codeql

mirror of https://github.com/github/codeql.git synced 2026-02-20 08:53:49 +01:00

Author	SHA1	Message	Date
Dave Bartolomeo	b0f7e9c6a7	C++: Accept test output	2020-05-13 08:02:17 -04:00
Bt2018	632cb8b666	Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2)	2020-05-13 07:55:32 -04:00
Bt2018	d9cc3c6f8d	Add a comment for reasoning in why debug and trace are included and other variations are excluded	2020-05-13 07:46:44 -04:00
Sauyon Lee	83a3b6336f	Add change note	2020-05-13 04:31:23 -07:00
Sauyon Lee	748dd6801e	Handle HTTP response writers that are fields	2020-05-13 04:31:07 -07:00
Sauyon Lee	9e5645fa9d	Add similar predicate to SsaWithFields	2020-05-13 03:56:55 -07:00
Esben Sparre Andreasen	c6fa88af28	JS: change notes	2020-05-13 12:56:33 +02:00
Esben Sparre Andreasen	9552352d6a	JS: address qhelp feedback	2020-05-13 12:53:59 +02:00
Rasmus Lerchedahl Petersen	d9d86e1f56	Make test pass	2020-05-13 12:16:11 +02:00
Jonas Jensen	1018eaff09	Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args Conflicts: cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected	2020-05-13 12:05:58 +02:00
Sauyon Lee	2089cb4543	Merge pull request #133 from max-schaefer/cleanup-conditional-bypass Cleanup conditional-bypass query	2020-05-13 02:31:13 -07:00
Esben Sparre Andreasen	7305a873b1	JS: formatting	2020-05-13 11:28:48 +02:00
Max Schaefer	005e49fe94	Merge pull request #130 from porcupineyhairs/MongoInjection Golang : Add MongoDB injection support	2020-05-13 09:43:49 +01:00
Sauyon Lee	24e939730a	Merge pull request #134 from max-schaefer/fix-test-errors Fix frontend errors in tests	2020-05-13 01:38:30 -07:00
Esben Sparre Andreasen	fedd32fc2b	JS: address review comment	2020-05-13 09:57:02 +02:00
Esben Sparre Andreasen	91f43a7dae	JS: address review comments	2020-05-13 09:52:01 +02:00
Jonas Jensen	038bea2f52	C++: Add type check to prevent field conflation	2020-05-13 09:25:24 +02:00
Jonas Jensen	250e12a323	C++: Demonstrate new field conflation	2020-05-13 09:24:36 +02:00
Esben Sparre Andreasen	7722d77c86	JS: add the NoSQL $where as a sink for js/code-injection	2020-05-13 08:30:22 +02:00
Esben Sparre Andreasen	20cf04442c	JS: model marsdb and minimongo	2020-05-13 08:28:59 +02:00
Anders Schack-Mulligen	f5e491caf0	Merge pull request #3448 from yo-h/java-qldoc-add Java: improve QLDoc completeness	2020-05-13 08:26:02 +02:00
Dave Bartolomeo	5d3f25211d	C++/C#: Remove `UnmodeledUse` instruction	2020-05-13 01:06:40 -04:00
Dave Bartolomeo	7f2c6dd9f9	C++/C#: Remove `UnmodeledUseOperand`	2020-05-13 01:05:27 -04:00
Bt2018	ffd442a17a	Fine tuning criteria 1. Change the regex pattern from variable contains "url" to variable starts with "url" 2. Add the logging trace method to sink	2020-05-12 23:24:55 -04:00
Bt2018	491b67e658	Change string concatenation in the source to TaintTracking::Configuration	2020-05-12 22:57:07 -04:00
Bt2018	106c181ab1	Formatting with auto-format	2020-05-12 15:53:29 -04:00
Max Schaefer	89d633ac3f	Merge pull request #120 from porcupineyhairs/SensitiveActionBypass User-controlled bypass of sensitive action	2020-05-12 19:48:24 +01:00
Max Schaefer	d438b5ec03	Merge pull request #131 from porcupineyhairs/IO Model stdlib's IO package.	2020-05-12 19:41:40 +01:00
yo-h	a884538238	Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-05-12 14:14:26 -04:00
yo-h	facd429d0a	Update java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2020-05-12 14:14:14 -04:00
Bt2018	d75841d6a7	Add sample usage and remove unused imports	2020-05-12 13:42:17 -04:00
jcreedcmu	3c233c762c	Merge pull request #3431 from jcreedcmu/jcreed/jump-to-def-langs Java, Javascript, Csharp: Add jump-to-definition queries	2020-05-12 10:54:11 -04:00
Tom Hvitved	d0c607c83f	Address review comments	2020-05-12 16:13:02 +02:00
semmle-qlci	6fb047aef6	Merge pull request #3451 from erik-krogh/fstreamWrite Approved by esbena	2020-05-12 14:58:02 +01:00
semmle-qlci	ee848328ab	Merge pull request #3442 from erik-krogh/SmallPerfs Approved by esbena	2020-05-12 14:36:34 +01:00
Rasmus Lerchedahl Petersen	6a35c6b4d4	Test: __bool__ does not raise TypeError by default	2020-05-12 15:28:12 +02:00
Slavomir	84e2a5ddd2	Add experimental library: gin web framework (#117 )	2020-05-12 14:27:11 +01:00
Max Schaefer	6f21b4030e	Merge pull request #135 from sauyon/tempfile-test Add support for ioutil TempFile and TempDir	2020-05-12 14:25:38 +01:00
Rasmus Wriedt Larsen	8150c78ae0	Python: In flask, taint routed prameters for variable rules Fixes https://github.com/github/codeql-python-team/issues/79	2020-05-12 15:02:32 +02:00
Jason Reed	569083d6d1	Csharp: Make Use class public, since definitions query needs it	2020-05-12 08:52:02 -04:00
Sauyon Lee	21bfaec0d3	TaintedPath: Add change note for tempfiles	2020-05-12 05:44:19 -07:00
Erik Krogh Kristensen	83d34b939c	change note	2020-05-12 14:24:04 +02:00
Erik Krogh Kristensen	d46148c045	add test case	2020-05-12 14:23:28 +02:00
Rasmus Wriedt Larsen	7d5e35a7aa	Python: Expand flask tests to use "variable rules" which is what flask calls them. wildcard rules in bottle, django doesn't even give them a proper term :(	2020-05-12 14:23:24 +02:00
Erik Krogh Kristensen	3707792cfd	recognize reading/wrinting calls to fstream methods	2020-05-12 14:18:07 +02:00
Porcupiney Hairs	e51bc42bfb	fix metadata	2020-05-12 17:31:24 +05:30
Sauyon Lee	33e4961c95	ReflectedXss: Add an equality test guard	2020-05-12 04:53:18 -07:00
Sauyon Lee	1ef06e9e40	Add getType to SsaWithFields	2020-05-12 04:52:44 -07:00
James Fletcher	a6c03a4350	Merge pull request #3449 from jf205/sd-38 CodeQL docs: remove information about metric queries	2020-05-12 12:21:09 +01:00
James Fletcher	85ebe04a1c	Update docs/language/learn-ql/writing-queries/query-metadata.rst Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>	2020-05-12 12:11:22 +01:00

... 561 562 563 564 565 ...

41418 Commits