codeql

mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	038cca814a	Merge branch 'main' into ts4	2020-08-28 10:27:49 +02:00
Taus	afe234dade	Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint Python: fstring taint change note should be for 1.26	2020-08-28 10:23:06 +02:00
CodeQL CI	80cb8be405	Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision Approved by esbena	2020-08-28 08:52:58 +01:00
Rasmus Wriedt Larsen	deff36e9af	Python: fstring taint change note should be for 1.26 This fixes problem introduced in https://github.com/github/codeql/pull/4127	2020-08-28 09:00:07 +02:00
Asger Feldthaus	e7a0bc6be6	JS: Lower precision of ambiguous HTML ID attribute	2020-08-27 15:51:34 +01:00
Rasmus Wriedt Larsen	13148b42d3	Python: Handle taint of f-strings	2020-08-24 17:23:10 +02:00
Erik Krogh Kristensen	db57f3661e	Merge branch 'main' into ts4	2020-08-21 15:08:30 +02:00
Geoffrey White	3d171f358a	Merge remote-tracking branch 'upstream/main' into vecmethods	2020-08-20 13:29:28 +01:00
Geoffrey White	acd1437103	C++: Change note.	2020-08-20 10:46:12 +01:00
CodeQL CI	6adedac337	Merge pull request #4096 from erik-krogh/qlMod Approved by esbena	2020-08-20 10:05:30 +01:00
Erik Krogh Kristensen	5b42e242af	add change note for supporting ".cjs" files	2020-08-20 09:18:26 +02:00
Jonas Jensen	b1c0e6f626	Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant	2020-08-20 08:20:31 +02:00
Jonas Jensen	b14bc42756	Merge pull request #4090 from geoffw0/strmethods C++: Model taint through many more methods in std::string	2020-08-19 16:40:46 +02:00
Jonas Jensen	b65f82210f	Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant	2020-08-18 16:51:56 +02:00
Jonas Jensen	a72d05ccdb	C++: Change note for = and constant	2020-08-18 15:07:35 +02:00
Tom Hvitved	bc77916246	Merge pull request #4093 from tamasvajk/feature/change-notes C#: Add change notes for C# analysis	2020-08-18 14:35:01 +02:00
Tamas Vajk	6ae53b1865	C#: Add change notes for C# analysis	2020-08-18 11:10:04 +02:00
Geoffrey White	5d485859af	Merge remote-tracking branch 'upstream/main' into uncontrolled-alloc-size	2020-08-17 20:49:35 +01:00
Geoffrey White	be91cec7ad	C++: Add change note.	2020-08-17 20:45:49 +01:00
Geoffrey White	d76b25ec22	C++: Change note.	2020-08-17 17:55:52 +01:00
CodeQL CI	c917cd02bd	Merge pull request #4054 from erik-krogh/urlIncludes Approved by esbena	2020-08-17 13:54:25 +01:00
Geoffrey White	498b350add	Merge remote-tracking branch 'upstream/master' into plus	2020-08-13 18:21:28 +01:00
Erik Krogh Kristensen	dc6943b739	Update change-notes/1.26/analysis-javascript.md Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-13 11:34:53 +02:00
Jonas Jensen	5e5a112c36	C++: Change note	2020-08-13 08:37:13 +02:00
Erik Krogh Kristensen	dc55ce2bf0	add change note	2020-08-12 14:27:33 +02:00
Erik Krogh Kristensen	211ef61039	add change note	2020-08-12 09:29:34 +02:00
Geoffrey White	50558257fc	C++: Change note.	2020-08-11 17:05:49 +01:00
Jonas Jensen	1f432dc45f	Merge pull request #4023 from geoffw0/loopdir C++: Exclude decrementing unsigned counters from inconsistentLoopDirection.ql	2020-08-10 12:10:29 +02:00
Erik Krogh Kristensen	7670e7da97	retarget change-note for 1.26	2020-08-07 18:17:46 +02:00
Geoffrey White	6e18be43f3	C++: Change note.	2020-08-06 19:27:12 +01:00
Geoffrey White	0281456948	C++: Add a 1.26 change note file (what happened to the templates?)	2020-08-06 19:21:06 +01:00
Erik Krogh Kristensen	b43d410ab1	add change log for JSON serializers	2020-08-05 12:14:56 +02:00
semmle-qlci	5b1d25591e	Merge pull request #3979 from max-schaefer/js/more-comand-injection-models Approved by asgerf	2020-07-30 15:10:46 +01:00
Tom Hvitved	f91043e08e	C#: Add change note	2020-07-29 10:27:40 +02:00
Max Schaefer	91762ec274	JavaScript: Add partial model for `opener`. 3.5M weekly downloads. Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.	2020-07-27 11:42:32 +01:00
Max Schaefer	9aa26fa4bc	JavaScript: Add model for `foreground-child`. >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another `execa` function relevant for command injection.	2020-07-27 11:34:04 +01:00
semmle-qlci	bfb734e1d7	Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 Approved by erik-krogh	2020-07-02 08:30:45 +01:00
semmle-qlci	45ef3ec4a8	Merge pull request #3619 from erik-krogh/CWE022-Correctness Approved by asgerf	2020-07-01 20:07:58 +01:00
semmle-qlci	c850938af0	Merge pull request #3833 from asger-semmle/js/vue-class-component Approved by erik-krogh	2020-06-30 13:16:42 +01:00
Asger Feldthaus	fcb365188b	JS: Add change note	2020-06-29 09:59:17 +01:00
ubuntu	bb06014f3d	Add fancy-log	2020-06-28 22:02:02 +02:00
Asger Feldthaus	84d21074e5	JS: Support Vue class components	2020-06-27 21:24:46 +01:00
semmle-qlci	92cc59b47b	Merge pull request #3800 from esbena/js/npmlog Approved by erik-krogh	2020-06-26 07:54:08 +01:00
semmle-qlci	cf0cd00458	Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return Approved by erik-krogh	2020-06-25 15:28:57 +01:00
semmle-qlci	c39dce4d66	Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup Approved by erik-krogh	2020-06-25 14:56:17 +01:00
Esben Sparre Andreasen	4bfce4b8a3	JS: model npmlog (and recognize the "verbose" log level)	2020-06-25 12:06:51 +02:00
Asger Feldthaus	a109c1fc96	JS: Change note	2020-06-25 11:04:08 +01:00
Robert Marsh	3e6a19843d	Merge pull request #3727 from jbj/tainted-format-string-high C++: Raise cpp/tainted-format-string* precisions to high	2020-06-24 15:06:13 -07:00
Asger Feldthaus	e2a300e811	JS: Add change note	2020-06-24 10:33:45 +01:00

1 2 3 4 5 ...

1588 Commits