Calum Grant
|
4642bb2767
|
Merge pull request #3774 from hvitved/csharp/tripleticks
C#: Enable syntax highlighting in QLDoc snippets
|
2020-06-25 10:31:50 +01:00 |
|
Rasmus Wriedt Larsen
|
b36c23ef63
|
Merge pull request #3500 from yoff/UnmatchableDollar
Python: Regexp: Handle repetions {n} (with no ,)
|
2020-06-25 11:26:52 +02:00 |
|
Rasmus Wriedt Larsen
|
0b36cd44b8
|
Merge pull request #3522 from porcupineyhairs/pythonXpath
Python : Add Xpath injection query
|
2020-06-25 11:21:45 +02:00 |
|
Dave Bartolomeo
|
06a5242d76
|
Merge pull request #3793 from rdmarsh2/rdmarsh/cpp/ir-range-analysis-experimental
C++: move IR range analysis to experimental
|
2020-06-24 20:51:07 -04:00 |
|
Robert Marsh
|
3e6a19843d
|
Merge pull request #3727 from jbj/tainted-format-string-high
C++: Raise cpp/tainted-format-string* precisions to high
|
2020-06-24 15:06:13 -07:00 |
|
Asger F
|
090a685d86
|
Merge pull request #3751 from toufik-airane/master
[javascript] CWE-347: JWT Missing Secret Or Public Key Verification
|
2020-06-24 21:09:41 +01:00 |
|
Robert Marsh
|
fb6e578618
|
C++: move IR range analysis to experimental
|
2020-06-24 12:50:14 -07:00 |
|
Robert Marsh
|
38067b5b34
|
Merge pull request #3777 from rdmarsh2/rdmarsh/csharp/autobuilder-lang-name
C#/C++: Use CODEQL_EXTRACTOR_<LANG>_* in autobuilder
|
2020-06-24 10:18:26 -07:00 |
|
Anders Schack-Mulligen
|
791f31fa65
|
Merge pull request #3595 from luchua-bc/j2ee-server-directory-listing
Java: Add check for J2EE server directory listing
|
2020-06-24 16:45:34 +02:00 |
|
semmle-qlci
|
daeb13d9fd
|
Merge pull request #3779 from asger-semmle/js/metric-queries
Approved by esbena
|
2020-06-24 15:37:03 +01:00 |
|
semmle-qlci
|
696d19cb14
|
Merge pull request #3773 from erik-krogh/guardedCrypto
Approved by asgerf
|
2020-06-24 13:04:04 +01:00 |
|
Jonas Jensen
|
3982da5c47
|
Merge pull request #3771 from hvitved/qldoc-style-tripleticks
Suggest using target language syntax highlighting in QLDoc
|
2020-06-24 11:36:39 +02:00 |
|
Rasmus Lerchedahl Petersen
|
f6c59abcd9
|
Merge branch 'master' of github.com:github/codeql into UnmatchableDollar
to make CodeScan happy
|
2020-06-24 11:04:07 +02:00 |
|
Rasmus Lerchedahl Petersen
|
6e9c48bba7
|
Python: test zero iterations
|
2020-06-24 11:01:27 +02:00 |
|
Rasmus Lerchedahl Petersen
|
226c295b4c
|
Python: format
|
2020-06-24 10:48:51 +02:00 |
|
Anders Schack-Mulligen
|
941177ee25
|
Merge pull request #3762 from hvitved/dataflow/clear-contents
Data flow: Model field clearing
|
2020-06-24 10:19:50 +02:00 |
|
Anders Schack-Mulligen
|
3b62bd254c
|
Merge pull request #3723 from JLLeitschuh/fix/JLL/gitignore_vs_code_generated_files
Add .gitignore for VS Code Generated maven project files
|
2020-06-24 09:35:01 +02:00 |
|
Erik Krogh Kristensen
|
76ed03f75b
|
update change-note
Co-authored-by: Asger F <asgerf@github.com>
|
2020-06-24 09:30:43 +02:00 |
|
semmle-qlci
|
a723ac0d8e
|
Merge pull request #3767 from esbena/js/console-member-calls
Approved by erik-krogh
|
2020-06-24 08:03:49 +01:00 |
|
Asger Feldthaus
|
d15c98d18c
|
JS: Add more metrics
|
2020-06-24 08:03:24 +01:00 |
|
Geoffrey White
|
afcc6ac712
|
Merge pull request #3766 from rdmarsh2/rdmarsh/cpp/add-qldoc-3
C++: Add QLDocs for Initializer.qll-Macro.qll and model classes
|
2020-06-24 07:31:48 +01:00 |
|
Robert Marsh
|
e24566e313
|
C#/C++: Use CODEQL_EXTRACTOR_CPP_ROOT in autobuild
Left this out earlier because I thought it needed to point to the C#
extractor root even in C++ mode, but it looks like it isn't yet used in
C++ mode.
