codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00

Author	SHA1	Message	Date
CodeQL CI	58f51899c9	Merge pull request #4173 from erik-krogh/targetBlankFP Approved by esbena	2020-09-04 08:21:22 +01:00
Tom Hvitved	7f18c3377e	Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 C#: Remove assembly prefixes from TRAP labels	2020-09-04 09:20:39 +02:00
Mathias Vorreiter Pedersen	b7774b2a82	Merge pull request #4201 from geoffw0/insert C++: Model iterator versions of string and vector methods	2020-09-03 21:45:36 +02:00
Geoffrey White	50d9a85143	C++: Update change note.	2020-09-03 10:52:27 +01:00
Erik Krogh Kristensen	4fdd2cd794	add change note	2020-09-03 10:06:52 +02:00
Erik Krogh Kristensen	87d39db95f	add change note	2020-09-03 08:58:33 +02:00
Tom Hvitved	701e189c1b	C#: Add change note	2020-09-02 10:52:22 +02:00
Asger F	813d14791d	Merge pull request #4043 from erik-krogh/ts4 JS: Add support for TypeScript 4	2020-08-28 14:02:08 +01:00
Calum Grant	93e0bd9d85	Merge pull request #4126 from tamasvajk/feature/array-index C#: Fix computed sizes for implicitly sized array creation	2020-08-28 11:21:39 +01:00
Erik Krogh Kristensen	038cca814a	Merge branch 'main' into ts4	2020-08-28 10:27:49 +02:00
Taus	afe234dade	Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint Python: fstring taint change note should be for 1.26	2020-08-28 10:23:06 +02:00
CodeQL CI	80cb8be405	Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision Approved by esbena	2020-08-28 08:52:58 +01:00
Rasmus Wriedt Larsen	deff36e9af	Python: fstring taint change note should be for 1.26 This fixes problem introduced in https://github.com/github/codeql/pull/4127	2020-08-28 09:00:07 +02:00
Asger Feldthaus	e7a0bc6be6	JS: Lower precision of ambiguous HTML ID attribute	2020-08-27 15:51:34 +01:00
Tamas Vajk	18c65e9f73	Fix typo in change notes	2020-08-26 15:57:41 +02:00
Tamas Vajk	3f54e5d310	Add change note	2020-08-26 15:12:11 +02:00
Rasmus Wriedt Larsen	13148b42d3	Python: Handle taint of f-strings	2020-08-24 17:23:10 +02:00
Erik Krogh Kristensen	db57f3661e	Merge branch 'main' into ts4	2020-08-21 15:08:30 +02:00
Geoffrey White	3d171f358a	Merge remote-tracking branch 'upstream/main' into vecmethods	2020-08-20 13:29:28 +01:00
Geoffrey White	acd1437103	C++: Change note.	2020-08-20 10:46:12 +01:00
CodeQL CI	6adedac337	Merge pull request #4096 from erik-krogh/qlMod Approved by esbena	2020-08-20 10:05:30 +01:00
Erik Krogh Kristensen	5b42e242af	add change note for supporting ".cjs" files	2020-08-20 09:18:26 +02:00
Jonas Jensen	b1c0e6f626	Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant	2020-08-20 08:20:31 +02:00
Jonas Jensen	b14bc42756	Merge pull request #4090 from geoffw0/strmethods C++: Model taint through many more methods in std::string	2020-08-19 16:40:46 +02:00
Jonas Jensen	b65f82210f	Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant	2020-08-18 16:51:56 +02:00
Jonas Jensen	a72d05ccdb	C++: Change note for = and constant	2020-08-18 15:07:35 +02:00
Tom Hvitved	bc77916246	Merge pull request #4093 from tamasvajk/feature/change-notes C#: Add change notes for C# analysis	2020-08-18 14:35:01 +02:00
Tamas Vajk	6ae53b1865	C#: Add change notes for C# analysis	2020-08-18 11:10:04 +02:00
Geoffrey White	5d485859af	Merge remote-tracking branch 'upstream/main' into uncontrolled-alloc-size	2020-08-17 20:49:35 +01:00
Geoffrey White	be91cec7ad	C++: Add change note.	2020-08-17 20:45:49 +01:00
Geoffrey White	d76b25ec22	C++: Change note.	2020-08-17 17:55:52 +01:00
CodeQL CI	c917cd02bd	Merge pull request #4054 from erik-krogh/urlIncludes Approved by esbena	2020-08-17 13:54:25 +01:00
Geoffrey White	498b350add	Merge remote-tracking branch 'upstream/master' into plus	2020-08-13 18:21:28 +01:00
Erik Krogh Kristensen	dc6943b739	Update change-notes/1.26/analysis-javascript.md Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-13 11:34:53 +02:00
Jonas Jensen	5e5a112c36	C++: Change note	2020-08-13 08:37:13 +02:00
Erik Krogh Kristensen	dc55ce2bf0	add change note	2020-08-12 14:27:33 +02:00
Erik Krogh Kristensen	211ef61039	add change note	2020-08-12 09:29:34 +02:00
Geoffrey White	50558257fc	C++: Change note.	2020-08-11 17:05:49 +01:00
Jonas Jensen	1f432dc45f	Merge pull request #4023 from geoffw0/loopdir C++: Exclude decrementing unsigned counters from inconsistentLoopDirection.ql	2020-08-10 12:10:29 +02:00
Erik Krogh Kristensen	7670e7da97	retarget change-note for 1.26	2020-08-07 18:17:46 +02:00
Geoffrey White	6e18be43f3	C++: Change note.	2020-08-06 19:27:12 +01:00
Geoffrey White	0281456948	C++: Add a 1.26 change note file (what happened to the templates?)	2020-08-06 19:21:06 +01:00
Erik Krogh Kristensen	b43d410ab1	add change log for JSON serializers	2020-08-05 12:14:56 +02:00
semmle-qlci	5b1d25591e	Merge pull request #3979 from max-schaefer/js/more-comand-injection-models Approved by asgerf	2020-07-30 15:10:46 +01:00
Tom Hvitved	f91043e08e	C#: Add change note	2020-07-29 10:27:40 +02:00
Max Schaefer	91762ec274	JavaScript: Add partial model for `opener`. 3.5M weekly downloads. Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.	2020-07-27 11:42:32 +01:00
Max Schaefer	9aa26fa4bc	JavaScript: Add model for `foreground-child`. >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another `execa` function relevant for command injection.	2020-07-27 11:34:04 +01:00
semmle-qlci	bfb734e1d7	Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 Approved by erik-krogh	2020-07-02 08:30:45 +01:00
semmle-qlci	45ef3ec4a8	Merge pull request #3619 from erik-krogh/CWE022-Correctness Approved by asgerf	2020-07-01 20:07:58 +01:00

1 2 3 4 5 ...

1599 Commits