codeql

mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00

Author	SHA1	Message	Date
yoff	687bb4dfc8	Merge pull request #3890 from github/tausbn-add-paths-ignore-to-code-scanning-config Code Scanning: Don't scan the Python directory.	2020-07-03 16:03:41 +02:00
Taus	01c4852360	Merge pull request #3701 from yoff/SharedDataflow Python: Start using the shared data flow libraries	2020-07-03 16:03:20 +02:00
Asger Feldthaus	b5104ae42d	JS: Add StartsWith sanitizer	2020-07-03 14:46:07 +01:00
Asger Feldthaus	4c06eb8bfe	JS: Add test showing FPs	2020-07-03 14:45:42 +01:00
Rasmus Lerchedahl Petersen	fe9520b50b	Python: correct doc for toString	2020-07-03 15:04:54 +02:00
Arthur Baars	5fff41f35b	Don't track taint on Map keys	2020-07-03 14:47:25 +02:00
Rasmus Lerchedahl Petersen	33cf96ccb8	Python: Address review comments	2020-07-03 14:11:58 +02:00
Anders Schack-Mulligen	6de612a566	Java: Split SpringWebRequestGetMethod into its own class.	2020-07-03 14:06:54 +02:00
Arthur Baars	2b248fb24f	CodeQL: exclude queries from CodeScanning suites	2020-07-03 14:03:00 +02:00
Arthur Baars	bb01dbd2ae	CodeQL: exclude queries from LGTM suites	2020-07-03 14:01:20 +02:00
Taus	b99ec29f6e	Code Scanning: Additionally exclude Java and C++.	2020-07-03 13:56:25 +02:00
Taus	39bc978573	Code Scanning: Don't scan the Python directory. ... Possibly some of the other language teams want to get on this? 🙂 If so, give me a shout!	2020-07-03 13:46:30 +02:00
yoff	d201eb2c12	Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-07-03 13:33:27 +02:00
yoff	59d611ddd5	Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-07-03 13:32:03 +02:00
yoff	8891fbf006	Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-07-03 13:31:38 +02:00
yoff	40a6728748	Update python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-07-03 13:30:10 +02:00
Max Schaefer	61bc51c133	Merge pull request #242 from max-schaefer/remove-experimental-precision Remove `@precision` from experimental query.	2020-07-03 10:53:18 +01:00
Max Schaefer	5343315ad0	Remove `@precision` from experimental query. We'll add it back when we take it out of experimental status.	2020-07-03 09:51:24 +01:00
Rasmus Lerchedahl Petersen	e3666004cf	Python: add some links to readme	2020-07-03 10:37:38 +02:00
Max Schaefer	570b232836	Merge pull request #235 from gagliardetto/bad-unsafe Query to find wrong uses of package "unsafe"	2020-07-03 09:36:10 +01:00
Shati Patel	45bd492161	Learning CodeQL: Add new library modeling guide (Go)	2020-07-03 08:10:44 +01:00
Rasmus Lerchedahl Petersen	a9e0288e5b	Python: exclude global vars from local flow	2020-07-03 08:41:10 +02:00
Rasmus Lerchedahl Petersen	bdc68ce6b6	Python: refactor `Node` class	2020-07-03 08:01:44 +02:00
luchua-bc	6d329bce6e	Add Apache Commons Logging and debugv method	2020-07-03 01:13:11 +00:00
Erik Krogh Kristensen	078b6a8df2	autoformat	2020-07-03 00:21:55 +02:00
Slavomir	94c0bc361d	Improve comments and alerts	2020-07-02 22:10:17 +03:00
semmle-qlci	04a0d47ab9	Merge pull request #3870 from hvitved/csharp/cfg/cond-out-param Approved by calumgrant	2020-07-02 18:48:05 +01:00
Arthur Baars	5f2a5f1b55	Java: Collections: add tests	2020-07-02 19:18:02 +02:00
Calum Grant	03cc4e179e	C#: Make fields readonly	2020-07-02 17:47:17 +01:00
Taus	ba634af86e	Merge pull request #3362 from RasmusWL/python-keyword-only-args Python: properly support keyword only arguments	2020-07-02 18:21:59 +02:00
Rasmus Lerchedahl Petersen	5f18fb427a	Python: update TODO	2020-07-02 16:20:38 +02:00
Erik Krogh Kristensen	261821b32c	Merge remote-tracking branch 'upstream/master' into queryStuff	2020-07-02 16:08:05 +02:00
Max Schaefer	534ab94067	Merge pull request #241 from max-schaefer/update-data-flow Update shared data-flow libraries	2020-07-02 14:07:32 +01:00
semmle-qlci	b5c8f2238b	Merge pull request #3805 from esbena/js/seal-freeze-flow Approved by asgerf	2020-07-02 13:54:54 +01:00
luchua-bc	a61f814b4b	Change to ServletResponse type and fix formatting error	2020-07-02 12:49:25 +00:00
Rasmus Wriedt Larsen	513c2974bd	Merge branch 'master' into python-keyword-only-args	2020-07-02 14:48:32 +02:00
Erik Krogh Kristensen	ceb19292cb	autoformat	2020-07-02 14:47:08 +02:00
Erik Krogh Kristensen	2b0a091921	split out type-tracking into two predicates, to avoid catastrophic join-order	2020-07-02 14:28:28 +02:00
Rasmus Wriedt Larsen	b2f8638ff0	Python: Update dbscheme with new comment	2020-07-02 14:17:55 +02:00
Taus	eecc3ca5dd	Merge pull request #3503 from RasmusWL/python-fix-django-taint-sinks Python: Fix django taint sinks	2020-07-02 13:32:35 +02:00
Tom Hvitved	7dfc584159	C#: Introduce delegate type in autobuilder	2020-07-02 13:29:49 +02:00
Tom Hvitved	527a099a26	C#: Fix CFG for conditional method calls with `out` parameters	2020-07-02 13:12:53 +02:00
Tom Hvitved	090205d9e9	C#: Add CFG test for conditional call to method with `out` parameter	2020-07-02 13:09:40 +02:00
Max Schaefer	b83076853f	Add change note.	2020-07-02 12:03:43 +01:00
Arthur Baars	21a4b8d6c0	Java: remove useless casts	2020-07-02 13:03:15 +02:00
Max Schaefer	89e9c6c2da	Teach clear-text logging query to ignore dummy passwords.	2020-07-02 12:02:56 +01:00
Max Schaefer	63187a0889	Make clear-text logging sources more precise.	2020-07-02 12:02:56 +01:00
Max Schaefer	7b903dd062	Teach `CleartextLogging` not to track through `error.Error()` and `fmt.Stringer.String()`. These two are very heavily overloaded and cause all sorts of false positives.	2020-07-02 12:02:56 +01:00
Arthur Baars	d80bf3395f	Add Navigable variants and sort method names	2020-07-02 13:02:38 +02:00
Max Schaefer	f807aa8b5e	Merge pull request #233 from owen-mc/library-modeling Create guide for modeling go libraries	2020-07-02 12:01:45 +01:00

... 523 524 525 526 527 ...

41418 Commits