codeql

mirror of https://github.com/github/codeql.git synced 2026-02-17 23:43:42 +01:00

Author	SHA1	Message	Date
Sauyon Lee	e1a7269a45	Allow dependencies to match imports of subpackages	2020-04-03 10:42:19 -07:00
Max Schaefer	d13d2f27e6	Add missing QlDoc.	2020-04-03 17:08:56 +01:00
Jonas Jensen	bb3616e4c4	C++: Add example for globalVarFromId	2020-04-03 17:51:35 +02:00
semmle-qlci	a8098a2b2d	Merge pull request #3197 from erik-krogh/NormalPathSanitizer Approved by asgerf	2020-04-03 16:33:18 +01:00
Jonas Jensen	5822cd7b84	C++: Put paths in the remaining LGTM-suite queries	2020-04-03 17:10:47 +02:00
Jonas Jensen	3ec1f691c2	C++: First query with flow-paths through globals	2020-04-03 16:45:00 +02:00
Jonas Jensen	aaebe3687e	C++: Fix copy-paste error in convertedExprNode	2020-04-03 16:37:23 +02:00
Jonas Jensen	469bdae9b2	C++: More helpful toString for def. by ref. node	2020-04-03 16:37:23 +02:00
Jonas Jensen	36da2d1dae	C++: Manipulate the source end of paths too Without this, we get duplicate alerts in some cases and unnatural-looking source nodes in other cases. The source nodes were often `Conversion`s.	2020-04-03 16:37:23 +02:00
Jonas Jensen	e916f07a8e	C++: Formatting fixups	2020-04-03 15:52:13 +02:00
Jonas Jensen	427815d3d1	C++: taintedWithPath QLDoc + simplification	2020-04-03 15:52:13 +02:00
Jonas Jensen	3653627650	C++: Let configuration class extend singleton	2020-04-03 15:52:13 +02:00
Erik Krogh Kristensen	9c2053168b	writing out the truth table for DotDotSlashPrefixRemovingReplace	2020-04-03 15:46:47 +02:00
Tom Hvitved	8d81b885c6	C#: Unset `Platform` env variable when invoking `vcvarsall.bat`	2020-04-03 14:47:34 +02:00
semmle-qlci	676da02118	Merge pull request #3192 from asger-semmle/js/missing-await-not-delete Approved by esbena	2020-04-03 13:21:48 +01:00
Shati Patel	a93aafcab5	Merge pull request #3194 from shati-patel/50-intro-to-ql Docs: Include "Introduction to QL" in tutorial topic	2020-04-03 12:12:00 +01:00
Tom Hvitved	4e2d6c0250	C#: Add missing QL doc	2020-04-03 12:45:56 +02:00
Mathias Vorreiter Pedersen	c54cddead1	C++: Include PrintValueNumbering in testcase	2020-04-03 12:42:06 +02:00
Calum Grant	adde52d33c	C#: Add missing files	2020-04-03 11:22:50 +01:00
Jonas Jensen	16c7a35b1c	Merge pull request #3195 from geoffw0/taintstring C++: Model taint flow through std::string constructor and c_str()	2020-04-03 12:05:07 +02:00
Erik Krogh Kristensen	94751c1b31	dst can be relative for "../" replace call	2020-04-03 11:08:31 +02:00
Calum Grant	6a26a6542a	C#: Remove a function.	2020-04-03 09:42:25 +01:00
semmle-qlci	dc774e0eac	Merge pull request #3166 from erik-krogh/DeadLocal Approved by asgerf	2020-04-03 09:36:20 +01:00
Max Schaefer	407493094d	Merge pull request #75 from sauyon/ssrf-refinement SSRF query refinements	2020-04-03 09:31:24 +01:00
Tom Hvitved	08fbd1d2ad	C#: Update change notes	2020-04-03 10:25:46 +02:00
Geoffrey White	73bfd819d9	C++: Rename classes.	2020-04-03 09:23:31 +01:00
Geoffrey White	1bcf187c3e	C++: Rename Strings.qll -> StdString.qll.	2020-04-03 09:17:33 +01:00
Mathias Vorreiter Pedersen	1e73528102	C++/C#: Add synchronization	2020-04-03 10:08:00 +02:00
Mathias Vorreiter Pedersen	0b12c1519b	C++/C#: Sync identical files	2020-04-03 10:06:37 +02:00
Mathias Vorreiter Pedersen	0f70944a5b	C++: Move ValueNumberPropertyProvider into its own file to prevent accidental imports	2020-04-03 09:55:41 +02:00
Erik Krogh Kristensen	e46cde17a1	add a "../" removing taint-step for js/path-injection	2020-04-03 09:42:05 +02:00
Sauyon Lee	dcd6aaf69a	Alphabetize change notes	2020-04-03 00:01:19 -07:00
Sauyon Lee	ea3a7e8038	Apply suggestions from code review Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-04-02 23:58:39 -07:00
Sauyon Lee	e27947e280	Add comment for new url concatenation sanitizer	2020-04-02 23:58:39 -07:00
Sauyon Lee	3c02b3ab74	Add SafeUrlFlowCustomizations doc comment	2020-04-02 23:58:38 -07:00
Sauyon Lee	c68e509508	OpenUrlRedirect: Fix some comments	2020-04-02 23:58:37 -07:00
Sauyon Lee	4e5b17e18d	Sanitize hostname if there is a slash and a previous component	2020-04-02 23:58:36 -07:00
Sauyon Lee	4b3982154a	Add a SafeUrlFlow configuration	2020-04-02 23:58:35 -07:00
Sauyon Lee	4bcffe2d47	RequestForgery: Add a safe URL sanitizer	2020-04-02 23:58:34 -07:00
Sauyon Lee	1c859a8991	Address review comments	2020-04-02 23:58:33 -07:00
Sauyon Lee	3577d75607	RequestForgery: Add change note	2020-04-02 23:58:17 -07:00
Sauyon Lee	89a03c8b67	RequestForgery: Add high precision	2020-04-02 23:49:58 -07:00
Sauyon Lee	830c3fce2a	RequestForgery: Add tests	2020-04-02 23:49:57 -07:00
Sauyon Lee	314787956b	Allow write base to be inside an implicit dereference	2020-04-02 23:49:56 -07:00
Sauyon Lee	e9b0f88946	RequestForgery: Add taint step for URL Host assignment	2020-04-02 23:49:55 -07:00
Sauyon Lee	12928d9f17	HTTP: Add model for Client.Do	2020-04-02 23:49:55 -07:00
Sauyon Lee	6876eabf54	RequestForgery: Add query help	2020-04-02 23:49:54 -07:00
Sauyon Lee	b23c75afb6	RequestForgery: move query from experimental	2020-04-02 23:49:53 -07:00
Max Schaefer	77c282824e	Merge pull request #81 from gagliardetto/system-executors Expand system executors (continuation of #70)	2020-04-03 07:24:05 +01:00
Shati Patel	b267df0077	Address review comments + make article intro consistent with map topic	2020-04-03 00:02:14 +01:00

... 583 584 585 586 587 ...

41418 Commits