hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
856 Commits 1,684 Branches 159 Tags
a89b87f64366d9fd5fc452b4e85a8d882c9b492e
Commit Graph

76 Commits

Author SHA1 Message Date
Max Schaefer
76f482682c Merge pull request #182 from owen-mc/gin-framework 
Move model for Gin framework out of experimental
 2020-06-26 20:26:48 +01:00
Max Schaefer
91ca2bb434 Merge pull request #231 from max-schaefer/taint-through-range 
Propagate taint through `range` statements
 2020-06-26 19:58:53 +01:00
Max Schaefer
66ec160f64 Add change note. 2020-06-26 11:20:45 +01:00
Max Schaefer
3bf934d64b Add change note. 2020-06-25 22:23:49 +01:00
Max Schaefer
1f68a32cdc Add change note. 2020-06-22 09:22:47 +01:00
Max Schaefer
2df8c275e0 Fix field lookup in cyclic structs. 2020-06-19 08:16:09 +01:00
Max Schaefer
7c2358c1d0 Merge pull request #181 from sauyon/reflectedxss-fps 
ReflectedXSS refinement
 2020-06-18 11:14:13 +01:00
Owen Mansel-Chan
c5cb55afc6 Add a change note 2020-06-17 15:14:16 +01:00
Sauyon Lee
95235c8415 Add change note for reflected xss regexp fixes 2020-06-17 00:28:03 -07:00
Owen Mansel-Chan
a3bc094731 Add change note 2020-06-16 15:48:39 +01:00
Max Schaefer
8f0592a079 Consider Request.FormValue(...) as a source for URL redirects. 
Despite its name, this method doesn't just handle form values but also query parameters.
 2020-05-29 15:03:05 +01:00
Max Schaefer
1d479d9a73 Add change note. 2020-05-22 11:11:58 +01:00
Max Schaefer
9a4bee9448 Add change note. 2020-05-20 10:10:28 +01:00
Max Schaefer
6d93f48933 Merge pull request #147 from owen-mc/redundant-recover 
Go: Add query for redundant calls to recover
 2020-05-19 07:14:27 +01:00
Owen Mansel-Chan
275be36e4a Update change-notes/2020-05-18-redundant-recover.md 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-05-19 06:31:47 +01:00
Owen Mansel-Chan
fbee7fe983 Add new query for redundant calls to recover 2020-05-18 16:13:46 +01:00
Max Schaefer
d41e41812b Merge pull request #141 from sauyon/reflectedxss-fps 
ReflectedXss improvements
 2020-05-15 07:23:39 +01:00
Max Schaefer
d5fcf28e03 Add change note. 
While we didn't see any new results in the evaluation, this is a fairly substantial amount of changes, so adding a change note is probably justified.
 2020-05-13 15:55:52 +01:00
Sauyon Lee
83a3b6336f Add change note 2020-05-13 04:31:23 -07:00
Sauyon Lee
21bfaec0d3 TaintedPath: Add change note for tempfiles 2020-05-12 05:44:19 -07:00
Max Schaefer
994536e93b Add change note. 2020-05-07 11:46:31 +01:00
Sauyon Lee
164149b29a Merge pull request #129 from max-schaefer/fix-argument-post-update-nodes 
Fix and improve taint-tracking through function arguments
 2020-05-06 02:57:01 -07:00
Max Schaefer
a79f2b4f44 Add change note for CleartextLogging. 2020-05-05 12:05:09 +01:00
Sauyon Lee
a841077cbe Add support for Mux library 2020-05-05 03:25:08 -07:00
Max Schaefer
980241603b Switch to new-style change notes. 2020-05-01 07:57:13 +01:00
Sauyon Lee
cd1d699208 Improve BadRedirectCheck query 
We now look for a path from the variable being checked to a redirect.

Additionally, several sources of false positives have been eliminated, and a model of relevant parts of the Macaron framework has been added.
 2020-05-01 07:13:16 +01:00
Felicity Chapman
70525d0e64 Minor editorial changes 2020-04-17 13:19:11 +01:00
Sauyon Lee
8ca310e6b6 Add change note for buffered i/o 2020-04-15 00:37:50 -07:00
Max Schaefer
95c2cb19cf Add two missing change notes. 2020-04-15 07:57:47 +01:00
Max Schaefer
d344687f52 Add change note. 2020-04-09 09:41:09 +01:00
Max Schaefer
c9ef6f77a2 Merge pull request #91 from max-schaefer/disabled-certificate-check 
Add new query DisabledCertificateCheck.
 2020-04-08 07:11:15 +01:00
Max Schaefer
8fba9a98d4 Add new query DisabledCertificateCheck. 2020-04-07 09:01:41 +01:00
Max Schaefer
76f2748cbc Teach SsaWithFields to properly handle implicit dereferences. 2020-04-06 09:23:07 +01:00
Sauyon Lee
dcd6aaf69a Alphabetize change notes 2020-04-03 00:01:19 -07:00
Sauyon Lee
3577d75607 RequestForgery: Add change note 2020-04-02 23:58:17 -07:00
Max Schaefer
77c282824e Merge pull request #81 from gagliardetto/system-executors 
Expand system executors (continuation of #70)
 2020-04-03 07:24:05 +01:00
Max Schaefer
510b6070c9 Introduce official environment variable for goroutine limiting. 
We've had to tell people how to do this, so we should have a name for it that doesn't refer to a defunct company.
 2020-04-02 10:45:52 +01:00
Slavomir
32beebd059 Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-04-02 12:09:06 +03:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
intrigus
3a381b2fbf Add change note 2020-04-01 16:15:09 +02:00
Slavomir
a25a21eb11 Add change-note 2020-04-01 15:14:22 +03:00
Max Schaefer
efc9ecefc8 Introduce CODEQL_GO_EXTRACTOR_BUILD_COMMAND as an alias for LGTM_INDEX_BUILD_COMMAND. 
We've occasionally had to tell people to set this variable manually, so we might as well have an alias that doesn't refer to a soon-to-be obsolete product.
 2020-04-01 09:35:57 +01:00
Sauyon Lee
3d3f35cc48 Add change notes for Go 1.14 support 2020-03-30 13:45:37 -07:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Max Schaefer
49c5779112 Add model of go-pg/pg. 2020-03-17 12:08:42 +00:00
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps 
MistypedExponentiation: Add a heuristic to reduce FPs
 2020-03-13 15:46:03 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Sauyon Lee
ea5e6a324d Add change note 2020-03-13 03:10:55 -07:00
Sauyon Lee
5056b5f161 Apply review comments. 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-11 03:26:18 -07:00
Sauyon Lee
1f83aa4586 Add a -mod=vendor change note 2020-03-11 03:10:35 -07:00