|
2020-06-23 15:53:25 -07:00 |
|
Robert Marsh
|
c37c282861
|
C#/C++: Fix tests with new environment variables
|
2020-06-23 15:35:22 -07:00 |
|
Robert Marsh
|
da9aa546de
|
C#/C++: Use CODEQL_EXTRACTOR_CPP_* in autobuilder
|
2020-06-23 14:47:07 -07:00 |
|
Mathias Vorreiter Pedersen
|
30d9c6b9e4
|
Merge pull request #3776 from geoffw0/qldoc
C++: QLDoc ObjectiveC.qll, BufferWrite.qll, FileWrite.qll, OutputWrite.qll
|
2020-06-23 22:23:03 +02:00 |
|
Robert Marsh
|
b402352321
|
Merge pull request #3775 from hvitved/dataflow/tripleticks
Data flow: Enable syntax highlighting in QLDoc snippets
|
2020-06-23 09:53:10 -07:00 |
|
Robert Marsh
|
edaa43ab0b
|
C++: respond to PR comments on qldoc
|
2020-06-23 09:23:08 -07:00 |
|
Asger Feldthaus
|
63d48bfe5c
|
JS: Move IgnoredFile to MetaMetrics
|
2020-06-23 17:08:09 +01:00 |
|
Asger Feldthaus
|
35bdb4127e
|
JS: Add TypedExprs metric
|
2020-06-23 17:05:58 +01:00 |
|
Geoffrey White
|
fbaf398e7a
|
C++: QLDoc FileWrite and OutputWrite.
|
2020-06-23 16:57:22 +01:00 |
|
Geoffrey White
|
e01f050db8
|
C++: QLDoc BufferWrite.qll.
|
2020-06-23 16:29:00 +01:00 |
|
Geoffrey White
|
dea9a13e44
|
C++: QLDoc ObjectiveC.qll (deprecated).
|
2020-06-23 16:28:51 +01:00 |
|
Tom Hvitved
|
652de80fa5
|
C#: Enable syntax highlighting in QLDoc snippets
|
2020-06-23 16:56:56 +02:00 |
|
Tom Hvitved
|
a3e7fd60f2
|
Data flow: Enable syntax highlighting in QLDoc snippets
|
2020-06-23 16:54:34 +02:00 |
|
Bt2018
|
fffc88ea5b
|
Metadata update
|
2020-06-23 10:34:28 -04:00 |
|
Taus
|
a2677f8df0
|
Merge pull request #3758 from RasmusWL/python-methods-overrides-as-recommendation
Python: Changing signature in overriden method is not an error
|
2020-06-23 16:16:44 +02:00 |
|
Erik Krogh Kristensen
|
79599b6cc0
|
add change-note
|
2020-06-23 15:57:55 +02:00 |
|
Erik Krogh Kristensen
|
3f8881a334
|
don't report insecure randomness when the insecure random is just a fallback
|
2020-06-23 15:53:19 +02:00 |
|
Tom Hvitved
|
8d5077ae83
|
Suggest using target language syntax highlighting in QLDoc
|
2020-06-23 14:48:04 +02:00 |
|
luchua-bc
|
89260d6f8a
|
Fix ending line error
|
2020-06-23 12:36:07 +00:00 |
|
luchua-bc
|
7642b43990
|
Adjust id tag and fix ending line error
|
2020-06-23 12:10:07 +00:00 |
|
semmle-qlci
|
0d61443915
|
Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing
Approved by erik-krogh
|
2020-06-23 13:01:41 +01:00 |
|
Asger F
|
552b7ad3ca
|
Merge pull request #3765 from asger-semmle/js-team-sprint-merge2
JS: Merge js-team-sprint
|
2020-06-23 12:58:27 +01:00 |
|
semmle-qlci
|
a5a3573a3e
|
Merge pull request #3757 from asger-semmle/js/unused-npm-dependencies
Approved by erik-krogh
|
2020-06-23 12:56:45 +01:00 |
|
Toufik Airane
|
27f91b36b0
|
Update javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-06-23 12:28:21 +02:00 |
|
toufik-airane
|
37f44d98ce
|
fix minor issues
|
2020-06-23 12:28:03 +02:00 |
|
Tom Hvitved
|
ff751ac0f8
|
Data flow: Sync files
|
2020-06-23 10:55:12 +02:00 |
|
Tom Hvitved
|
98ed2a18ac
|
Data flow: Move field-clearing checks from flowCandFwf0 into flowCandFwd
|
2020-06-23 10:55:12 +02:00 |
|
Tom Hvitved
|
13b4dfa972
|
Data flow: Rename BigStepBarrierNode to FlowCheckNode
|
2020-06-23 10:55:12 +02:00 |
|
Tom Hvitved
|
3faca03de6
|
C#: Introduce ObjectInitializerNode
|
2020-06-23 10:55:12 +02:00 |
|