codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00

Author	SHA1	Message	Date
Felicity Chapman	70525d0e64	Minor editorial changes	2020-04-17 13:19:11 +01:00
Sauyon Lee	8ca310e6b6	Add change note for buffered i/o	2020-04-15 00:37:50 -07:00
Max Schaefer	95c2cb19cf	Add two missing change notes.	2020-04-15 07:57:47 +01:00
Max Schaefer	d344687f52	Add change note.	2020-04-09 09:41:09 +01:00
Max Schaefer	c9ef6f77a2	Merge pull request #91 from max-schaefer/disabled-certificate-check Add new query DisabledCertificateCheck.	2020-04-08 07:11:15 +01:00
Max Schaefer	8fba9a98d4	Add new query DisabledCertificateCheck.	2020-04-07 09:01:41 +01:00
Max Schaefer	76f2748cbc	Teach `SsaWithFields` to properly handle implicit dereferences.	2020-04-06 09:23:07 +01:00
Sauyon Lee	dcd6aaf69a	Alphabetize change notes	2020-04-03 00:01:19 -07:00
Sauyon Lee	3577d75607	RequestForgery: Add change note	2020-04-02 23:58:17 -07:00
Max Schaefer	77c282824e	Merge pull request #81 from gagliardetto/system-executors Expand system executors (continuation of #70)	2020-04-03 07:24:05 +01:00
Max Schaefer	510b6070c9	Introduce official environment variable for goroutine limiting. We've had to tell people how to do this, so we should have a name for it that doesn't refer to a defunct company.	2020-04-02 10:45:52 +01:00
Slavomir	32beebd059	Apply suggestions from code review Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com> Co-Authored-By: Sauyon Lee <sauyon@github.com>	2020-04-02 12:09:06 +03:00
Sauyon Lee	bc59fa40d7	Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported Make cwe 643 supported	2020-04-01 17:45:45 -07:00
intrigus	3a381b2fbf	Add change note	2020-04-01 16:15:09 +02:00
Slavomir	a25a21eb11	Add change-note	2020-04-01 15:14:22 +03:00
Max Schaefer	efc9ecefc8	Introduce `CODEQL_GO_EXTRACTOR_BUILD_COMMAND` as an alias for `LGTM_INDEX_BUILD_COMMAND`. We've occasionally had to tell people to set this variable manually, so we might as well have an alias that doesn't refer to a soon-to-be obsolete product.	2020-04-01 09:35:57 +01:00
Sauyon Lee	3d3f35cc48	Add change notes for Go 1.14 support	2020-03-30 13:45:37 -07:00
Sauyon Lee	fbc2499118	OpenUrlRedirect: Add change note for fixed FPs	2020-03-25 04:01:17 -07:00
Max Schaefer	49c5779112	Add model of `go-pg/pg`.	2020-03-17 12:08:42 +00:00
Max Schaefer	f41151350a	Merge pull request #60 from sauyon/bitwise-xor-fps MistypedExponentiation: Add a heuristic to reduce FPs	2020-03-13 15:46:03 +00:00
Max Schaefer	ea36d49218	Add new query `AllocationSizeOverflow`.	2020-03-13 10:18:51 +00:00
Sauyon Lee	ea5e6a324d	Add change note	2020-03-13 03:10:55 -07:00
Sauyon Lee	5056b5f161	Apply review comments. Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-03-11 03:26:18 -07:00
Sauyon Lee	1f83aa4586	Add a -mod=vendor change note	2020-03-11 03:10:35 -07:00
Sauyon Lee	43fbf47da3	Add a change note about go.mod extraction	2020-03-06 06:51:28 -08:00
Shati Patel	6b0f8a4088	Mention cookbook queries in 1.24 changenotes	2020-02-17 14:38:46 +00:00
Sauyon Lee	39f5376eed	ReflectedXss: Add change note for Fprintf FPs	2020-02-05 19:07:42 -08:00
Sauyon Lee	3c88eab84c	Merge pull request #229 from max/string-break Add query to find unsafe quoting	2020-02-03 09:47:36 -08:00
Max Schaefer	af3d91ffd3	Add query StringBreak.	2020-02-03 09:01:40 +00:00
Max Schaefer	69a91b537f	Add change note for autobuilder changes https://git.semmle.com/Semmle/go/pull/210 did not include a change note.	2020-01-30 11:36:23 +00:00
Sauyon Lee	3a73658a9c	BadRedirectSanitizer: Bind e to hp Address doc review comments	2020-01-27 17:33:51 -08:00
Sauyon Lee	aa28724f7c	Add `BadRedirectCheck` query	2020-01-27 17:33:50 -08:00
Max Schaefer	d78ba06a8d	Add change note.	2020-01-21 09:56:59 +00:00
Max Schaefer	08ba795565	Sort lines in change notes.	2020-01-17 15:46:50 +00:00
Sauyon Lee	f32a785127	Merge pull request #217 from max/issue-24 Switch RedundantExpr query back to using AST instead of global value numbering.	2020-01-14 13:05:44 -08:00
Max Schaefer	36c620d1dd	Add tests and change note.	2020-01-13 08:37:01 +00:00
Max Schaefer	384d21b0e9	Switch RedundantExpr query back to using AST instead of global value numbers. Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237	2020-01-10 14:46:54 +00:00
Max Schaefer	c60ddb0f7c	Model `Header.Get` as a source of untrusted input.	2020-01-10 12:29:18 +00:00
Max Schaefer	0d2fe473d7	Add `IncompleteUrlSchemeCheck` query.	2020-01-07 14:46:49 +00:00
Max Schaefer	6f82310a9e	Alert suppression through single-line /* */ style comments.	2020-01-02 14:34:11 +00:00
Sauyon Lee	10907c8b04	IncompleteHostnameRegexp: disallow unescaped dot before TLD	2019-12-09 08:47:17 -08:00
Shati Patel	e4346a17de	Merge pull request #195 from max/impossible-interface-nil-check Add new query ImpossibleInterfaceNilCheck	2019-11-27 11:15:05 +00:00
Max Schaefer	e5a12e9738	Add new query ImpossibleInterfaceNilCheck.	2019-11-26 20:28:53 +00:00
Max Schaefer	ee723d8a4f	Fix DeadStoreOfField false positive. We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.	2019-11-25 20:21:16 +00:00
Sauyon Lee	2c921d9418	Merge pull request #193 from max/header-xss Don't flag header injection as XSS.	2019-11-25 11:56:54 -08:00
Sauyon Lee	61c2478541	Merge pull request #12 from github/rc/1.23 Merge rc/1.23 into master	2019-11-25 09:20:17 -08:00
Felicity Chapman	de2c7d8884	Minor text changes	2019-11-25 15:48:58 +00:00
Max Schaefer	adf9764085	Don't flag header injection as XSS. All results I have seen from this are uninteresting.	2019-11-25 15:06:53 +00:00
Max Schaefer	1ff032d11e	Add new query ConstantLengthComparison.	2019-11-22 20:55:14 +00:00
Max Schaefer	7136713a5f	Add change notes for 1.23.	2019-11-21 15:50:40 +00:00

50 Commits