codeql

mirror of https://github.com/github/codeql.git synced 2026-04-10 09:34:00 +02:00

Author	SHA1	Message	Date
Geoffrey White	473198a6ef	C++: Accept any check followed by a 'sensitive' use such as 'chmod'.	2021-07-20 18:11:05 +01:00
Aditya Sharad	46fbb2a3cc	Merge pull request #6334 from github/security-severity-docs Update CodeQL docs for security-severity levels	2021-07-20 09:58:19 -07:00
Geoffrey White	c6d8abc9b1	C++: Add a couple more testcases.	2021-07-20 17:52:59 +01:00
Mathias Vorreiter Pedersen	a006a7fb24	Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" This reverts commit `e3e7b00986`, reversing changes made to `8ccdd4fb9f`.	2021-07-20 18:06:49 +02:00
Tony Torralba	4622d8590b	Fix change note	2021-07-20 17:50:58 +02:00
Tony Torralba	26999c7ac4	Decouple UnsafeAndroidAccess.qll to reuse the taint tracking configuration	2021-07-20 17:46:35 +02:00
Tony Torralba	99e66cffa2	Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch	2021-07-20 17:30:56 +02:00
Tony Torralba	ed0db7c7b4	Fix release note	2021-07-20 17:24:24 +02:00
Tony Torralba	7a898a04f3	Fix release note	2021-07-20 17:23:47 +02:00
Tony Torralba	3259ead946	Decouple OgnlInjection.qll to reuse the taint tracking configuration	2021-07-20 17:21:10 +02:00
Tony Torralba	b6904a7992	Merge branch 'main' into atorralba/promote-ognl-injection	2021-07-20 17:17:17 +02:00
Tony Torralba	22c9baa462	Refactor JWT.qll	2021-07-20 17:14:34 +02:00
Tony Torralba	430d9f1834	Merge branch 'main' into atorralba/promote-missing-jwt-signature-check	2021-07-20 16:20:35 +02:00
Tony Torralba	8f1ecf529f	QLDoc	2021-07-20 15:53:38 +02:00
Tony Torralba	42b6b26c10	Decouple JndiInjection.qll to reuse the taint tracking configuration	2021-07-20 15:38:34 +02:00
Anders Schack-Mulligen	77d53676ba	Java: Remove deprecated ParExpr.	2021-07-20 15:27:31 +02:00
Geoffrey White	5d1c7841a6	C++: Change note.	2021-07-20 14:14:01 +01:00
Tony Torralba	b8ea833a61	Merge branch 'main' into atorralba/promote-jndi-injection	2021-07-20 15:01:26 +02:00
Tony Torralba	68df8028d2	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-20 14:47:16 +02:00
Arthur Baars	890adf97d6	Merge pull request #6333 from github/rc/3.2 Merge rc/3.2 to main	2021-07-20 12:19:20 +02:00
Geoffrey White	ae944b268a	C++: Restrict the 'check' to stat / access only as these are by far the more reliable results.	2021-07-20 11:18:00 +01:00
James Fletcher	a365d4fb34	update docs for security-severity	2021-07-20 11:00:13 +01:00
Rasmus Wriedt Larsen	5a489a386a	Merge pull request #6329 from havron/qhelp-typo Fix qhelp typo in RequestWithoutValidation	2021-07-20 10:18:35 +02:00
Artem Smotrakov	158a75e5a1	Import UnsafeDeserializationQuery in unsafeDeserialization.ql	2021-07-20 10:14:50 +02:00
Tony Torralba	0f199601f8	Refactor GroovyInjection.qll	2021-07-20 09:44:37 +02:00
Anders Schack-Mulligen	47528b3379	Merge pull request #6332 from github/workflow/coverage/update Update CSV framework coverage reports	2021-07-20 09:27:59 +02:00
github-actions[bot]	bed08a6f4f	Add changed framework coverage reports	2021-07-20 00:06:37 +00:00
Ethan P	1cf5386824	Create publishing-and-using-codeql-packs.rst	2021-07-19 18:42:01 -04:00
Ethan P	a5cbc560e3	Add conceptual info for creating and working with CodeQL packs	2021-07-19 18:41:44 -04:00
Aditya Sharad	48778ce9a4	Merge pull request #6160 from timoles/patch-1 Add information for generating qhelp files locally	2021-07-19 14:14:22 -07:00
Ethan P	26a36592ce	Add intros and Overview headers	2021-07-19 16:29:18 -04:00
Ethan P	511e01aa1b	shorten title for `full-cwe`	2021-07-19 16:23:57 -04:00
Sam Havron	733e5b45bf	Fix qhelp typo in RequestWithoutValidation	2021-07-19 16:01:06 -04:00
Timo Müller	b24c096a76	Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2021-07-19 21:12:59 +02:00
Aditya Sharad	20fa8e49c8	Merge pull request #6326 from adityasharad/codeowners/codeql-tools Codeowners: Add reviewer teams for CodeQL tools and associated docs	2021-07-19 11:15:58 -07:00
Ethan P	5028fccee5	Create new CWE coverage overview and full CWE coverage page	2021-07-19 14:01:42 -04:00
Ethan P	618e8b34dc	Create individual language pages for CWE tables	2021-07-19 14:01:18 -04:00
Aditya Sharad	94b2b174c1	Merge pull request #6177 from skyzyx/patch-1 Update getting-started-with-the-codeql-cli.rst	2021-07-19 10:58:43 -07:00
Geoffrey White	ab4b2c2342	C++: Fix 'rename'.	2021-07-19 18:58:39 +01:00
Geoffrey White	95ec8f5394	C++: Add support for '_wfsopen'.	2021-07-19 18:36:09 +01:00
Aditya Sharad	c26a4d315d	Codeowners: Add reviewer teams for CodeQL tools and associated docs	2021-07-19 10:35:59 -07:00
Chris Smowton	7819d32784	Make MediaType stub constants actually constant This is required to use them in annotations	2021-07-19 18:28:30 +01:00
Chris Smowton	a0297d51e5	Note fixed test result the Optional type has now been modelled	2021-07-19 18:28:06 +01:00
Chris Smowton	82ea2592ad	Spring HTTP: Fix test mistakes Classes without RestController and methods without GetMapping or similar were never going to be detected.	2021-07-19 18:21:13 +01:00
Chris Smowton	392e405f5d	Add Spring-XSS test This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql	2021-07-19 18:21:11 +01:00
Chris Smowton	16c5952167	Add and improve Spring-web stubs	2021-07-19 18:20:37 +01:00
Chris Smowton	8051a7cd83	Add change note	2021-07-19 18:11:05 +01:00
Chris Smowton	34a4b71891	Add models of JSON-java, aka `org.json`	2021-07-19 17:57:27 +01:00
Arthur Baars	43c68eae94	Merge pull request #6324 from github/aibaars/include-diagnostic-summary Code Scanning selectors: Include diagnostic and summary metric queries	2021-07-19 17:16:48 +02:00
Arthur Baars	ed054acd8e	Merge pull request #6305 from intrigus-lgtm/patch-5 C# remove spurious spaces in <code> tag	2021-07-19 17:09:36 +02:00

... 14 15 16 17 18 ...

25515 Commits