Asger Feldthaus
|
4f67cc269b
|
JS: Reduce ExpansiveTypes test
|
2020-06-23 11:44:07 +01:00 |
|
Asger Feldthaus
|
234f968294
|
JS: Deprecate property lookup on types
|
2020-06-23 11:42:28 +01:00 |
|
Jonas Jensen
|
39137510ba
|
Merge pull request #3736 from rneatherway/exclude-cs-vulnerable-package
Exclude dependency-based query from C# Code Scanning
|
2020-06-22 17:27:23 +02:00 |
|
semmle-qlci
|
7a5aae7432
|
Merge pull request #3630 from erik-krogh/DevServer
Approved by asgerf
|
2020-06-22 12:59:13 +01:00 |
|
Rasmus Wriedt Larsen
|
287bc40264
|
Merge pull request #3743 from tausbn/python-fix-deprecated-terms
Python: Fix a bunch of deprecated terms.
|
2020-06-22 13:36:06 +02:00 |
|
semmle-qlci
|
7f29465f35
|
Merge pull request #3752 from erik-krogh/limitStr
Approved by asgerf
|
2020-06-22 12:31:49 +01:00 |
|
semmle-qlci
|
e06a54c33d
|
Merge pull request #3494 from hvitved/dataflow/partial-flow-access-path-limit
Approved by aschackmull
|
2020-06-22 12:09:00 +01:00 |
|
Calum Grant
|
f2f020fa51
|
Merge pull request #3610 from hvitved/csharp/dataflow/call-sensitivity
C#: Add call-sensitivity to data-flow call resolution
|
2020-06-22 10:36:45 +01:00 |
|
Anders Schack-Mulligen
|
71665a02fa
|
Merge pull request #3737 from Marcono1234/patch-1
Simplify NoAssignInBooleanExprs.ql
|
2020-06-22 10:46:00 +02:00 |
|
Erik Krogh Kristensen
|
8d1b080d78
|
limit size of getStringValue
|
2020-06-22 10:29:53 +02:00 |
|
Tom Hvitved
|
72e6c9c2b1
|
Data flow: Use accessPathLimit() in partial flow as well
|
2020-06-22 10:08:51 +02:00 |
|
Taus Brock-Nannestad
|
5d5f1b487b
|
Merge branch 'master' into python-fix-deprecated-terms
|
2020-06-19 21:59:17 +02:00 |
|
Jonas Jensen
|
ac89559b20
|
Merge pull request #3744 from github/p0-patch-1
Fix typo in cpp-security-extended.qls
|
2020-06-19 21:19:20 +02:00 |
|
Pavel Avgustinov
|
00f1e57d0c
|
Update cpp-security-extended.qls
|
2020-06-19 20:16:24 +01:00 |
|
Jonas Jensen
|
81d8dc15cd
|
Merge pull request #3693 from geoffw0/stringtest
C++: Add tests of char* -> std::string -> char* conversions.
|
2020-06-19 21:12:33 +02:00 |
|
Taus Brock-Nannestad
|
410f4781b3
|
Python: Fix one last reference.
This one got lost in the big renaming somehow.
|
2020-06-19 20:15:01 +02:00 |
|
Tom Hvitved
|
573d55a160
|
Merge pull request #3740 from github/codeql-analysis-yml
Enable code scanning
|
2020-06-19 17:57:52 +02:00 |
|
Taus Brock-Nannestad
|
48e3e9c0b4
|
Python: Do all the renames.
|
2020-06-19 17:02:47 +02:00 |
|
Taus Brock-Nannestad
|
06d6913a20
|
Python: Change "sanity" to "consistency".
|
2020-06-19 16:55:59 +02:00 |
|
Taus Brock-Nannestad
|
01fb1e3786
|
Python: Get rid of deprecated terms in code and .qhelp.
