codeql

mirror of https://github.com/github/codeql.git synced 2026-02-07 02:31:06 +01:00

Author	SHA1	Message	Date
CodeQL CI	8d1e22bc38	Merge pull request #7632 from erik-krogh/CWE-862 Approved by esbena, felicitymay	2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen	d4bac887cf	add a js/samesite-none-cookie cookie	2022-01-24 21:39:41 +01:00
yo-h	364f07e3c5	Merge pull request #7725 from github/turbo-go-117-update Update supported Go version	2022-01-24 15:23:00 -05:00
Robert Marsh	6d3381cb89	Merge pull request #7718 from MathiasVP/move-return-stack-allocated-memory-into-code-scanning C++: Add `security` tag to `cpp/return-stack-allocated-memory`	2022-01-24 14:52:23 -05:00
Tom Hvitved	66a24c5c49	Ruby: Introduce `TAnyArrayElementContent`	2022-01-24 20:25:05 +01:00
Pierre	af0fc37f39	Update supported Go version	2022-01-24 20:20:04 +01:00
Andrew Eisenberg	f71217706a	Merge branch 'main' into aeisenberg/getting-started-docs	2022-01-24 11:16:13 -08:00
Rasmus Wriedt Larsen	301318020f	Merge pull request #7455 from haby0/py/add-shutil-module-path-injection-sinks Python: Add shutil module sinks for path injection query	2022-01-24 20:06:36 +01:00
Tom Hvitved	e3afcb1b06	C#: Add missing `severity` and update expected test output	2022-01-24 20:00:25 +01:00
Tom Hvitved	65e1c0ebc1	Merge remote-tracking branch 'upstream/main' into cs/hash-without-salt	2022-01-24 19:57:07 +01:00
Geoffrey White	e42d3e540a	C++: Change note.	2022-01-24 18:32:17 +00:00
Geoffrey White	764f27f08e	C++: Upgrade to path-problem.	2022-01-24 18:32:05 +00:00
Geoffrey White	bbaac556e2	C++: Reveal the FP to be an issue with dataflow / model of strcpy.	2022-01-24 17:53:37 +00:00
Geoffrey White	11929378c7	C++: Upgrade cpp/cleartext-storage-file to full taint flow.	2022-01-24 17:48:45 +00:00
Andrew Eisenberg	497c87851c	Merge pull request #7571 from github/aeisenberg/remove-upgrades Update docs on the output of `resolve qlpacks`	2022-01-24 09:02:02 -08:00
Erik Krogh Kristensen	75f389749a	Merge pull request #7719 from erik-krogh/cwe-219 JS: add CWE-219 to js/exposure-of-private-files	2022-01-24 17:06:09 +01:00
Tom Hvitved	cc712c20cb	Ruby: Use `bitShiftLeft` instead of `pow` in `parseInteger`	2022-01-24 16:06:35 +01:00
Erik Krogh Kristensen	bb786bc557	fix good/bad mixup in ClientExposedCookie qhelp	2022-01-24 15:34:30 +01:00
Tony Torralba	4f4f531dfc	Add missing QLDoc	2022-01-24 15:13:09 +01:00
Tom Hvitved	6efa595478	Merge pull request #7688 from hvitved/dataflow/required-component-stack Data flow: Restructure `RequiredSummaryComponentStack`	2022-01-24 15:10:08 +01:00
Tom Hvitved	2a972dc045	Address review comments	2022-01-24 14:27:42 +01:00
Tony Torralba	b59fd4070f	Merge pull request #7136 from atorralba/atorralba/promote-insecure-trustmanager Java: Promote Insecure TrustManager from experimental	2022-01-24 14:05:14 +01:00
Erik Krogh Kristensen	148b0c33a9	update the empty-password-in-config-file qhelp	2022-01-24 13:39:54 +01:00
Erik Krogh Kristensen	ab0d67a573	update query name and description Co-authored-by: Felicity Chapman <felicitymay@github.com>	2022-01-24 13:37:25 +01:00
