codeql

mirror of https://github.com/github/codeql.git synced 2026-01-10 05:00:29 +01:00

Author	SHA1	Message	Date
Robert Marsh	3e6a19843d	Merge pull request #3727 from jbj/tainted-format-string-high C++: Raise cpp/tainted-format-string* precisions to high	2020-06-24 15:06:13 -07:00
Erik Krogh Kristensen	76ed03f75b	update change-note Co-authored-by: Asger F <asgerf@github.com>	2020-06-24 09:30:43 +02:00
Erik Krogh Kristensen	79599b6cc0	add change-note	2020-06-23 15:57:55 +02:00
semmle-qlci	0d61443915	Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing Approved by erik-krogh	2020-06-23 13:01:41 +01:00
Asger Feldthaus	b4f75ef414	Merge branch 'master' into js-team-sprint-merge2	2020-06-23 00:18:09 +01:00
Asger F	ca06f6dfb4	Merge branch 'js-team-sprint' into js/insecure-http-options	2020-06-23 00:16:02 +01:00
Asger F	7d54b02fb9	Merge branch 'js-team-sprint' into js/delay-slow-query-merge	2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen	d4ad9a8bb2	Update change-notes/1.25/analysis-javascript.md Co-authored-by: Asger F <asgerf@github.com>	2020-06-22 14:55:27 +02:00
Esben Sparre Andreasen	9a0bbb31f4	Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" This reverts commit `eca5e2df8a`, reversing changes made to `1548eca994`.	2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen	3be094ea5b	JS: polish js/incomplete-html-attribute-sanitization	2020-06-22 14:35:00 +02:00
Asger Feldthaus	1edb2a1892	JS: Rephrase XSS queries that use exception/dom text as source	2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen	0654823b97	Merge branch 'js-team-sprint' into js/insecure-http-options	2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen	3e898487e8	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2020-06-22 11:23:40 +02:00
Asger F	eca5e2df8a	Merge pull request #3702 from esbena/js/memory-exhaustion JS: add query js/memory-exhaustion	2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen	0f5ef2c02a	Merge branch 'js-team-sprint' into https-fix	2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen	e46bd709c4	add change note	2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen	a17d152ca4	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen	7d6dac479c	Merge branch 'js-team-sprint' into https-fix	2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen	dcf617b235	Merge branch 'js-team-sprint' into bad-random-polish	2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen	1556b62007	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-18 16:40:53 +02:00
Esben Sparre Andreasen	3f67e90374	JS: rename query, support timeouts, add documentation, add to suite	2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen	44aa182d0d	Update change-notes/1.25/analysis-javascript.md Co-authored-by: Asger F <asgerf@github.com>	2020-06-18 10:14:16 +02:00
Esben Sparre Andreasen	5e31f3a34e	JS: polish js/disabling-certificate-validation	2020-06-18 09:07:08 +02:00
Erik Krogh Kristensen	7a1c161e9e	Merge branch 'js-team-sprint' into https-fix	2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen	218338b4f1	Merge branch 'js-team-sprint' into bad-random-polish	2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen	73f26956a6	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-17 21:03:09 +02:00
Erik Krogh Kristensen	bdda587247	Merge branch 'js-team-sprint' into build-leaks	2020-06-17 19:51:30 +02:00
Erik Krogh Kristensen	6d6f29eb85	Merge pull request #3726 from erik-krogh/bad-code-polish JS: Bad code polish	2020-06-17 19:45:37 +02:00
Erik Krogh Kristensen	7aa911b9f4	add reference to cwe-116 in change-note	2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen	345283fe34	add change note	2020-06-17 10:48:27 +02:00
Jonas Jensen	e0ba23d2c7	C++: @precision high for tainted-format-string* I think these queries have excellent results on lgtm.com. Many of the results come from projects that use `sprintf` like it's a templating engine, trusting that values from `argv` or `getenv` contain the correct number of `%s`. I think we want to flag that. The structure of the change note is modeled after `91af51cf46`.	2020-06-17 09:03:13 +02:00
Erik Krogh Kristensen	02c825351c	add change note for js/bad-code-sanitization	2020-06-16 16:25:30 +02:00
Erik Krogh Kristensen	cb5b946546	add changenote for yargs	2020-06-16 14:37:53 +02:00
Erik Krogh Kristensen	696879653a	add qhelp to js/biased-cryptographic-random	2020-06-16 11:10:09 +02:00
Asger Feldthaus	824054ba62	JS: Change note and updated help	2020-06-15 17:34:36 +01:00
Erik Krogh Kristensen	23223fc5fb	change-note	2020-06-15 17:22:11 +02:00
Erik Krogh Kristensen	dc09a68eb4	add change-note	2020-06-15 14:30:34 +02:00
Erik Krogh Kristensen	8682918779	add change note	2020-06-15 13:47:43 +02:00
Asger Feldthaus	91d98c0d00	JS: Change note	2020-06-12 13:12:55 +01:00
yoff	e5480e471a	Merge pull request #3591 from RasmusWL/python-taintkind-fixup Python: Fix some problems in TaintKind useage	2020-06-05 16:03:18 +02:00
Erik Krogh Kristensen	e47770281a	update change-note Co-authored-by: Asger F <asgerf@github.com>	2020-06-04 11:14:25 +02:00
Erik Krogh Kristensen	baee47f3c6	remove mention of fetch from change-note	2020-06-03 13:56:32 +02:00
Erik Krogh Kristensen	c80baf981a	simplify change-note Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-06-03 13:33:31 +02:00
Erik Krogh Kristensen	19dd472ee5	change note	2020-06-03 12:19:48 +02:00
Esben Sparre Andreasen	f9ed64fc45	Merge branch 'master' into js/membershiptest	2020-06-02 08:54:44 +02:00
Asger F	712c53afe9	Merge pull request #3579 from erik-krogh/fix-change-note-merge JS: remove duplicates from change-note	2020-06-01 13:22:23 +01:00
Geoffrey White	9ee75aaca1	C++: Change note.	2020-05-29 16:22:42 +01:00
Rasmus Wriedt Larsen	59548a523e	Python: Add change-note about UntrustedStringKind imports	2020-05-29 13:45:10 +02:00
Erik Krogh Kristensen	df3fb842c5	remove duplicates from change-note	2020-05-27 20:36:23 +02:00
Erik Krogh Kristensen	33da82d884	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566	2020-05-27 12:21:14 +00:00

1 2 3 4 5 ...

1538 Commits