Erik Krogh Kristensen
|
ae56285331
|
use callgraph instead of type-inference for array taint-steps
|
2021-03-02 14:06:09 +01:00 |
|
Erik Krogh Kristensen
|
b20ce8bfca
|
use callgraph instead of TypeInference in Testing.qll
|
2021-03-02 14:04:23 +01:00 |
|
CodeQL CI
|
79839d2304
|
Merge pull request #5267 from erik-krogh/httpProxy
Approved by asgerf
|
2021-03-02 02:46:50 -08:00 |
|
Anders Schack-Mulligen
|
b0fa8dfeae
|
Merge pull request #4214 from porcupineyhairs/springViewManipulation
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities.
|
2021-03-02 11:31:42 +01:00 |
|
CodeQL CI
|
2957131853
|
Merge pull request #5258 from erik-krogh/nextPerf
Approved by asgerf
|
2021-03-02 02:04:20 -08:00 |
|
CodeQL CI
|
9ea8f8201c
|
Merge pull request #5265 from erik-krogh/cacheRemote
Approved by asgerf
|
2021-03-02 02:03:09 -08:00 |
|
Anders Schack-Mulligen
|
394c82d564
|
Apply suggestions from code review
Adjust qldoc.
|
2021-03-02 10:17:07 +01:00 |
|
Calum Grant
|
cee96775b8
|
Merge pull request #5305 from asgerf/js/tuple-type-rest-index-stats
JS: Regenerate stats for tuple_type_rest_index
codeql-cli/v2.4.5
|
2021-03-01 17:43:55 +00:00 |
|
Asger Feldthaus
|
26924a3378
|
JS: Regenerate stats for tuple_type_rest_index
|
2021-03-01 16:30:09 +00:00 |
|
Tamás Vajk
|
2ac94255b7
|
Merge pull request #5299 from tamasvajk/feature/limit-codescanning-csharp2
C#: Fix codeql analysis workflow
|
2021-03-01 16:20:03 +01:00 |
|
Porcuiney Hairs
|
14ec148272
|
refactor to meet experimental guidelines.
|
2021-03-01 18:46:33 +05:30 |
|
Tamas Vajk
|
1ecbbf6af3
|
C#: Fix codeql analysis workflow
|
2021-03-01 09:18:05 +01:00 |
|
Anders Schack-Mulligen
|
37baf77b93
|
Merge pull request #5273 from intrigus-lgtm/java/unify-main-method-check
Java: Remove duplicate code.
|
2021-03-01 09:05:28 +01:00 |
|
Tamás Vajk
|
3b56e3520c
|
Merge pull request #5277 from tamasvajk/feature/fix-name-resolution
Fix method name resolution issue with nullable suppression
|
2021-03-01 08:47:21 +01:00 |
|
Jonas Jensen
|
208a374c58
|
Merge pull request #5256 from MathiasVP/promote-insecure-memset-query
C++: Promote insecure removal of memset query
|
2021-03-01 08:30:16 +01:00 |
|
Mathias Vorreiter Pedersen
|
d4f7fab7df
|
Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
|
2021-02-26 19:17:13 +01:00 |
|
Mathias Vorreiter Pedersen
|
0f7256752a
|
Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
|
2021-02-26 19:16:28 +01:00 |
|
Erik Krogh Kristensen
|
af7a188bbd
|
add change note
|
2021-02-26 17:18:30 +01:00 |
|
Erik Krogh Kristensen
|
214aa072b9
|
support host for http-proxy client requests
|
2021-02-26 17:18:29 +01:00 |
|
Erik Krogh Kristensen
|
cc48172fd8
|
add support for events in http-proxy
|
2021-02-26 17:17:47 +01:00 |
|
Erik Krogh Kristensen
|
ede1a40a02
|
add ClientRequst models for http-proxy
|
2021-02-26 17:17:46 +01:00 |
|
CodeQL CI
|
b7c0d18c4a
|
Merge pull request #5278 from erik-krogh/formData
Approved by asgerf
|
2021-02-26 08:13:41 -08:00 |
|
Erik Krogh Kristensen
|
ae051af9d8
|
remove redundant code
|
2021-02-26 14:15:30 +01:00 |
|
CodeQL CI
|
0e70b58a41
|
Merge pull request #5205 from erik-krogh/ts42
Approved by asgerf
|
2021-02-26 05:06:40 -08:00 |
|
Porcupiney Hairs
|
602f63ad45
|
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities.