Erik Krogh Kristensen	b2dc02b831	Merge pull request #7717 from erik-krogh/cwe-80 JS: add CWE-80 to queries that detect bad HTML sanitizers	2022-01-24 13:34:57 +01:00
Tom Hvitved	64f19637d4	Address review comments	2022-01-24 13:33:18 +01:00
Erik Krogh Kristensen	823cadecd5	add CWE-219 to js/exposure-of-private-files	2022-01-24 13:22:06 +01:00
Tom Hvitved	6a2f4719e8	Merge pull request #672 from github/post-release-prep/codeql-cli-2.7.6 Post-release preparation for codeql-cli-2.7.6	2022-01-24 13:01:01 +01:00
Edoardo Pirovano	413c0a8f4f	Merge pull request #7673 from github/post-release-prep/codeql-cli-2.7.6 Post-release preparation for codeql-cli-2.7.6 lgtm/v1.30.0	2022-01-24 11:59:51 +00:00
Mathias Vorreiter Pedersen	7db66055e5	C++: Add change note.	2022-01-24 11:57:25 +00:00
Mathias Vorreiter Pedersen	08379df613	C++: Add 'security' tag to 'cpp/return-stack-allocated-memory'.	2022-01-24 11:43:38 +00:00
Geoffrey White	4c99d39acf	Merge pull request #7701 from MathiasVP/remove-intentional-get-stack-pointer C++: Remove FPs from `cpp/return-stack-allocated-memory`	2022-01-24 11:39:10 +00:00
Geoffrey White	588447d596	C++: Fix up isParameterDeref.	2022-01-24 11:06:24 +00:00
Owen Mansel-Chan	daabd3a045	Merge pull request #673 from owen-mc/refactor-returnvalue-n Refactor `ReturnValue[n]` in data flow libraries	2022-01-24 10:47:22 +00:00
Arthur Baars	78b4d7cbb5	Ruby: remove redundant cast	2022-01-24 11:27:31 +01:00
Arthur Baars	0cef887683	Ruby: address comments	2022-01-24 11:27:26 +01:00
Geoffrey White	683f909f7a	Merge pull request #7704 from geoffw0/clrtxt4 C++: Another improvement to cpp/cleartext-transmission	2022-01-24 10:11:11 +00:00
Erik Krogh Kristensen	ab1bc685bb	add CWE-80 to queries that detect bad HTML sanitizers	2022-01-24 11:01:17 +01:00
Stephan Brandauer	02db472209	consistent notation	2022-01-24 10:58:06 +01:00
Anders Schack-Mulligen	7af6dc7164	Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks Java: Remove some JNDI Injection sinks	2022-01-24 10:53:58 +01:00
Stephan Brandauer	8be58fe01e	Fix comment to avoid summarizing implementation Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-01-24 10:47:28 +01:00
Arthur Baars	5df1f7a0c3	Ruby: use CfgNodes classes to implement case value to pattern variable taint steps	2022-01-24 10:31:08 +01:00
Arthur Baars	7d7e9ba9e1	Ruby: add CasePattern classes to CfgNodes	2022-01-24 10:31:08 +01:00
Arthur Baars	e9a01f9e8f	Ruby: fix test case	2022-01-24 10:31:08 +01:00
Arthur Baars	634c8cd060	Ruby: Generalize CfgNodes::ChildMapping	2022-01-24 10:31:08 +01:00
Arthur Baars	fcec8a8388	Address comments	2022-01-24 10:31:08 +01:00
Arthur Baars	ab4935fe68	Ruby: fix some alerts	2022-01-24 10:31:08 +01:00
Arthur Baars	7630b277b8	Ruby: update AST and CFG test data	2022-01-24 10:31:08 +01:00
Arthur Baars	26a0167d6d	Ruby: add taint step test for hash patterns	2022-01-24 10:31:06 +01:00
Arthur Baars	49c452239e	Ruby: add taint steps from case value to variables in patterns	2022-01-24 10:10:22 +01:00

... 123 124 125 126 127 ...

40697 Commits