codeql

mirror of https://github.com/github/codeql.git synced 2026-03-01 05:13:41 +01:00

Author	SHA1	Message	Date
haby0	689c28a178	modified JsonIoSafeOptionalArgs	2021-05-17 19:00:59 +08:00
haby0	95c33a240f	Update java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md Co-authored-by: Chris Smowton <smowton@github.com>	2021-05-17 18:49:16 +08:00
haby0	58d774ae85	add change notes	2021-05-17 14:52:05 +08:00
haby0	60fc607449	Modify ql	2021-05-14 18:17:05 +08:00
haby0	12f47bcf24	Add UnsafeDeserialization	2021-05-12 12:37:16 +08:00
Asger F	0c724a8427	Merge pull request #5304 from asgerf/js/non-alert-data JS: Implement new metric queries for line counting	2021-04-07 14:52:51 +01:00
CodeQL CI	073a43ce74	Merge pull request #5606 from erik-krogh/shellInput Approved by esbena	2021-04-07 14:30:31 +01:00
Shati Patel	461d4e45af	Merge pull request #5608 from shati-patel/docs/telemetry-settings Docs: Mention telemetry in "customizing settings"	2021-04-07 13:44:32 +01:00
Erik Krogh Kristensen	c9f54ea1ad	update expected output	2021-04-07 12:37:17 +00:00
Erik Krogh Kristensen	a66083d685	change "Uncontrolled path" to "Path concatenation"	2021-04-07 08:23:07 +00:00
CodeQL CI	fd4e8f8282	Merge pull request #5526 from erik-krogh/quotedShell Approved by esbena	2021-04-07 08:39:01 +01:00
CodeQL CI	61880ba90a	Merge pull request #5530 from erik-krogh/moreFS Approved by esbena	2021-04-07 08:37:23 +01:00
Robert Marsh	e22ec50dee	Merge pull request #5613 from github/hmakholm/pr/fix-redos Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql	2021-04-06 15:54:27 -07:00
Henning Makholm	2d615ef503	Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql The sub-regex `(\s\|.)` aims to capture arbitrary string content (in contrast to `.` which doesn't match newlines), but it is unsafe, since non-newline whitespace can match both alternatives. This caused an evaluator crash in the wild. Replace with `[\s\S]*`, which matches everything in a safe way.	2021-04-06 20:10:57 +02:00
Shati Patel	9a41c80626	Merge pull request #5574 from github/smowton/admin/update-supported-go-version Update supported Go version to 1.16	2021-04-06 14:54:36 +01:00
Shati Patel	695b02a94c	Docs: Mention telemetry in "customizing settings"	2021-04-06 14:30:17 +01:00
Erik Krogh Kristensen	2c1cc9ead6	use local variable instead of module.exports in example Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-04-06 15:17:31 +02:00
Tom Hvitved	f45916efda	Merge pull request #5605 from hvitved/csharp/exclude-dependency-queries C#: Remove mentions of `exclude-dependency-queries.yml`	2021-04-06 14:58:49 +02:00
Erik Krogh Kristensen	41b89669a9	add joined paths as a sink to js/shell-command-constructed-from-input	2021-04-06 12:14:00 +02:00
Tom Hvitved	e0e58b24ea	C#: Remove mentions of `exclude-dependency-queries.yml`	2021-04-06 11:50:36 +02:00
Rasmus Wriedt Larsen	0ebb24ebeb	Merge pull request #5398 from yoff/python-api-enhancements Python: Add small api enhancements determined useful during documentation work	2021-04-06 11:44:51 +02:00
Tom Hvitved	667b26b5d9	Merge pull request #5540 from hvitved/csharp/ssa-impl-tweaks C#: Performance tweaks in `SsaImplCommon.qll`	2021-04-06 11:43:08 +02:00
Rasmus Lerchedahl Petersen	c777f1d8d7	Merge branch 'main' of github.com:github/codeql into python-api-enhancements	2021-04-06 09:31:26 +02:00