|
2021-02-26 16:29:18 +05:30 |
|
Tom Hvitved
|
ac67c67ad7
|
Merge pull request #4998 from hvitved/csharp/shared-base-pre-ssa
C#: Use shared SSA implementation for `{Pre,Base}Ssa`
|
2021-02-26 11:29:07 +01:00 |
|
Erik Krogh Kristensen
|
c59e6fef80
|
add model for form-data
|
2021-02-26 10:54:46 +01:00 |
|
Erik Krogh Kristensen
|
00cfc77fc0
|
Revert "fix file lookup for exclude patterns"
This reverts commit 74630b0fd8.
|
2021-02-26 10:28:20 +01:00 |
|
Erik Krogh Kristensen
|
4ec3289ecc
|
update relation name in .stats file
|
2021-02-26 10:26:08 +01:00 |
|
Erik Krogh Kristensen
|
bd19d5a93c
|
remove is_abstract_signature.ql
|
2021-02-26 10:24:40 +01:00 |
|
Erik Krogh Kristensen
|
1cac692b1d
|
Update javascript/ql/src/semmle/javascript/TypeScript.qll
Co-authored-by: Asger F <asgerf@github.com>
|
2021-02-26 10:23:01 +01:00 |
|
Mathias Vorreiter Pedersen
|
42d2a673c7
|
C++: Respond to review comments.
|
2021-02-26 10:06:05 +01:00 |
|
Tamas Vajk
|
b3d6d0c12b
|
Fix method name resolution issue with nullable suppression
|
2021-02-26 09:48:37 +01:00 |
|
Mathias Vorreiter Pedersen
|
4e4ffbd790
|
Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md
Co-authored-by: Jonas Jensen <jbj@github.com>
|
2021-02-26 09:48:21 +01:00 |
|
Mathias Vorreiter Pedersen
|
72daf2eef9
|
C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude.
|
2021-02-26 09:19:05 +01:00 |
|
Tamás Vajk
|
ce69e3ae66
|
Merge pull request #5263 from tamasvajk/feature/fix-file-move
C#: Fix potentially concurrent file moves
|
2021-02-26 08:27:42 +01:00 |
|
Tamás Vajk
|
8241a9c2f1
|
Merge pull request #5264 from tamasvajk/feature/more-known-enums
C#: Add more well-known enum underlying types
|
2021-02-26 08:20:14 +01:00 |
|
yoff
|
e3b3825ab0
|
Merge pull request #5151 from RasmusWL/django-get-redirect-url
Python: Model get_redirect_url in django
|
2021-02-25 23:07:33 +01:00 |
|
intrigus
|
141f057f7b
|
Java: Remove duplicate code.
|
2021-02-25 21:29:26 +01:00 |
|
Mathias Vorreiter Pedersen
|
faadcd913e
|
C++: Exclude memsets that clear a variable that has no other uses.
|
2021-02-25 21:27:12 +01:00 |
|
Geoffrey White
|
0c4a5f5e2a
|
Merge pull request #5266 from geoffw0/isis
JS: Fix 'is, is' and 'is is'.
|
2021-02-25 18:55:41 +00:00 |
|
Mathias Vorreiter Pedersen
|
2777ca445e
|
Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2021-02-25 19:49:58 +01:00 |
|
Mathias Vorreiter Pedersen
|
9e7c9d0ea0
|
C++: Respond to review comments. Relax the escaping requirements on the local variable being used in memset.
|
2021-02-25 18:22:48 +01:00 |
|
CodeQL CI
|
1bd12e6fdf
|
Merge pull request #5199 from asgerf/js/vue-router
Approved by erik-krogh
|
2021-02-25 07:32:57 -08:00 |
|
Tamás Vajk
|
505d04b13e
|
Merge pull request #5102 from luchua-bc/java/main-method-in-servlet
Java: CWE-489 Query to detect main() method in servlets
|
2021-02-25 16:05:06 +01:00 |
|
Mathias Vorreiter Pedersen
|
3f26b2940d
|
Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
Co-authored-by: Jonas Jensen <jbj@github.com>
|
2021-02-25 15:48:48 +01:00 |
|
Geoffrey White
|
0e071b7b79
|
JS: Fix 'is, is' and 'is is'.
|
2021-02-25 14:16:25 +00:00 |
|
Tamas Vajk
|
3e651f14fd
|
C#: Add more well-known enum underlying types
|
2021-02-25 14:57:23 +01:00 |
|
Rasmus Wriedt Larsen
|
81b29316e1
|
Merge pull request #4737 from yoff/python-dataflow-add-cast-nodes
Python: Force read- and store steps to add nodes.
|
2021-02-25 14:28:54 +01:00 |
|
Tamás Vajk
|
9ae22cbebd
|
Merge pull request #5189 from tamasvajk/feature/refactor-3
C#: Split 'Context' class between CIL and source extraction
|
2021-02-25 14:28:25 +01:00 |
|