codeql

mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00

Author	SHA1	Message	Date
Jordy Zomer	a3bacc76f1	Update cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2021-08-05 23:31:12 +02:00
Jordy Zomer	cf40d0ae4d	Fix a typo unsiged -> unsigned	2021-08-05 16:40:49 +02:00
Jordy Zomer	489ac04f86	Remove author tag	2021-08-05 12:34:31 +02:00
Jordy Zomer	19bb8e8c17	Make requested changes	2021-08-03 21:54:04 +02:00
Jordy Zomer	e07516585a	cpp: Add query to detect unsigned integer to signed integer conversions used in pointer arithmetics	2021-08-03 19:08:47 +02:00
Mathias Vorreiter Pedersen	8ce6335383	Merge pull request #6372 from geoffw0/uncontrolledarith	2021-08-03 17:53:39 +02:00
Geoffrey White	54253bc2eb	C++: Resurrect underflow detection, but only on unsigned types.	2021-08-03 15:02:39 +01:00
Chris Smowton	eaf3d3cc03	Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes Jax-RS: implement content-type tracking	2021-08-03 14:53:31 +01:00
Geoffrey White	23ba7dcf9c	Merge pull request #6141 from ihsinme/ihsinme-patch-276 CPP: Add a query to find incorrectly used exceptions. 2	2021-08-03 14:46:39 +01:00
Anders Schack-Mulligen	7fb1e1578e	Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection Java: Promote OGNL Injection query from experimental	2021-08-03 15:31:40 +02:00
Anders Schack-Mulligen	be6fd7c22e	Merge pull request #6382 from bmuskalla/stringValueOfTaint Track taint for String.valueOf(..)	2021-08-03 15:30:30 +02:00
Chris Smowton	3bf41491b3	Apply suggestions from code review	2021-08-03 14:15:39 +01:00
Benjamin Muskalla	8ce841493c	Avoid taint for valueOf(Object)	2021-08-03 14:46:55 +02:00
Anders Schack-Mulligen	c0d76da1a6	Merge pull request #5846 from atorralba/atorralba/promote-unsafe-android-webview-fetch Java: Promote Unsafe resource loading in Android WebView from experimental	2021-08-03 14:24:34 +02:00
Tony Torralba	f5cbec4938	Fix tests affected by Jackson stubs changes	2021-08-03 14:22:55 +02:00
Anders Schack-Mulligen	fb9feabe64	Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection Java: Promote Groovy Code Injection from experimental	2021-08-03 14:19:15 +02:00
Mathias Vorreiter Pedersen	43044cd475	Merge pull request #6081 from ihsinme/ihsinme-patch-273 CPP: Add a query to find incorrectly used switch	2021-08-03 13:16:45 +02:00
Tony Torralba	a33e0bce9d	Fix tests affected by Jackson stubs changes	2021-08-03 13:15:45 +02:00
Anders Schack-Mulligen	ad86641e22	Merge pull request #6216 from smowton/smowton/admin/serializability-dataflow Create a dataflow instance specifically for the Serializability library	2021-08-03 13:03:49 +02:00
Tony Torralba	c44de87503	Fix reference to PostUpdateNode	2021-08-03 12:45:12 +02:00
Tom Hvitved	ee51e1593f	Merge pull request #6217 from hvitved/csharp/dataflow/csv-override-fix C#: Fix CSV overrides logic	2021-08-03 12:11:26 +02:00
Chris Smowton	36379146c5	Resync dataflow clone	2021-08-03 11:03:30 +01:00
Chris Smowton	afa827829a	Make imports private where possible Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-03 10:36:46 +01:00
Chris Smowton	a52c4746bc	Improve docs	2021-08-03 10:36:46 +01:00
Chris Smowton	75310a6609	Create a dataflow instance specifically for the Serializability library Otherwise because this dataflow instance populates AdditionalTaintStep there is an ever-present danger that a user will stumble into creating a recursive configuration, or at least that by using DataFlow5::Configuration for any other purpose they will needlessly recalculate the Serializability dataflow results.	2021-08-03 10:36:46 +01:00
Chris Smowton	f83f950be6	Merge pull request #6325 from smowton/smowton/feature/org-json-models Java: add models of JSON-java, aka `org.json`	2021-08-03 10:33:49 +01:00
Mathias Vorreiter Pedersen	3a456577d8	Merge pull request #6378 from geoffw0/impropnull C++: Test and improve cpp/improper-null-termination	2021-08-03 11:32:15 +02:00
CodeQL CI	07f6ce7f3b	Merge pull request #6398 from erik-krogh/authHeader Approved by esbena	2021-08-03 02:04:35 -07:00
CodeQL CI	394d3349ac	Merge pull request #6213 from asgerf/js/vuex Approved by erik-krogh	2021-08-03 01:49:06 -07:00
Geoffrey White	bb96ca3e00	Merge branch 'main' into impropnull	2021-08-03 09:37:58 +01:00
Anders Schack-Mulligen	62adefb015	Merge pull request #6400 from github/workflow/coverage/update Update CSV framework coverage reports	2021-08-03 10:36:27 +02:00
Geoffrey White	db292287db	Merge branch 'main' into impropnull	2021-08-03 09:34:16 +01:00
Tony Torralba	084cda6daa	Merge branch 'main' into atorralba/promote-groovy-injection	2021-08-03 09:53:46 +02:00
Tony Torralba	36565802dc	Delete unnecesary file RequestForgery.expected in experimental was an artifact from a merge that wasn't adequately removed	2021-08-03 09:48:04 +02:00
Tony Torralba	8852f69d36	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-03 09:46:32 +02:00
CodeQL CI	a27cb4b1ae	Merge pull request #6399 from erik-krogh/nunjucks Approved by esbena	2021-08-03 00:45:37 -07:00
Erik Krogh Kristensen	f1f44ceee7	add change-note	2021-08-03 09:11:27 +02:00
Erik Krogh Kristensen	6b579dfad3	normalize auth-headers to lowercase	2021-08-03 09:09:47 +02:00
Asger Feldthaus	c88d213f37	JS: Use appendToNamespace	2021-08-03 08:52:19 +02:00
Asger Feldthaus	f5f255d93d	JS: Rename getPrefix -> getNamespace	2021-08-03 08:51:35 +02:00
Asger F	ff17d298b0	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-08-03 08:45:56 +02:00
github-actions[bot]	cd65baf481	Add changed framework coverage reports	2021-08-03 00:07:34 +00:00
Ethan Palm	2c6977e5e2	Merge pull request #6327 from ethanpalm/cwe-coverage-tables CodeQL: Display CWE coverage information by language	2021-08-02 18:00:01 -04:00
Erik Krogh Kristensen	87c0c60c22	don't report dummy authentication headers as hardcoded-crendentials	2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen	f719e0ca1b	remove nunjucks template URLs from the target-blank query	2021-08-02 22:46:59 +02:00
Ethan P	6a6993248d	Add note to readme about CWE coverage tables	2021-08-02 13:34:26 -07:00
Chris Smowton	fad1622730	Merge pull request #5435 from haby0/DynamicallyLoadedClasses Java: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	2021-08-02 16:04:30 +01:00
Tony Torralba	08bdd1aa7a	Merge branch 'main' into atorralba/promote-ognl-injection	2021-08-02 16:05:38 +02:00
Tony Torralba	8b50b3d00f	Add jackson-core to test dependencies	2021-08-02 16:04:49 +02:00
Geoffrey White	904db788ec	Merge branch 'main' into impropnull	2021-08-02 15:00:12 +01:00

1 2 3 4 5 ...

24833 Commits