mod=vendor change note 2020-03-11 03:10:35 -07:00
Sauyon Lee
43fbf47da3 Add a change note about go.mod extraction 2020-03-06 06:51:28 -08:00
Shati Patel
6b0f8a4088 Mention cookbook queries in 1.24 changenotes 2020-02-17 14:38:46 +00:00
Sauyon Lee
39f5376eed ReflectedXss: Add change note for Fprintf FPs 2020-02-05 19:07:42 -08:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break 
Add query to find unsafe quoting
 2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Max Schaefer
69a91b537f Add change note for autobuilder changes 
https://git.semmle.com/Semmle/go/pull/210 did not include a change note.
 2020-01-30 11:36:23 +00:00
Sauyon Lee
3a73658a9c BadRedirectSanitizer: Bind e to hp 
Address doc review comments
 2020-01-27 17:33:51 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Max Schaefer
d78ba06a8d Add change note. 2020-01-21 09:56:59 +00:00
Max Schaefer
08ba795565 Sort lines in change notes. 2020-01-17 15:46:50 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24 
Switch RedundantExpr query back to using AST instead of global value numbering.
 2020-01-14 13:05:44 -08:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Shati Patel
e4346a17de Merge pull request #195 from max/impossible-interface-nil-check 
Add new query ImpossibleInterfaceNilCheck
 2019-11-27 11:15:05 +00:00
Max Schaefer
e5a12e9738 Add new query ImpossibleInterfaceNilCheck. 2019-11-26 20:28:53 +00:00
Max Schaefer
ee723d8a4f Fix DeadStoreOfField false positive. 
We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.
 2019-11-25 20:21:16 +00:00
Sauyon Lee
2c921d9418 Merge pull request #193 from max/header-xss 
Don't flag header injection as XSS.
 2019-11-25 11:56:54 -08:00
Sauyon Lee
61c2478541 Merge pull request #12 from github/rc/1.23 
Merge rc/1.23 into master
 2019-11-25 09:20:17 -08:00
Felicity Chapman
de2c7d8884 Minor text changes 2019-11-25 15:48:58 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS. 
All results I have seen from this are uninteresting.
 2019-11-25 15:06:53 +00:00
Max Schaefer
1ff032d11e Add new query ConstantLengthComparison. 2019-11-22 20:55:14 +00:00
Max Schaefer
7136713a5f Add change notes for 1.23. 2019-11-21 15:50:40 +00:00