|
2020-06-19 16:51:09 +02:00 |
|
Taus
|
2081d0cecc
|
Merge pull request #3575 from RasmusWL/python-add-qldoc-FunctionValue.getQualifiedName
Python: Add QLDoc for FunctionValue.getQualifiedName
|
2020-06-19 16:32:23 +02:00 |
|
Tom Hvitved
|
56670f3a5f
|
Disable analysis for JS and Python
|
2020-06-19 16:25:23 +02:00 |
|
Jonas Jensen
|
09d7ed092b
|
Merge pull request #3612 from dbartol/github/codeql-c-analysis-team/69_union
C++: Share `TInstruction` across IR stages
|
2020-06-19 16:03:11 +02:00 |
|
Tom Hvitved
|
4b47483263
|
Add codeql-config.yml
|
2020-06-19 12:28:52 +00:00 |
|
Erik Krogh Kristensen
|
e46bd709c4
|
add change note
|
2020-06-19 14:15:50 +02:00 |
|
Erik Krogh Kristensen
|
0ee3f4977c
|
add test of webpack-dev-server and monorepo import
|
2020-06-19 14:15:46 +02:00 |
|
Erik Krogh Kristensen
|
c860151e8d
|
recognize instances of express from webpack-dev-server
|
2020-06-19 14:15:25 +02:00 |
|
Erik Krogh Kristensen
|
11cc97d286
|
add basic support for importing from neighbouring packages
|
2020-06-19 14:15:10 +02:00 |
|
Tom Hvitved
|
ffe3f500d7
|
Restrict languages in codeql-analysis.yml
|
2020-06-19 13:01:28 +02:00 |
|
Anders Schack-Mulligen
|
8107fbadc2
|
Merge pull request #3456 from hvitved/dataflow/precise-field-types
Data flow: Track precise types during field flow
|
2020-06-19 11:50:10 +02:00 |
|
Esben Sparre Andreasen
|
4126d5b59e
|
Merge pull request #3646 from dellalibera/master
[javascript] CodeQL query to detect missing origin validation in cross-origin communication via postMessage
|
2020-06-19 11:43:57 +02:00 |
|
Tom Hvitved
|
a285f6460c
|
Create codeql-analysis.yml
|
2020-06-19 11:34:31 +02:00 |
|
Tom Hvitved
|
ca86bb8603
|
Address review comments
|
2020-06-19 10:34:11 +02:00 |
|
Esben Sparre Andreasen
|
baaa31665a
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
|
2020-06-19 09:05:13 +02:00 |
|
Alessio Della Libera
|
eba64dba7c
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:44:46 +02:00 |
|
Alessio Della Libera
|
c0271b1627
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:44:38 +02:00 |
|
Alessio Della Libera
|
ffc9a449ab
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:43:45 +02:00 |
|
Alessio Della Libera
|
e84339d5bf
|
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2020-06-18 19:43:36 +02:00 |
|
ubuntu
|
71a7ec593c
|
Use StringOps to identify functions used for verifing the origin
|
2020-06-18 19:41:07 +02:00 |
|
Taus
|
44637e29ee
|
Merge pull request #3716 from RasmusWL/python-fix-re-escape-fp
Python: Fix FP in treating re.escape as regex
|
2020-06-18 16:05:50 +02:00 |
|
Marcono1234
|
161ba92123
|
Simplify NoAssignInBooleanExprs.ql
|
2020-06-18 15:16:09 +02:00 |
|
Robin Neatherway
|
17d36cf363
|
Exclude dependency-based query from C# Code Scanning
This query overlaps with tools such as dependabot.
|
2020-06-18 11:29:15 +01:00 |
|
Geoffrey White
|
35487ff109
|
Merge branch 'master' into stringtest
|
2020-06-17 19:00:26 +01:00 |
|
ubuntu
|
c490cfdfa5
|
Create another branch
|
2020-06-17 19:51:14 +02:00 |
|
ubuntu
|
4ccfdef71d
|
Add CodeQL query to detect Log Injection in JS code
|
2020-06-17 19:44:58 +02:00 |
|
Geoffrey White
|
174fdadbf5
|
Merge branch 'master' into stringtest
|
2020-06-17 18:24:30 +01:00 |
|
Geoffrey White
|
03c6d7a7e5
|
Merge pull request #3654 from jbj/controlsBlock-perf
C++: Speed up IRGuardCondition::controlsBlock
|
2020-06-17 17:53:10 +01:00 |
|
Tom Hvitved
|
ad56f17246
|
Merge pull request #2 from aschackmull/dataflow/content-type-tracking
Dataflow: Record content types
|
2020-06-17 17:26:04 +02:00 |
|
Anders Schack-Mulligen
|
74eab3cbc0
|
Dataflow: Fix qltest.
|
2020-06-17 17:23:35 +02:00 |
|
Anders Schack-Mulligen
|
cedfaf6aaf
|
Dataflow: autoformat
|
2020-06-17 17:09:55 +02:00 |
|