hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
120 Commits 1,684 Branches 159 Tags
efc5f10f0789fdb6994782cffccfeebf2cb12e0d
Commit Graph

17 Commits

Author SHA1 Message Date
Max Schaefer
08ba795565 Sort lines in change notes. 2020-01-17 15:46:50 +00:00
Sauyon Lee
f32a785127 Merge pull request #217 from max/issue-24 
Switch RedundantExpr query back to using AST instead of global value numbering.
 2020-01-14 13:05:44 -08:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Max Schaefer
384d21b0e9 Switch RedundantExpr query back to using AST instead of global value numbers. 
Most current alerts (https://lgtm.com/rules/1510380685982/alerts/), while technically correct, are likely intentional and harmless. This change keeps only the interesting ones: https://lgtm.com/query/2999122885894714237
 2020-01-10 14:46:54 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
6f82310a9e Alert suppression through single-line /* */ style comments. 2020-01-02 14:34:11 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Shati Patel
e4346a17de Merge pull request #195 from max/impossible-interface-nil-check 
Add new query ImpossibleInterfaceNilCheck
 2019-11-27 11:15:05 +00:00
Max Schaefer
e5a12e9738 Add new query ImpossibleInterfaceNilCheck. 2019-11-26 20:28:53 +00:00
Max Schaefer
ee723d8a4f Fix DeadStoreOfField false positive. 
We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.
 2019-11-25 20:21:16 +00:00
Sauyon Lee
2c921d9418 Merge pull request #193 from max/header-xss 
Don't flag header injection as XSS.
 2019-11-25 11:56:54 -08:00
Sauyon Lee
61c2478541 Merge pull request #12 from github/rc/1.23 
Merge rc/1.23 into master
 2019-11-25 09:20:17 -08:00
Felicity Chapman
de2c7d8884 Minor text changes 2019-11-25 15:48:58 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS. 
All results I have seen from this are uninteresting.
 2019-11-25 15:06:53 +00:00
Max Schaefer
1ff032d11e Add new query ConstantLengthComparison. 2019-11-22 20:55:14 +00:00
Max Schaefer
7136713a5f Add change notes for 1.23. 2019-11-21 15:50:40 +00:00