yoff	a23d8deb10	Merge pull request #5483 from RasmusWL/minor-fixup-django Python: Better text for getSourceType in Django	2021-04-06 08:30:58 +02:00
CodeQL CI	20416ae034	Merge pull request #5585 from asgerf/js/more-metadata Approved by esbena	2021-04-01 13:13:01 +01:00
Asger Feldthaus	c96ee8671e	JS: Update more query metadata	2021-04-01 12:15:54 +01:00
CodeQL CI	a1fab8ac52	Merge pull request #5581 from asgerf/js/dependency-info Approved by esbena	2021-04-01 09:07:21 +01:00
Shati Patel	36bdee0e8b	Merge pull request #5571 from github/docs/bug-fix Docs: Typo fix	2021-03-31 21:59:43 +01:00
CodeQL CI	f08a0e5653	Merge pull request #5580 from asgerf/js/more-metadata-fix Approved by esbena	2021-03-31 16:29:33 +01:00
Asger Feldthaus	8c8e4e6a70	JS: Add test	2021-03-31 16:17:54 +01:00
Asger Feldthaus	068a9d88e7	JS: Ensure Dependency.info() exists even if version range could not be parsed	2021-03-31 16:08:08 +01:00
Asger Feldthaus	c541390c1b	JS: Remove precision tag from ExternalDependencies.ql	2021-03-31 13:54:15 +01:00
Mathias Vorreiter Pedersen	e9e93c0eea	Merge pull request #5558 from geoffw0/replace-tostring Replace toString use	2021-03-31 13:50:41 +02:00
Geoffrey White	85ecfe2723	Update cpp/ql/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2021-03-31 11:34:56 +01:00
Calum Grant	49d1937dc4	Merge pull request #5552 from RasmusWL/revert-import-change Python: Revert #5506 due to bad performance	2021-03-31 09:51:39 +01:00
Asger F	d4877a9038	Merge pull request #5572 from asgerf/js/remove-flow-summary-kinds JS: Change kind of summary-extraction queries to table	2021-03-31 09:28:56 +01:00
Chris Smowton	4f9b6d1192	Update supported Go version to 1.16	2021-03-31 08:56:27 +01:00
Asger Feldthaus	bc5b477f79	JS: Change kind of summary-extraction queries to table	2021-03-30 21:26:58 +01:00
Dave Bartolomeo	0cc8eaf3b4	Merge pull request #5543 from MathiasVP/smart-ptr-like-class C++: Add a class that models wrapped pointer types	2021-03-30 16:00:13 -04:00
Rasmus Wriedt Larsen	51c27de049	Merge branch 'main' into revert-import-change	2021-03-30 21:51:53 +02:00
Shati Patel	b9788eb53c	Merge pull request #5568 from shati-patel/docs-binding-sets Docs: Mention that binding sets are available for classes	2021-03-30 18:08:23 +01:00
Sarita Iyer	649286995a	Merge pull request #5562 from saritai/saritai/cli-remove-1.23-references Remove Enterprise 1.23 special instructions and replace references	2021-03-30 13:07:42 -04:00
Shati Patel	fb004bacc3	Describe predicates first	2021-03-30 17:31:20 +01:00
Shati Patel	67835ee273	Address review comments	2021-03-30 17:29:43 +01:00
Shati Patel	23df459c16	remove accidental punctuation	2021-03-30 17:23:33 +01:00
Mathias Vorreiter Pedersen	fe76b0849b	Merge pull request #5569 from geoffw0/memoryfree C++: Add a test of memory freed queries with strdup.	2021-03-30 17:22:18 +02:00
Mathias Vorreiter Pedersen	92839123ae	Merge pull request #5570 from geoffw0/mutextest C++: Add mutex test cases.	2021-03-30 17:16:19 +02:00
Geoffrey White	a8284d5b97	C++: Add mutex test case.	2021-03-30 15:39:21 +01:00
Sarah Edwards	e0a73ce797	Merge pull request #5560 from skedwards88/patch-1 download LGTM database from a project slug	2021-03-30 06:58:28 -07:00
Geoffrey White	244966e216	C++: Add a test with strdup.	2021-03-30 14:49:05 +01:00

1 2 3 4 5 ...

21553 Commits