codeql

mirror of https://github.com/github/codeql.git synced 2026-02-06 18:21:07 +01:00

Author	SHA1	Message	Date
Mark Shannon	e2a3d91a7d	Python taint-tracking: If taint has no class allow it flow through both branches of isinstance test.	2019-04-04 14:29:34 +01:00
Asger F	d594e55a61	JS: Remove ShellJS::Instance for simplicity	2019-04-04 11:45:59 +01:00
Asger F	a2b8721898	JS: Add change note	2019-04-04 11:45:59 +01:00
Asger F	43f6b8fa70	JS: Add test	2019-04-04 11:44:56 +01:00
Asger F	3da76cb798	JS: add model of ShellJS	2019-04-04 11:44:56 +01:00
Geoffrey White	cb09d23069	CPP: Add a test of common mistakes using locking and similar classes.	2019-04-04 11:23:06 +01:00
Mark Shannon	8b01bac900	Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks.	2019-04-04 10:56:45 +01:00
Mark Shannon	bc19769e6d	Python: make sure code injection query is using correct sources.	2019-04-04 10:56:45 +01:00
Mark Shannon	35e82dca68	Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same.	2019-04-04 10:56:45 +01:00
Mark Shannon	f8c43ca40b	Python: make sure all django and flask request sources conform to interface.	2019-04-04 10:56:45 +01:00
Mark Shannon	61e6ae7c4a	Python: Use new taint-tracking query in unsafe deserialization query.	2019-04-04 10:56:45 +01:00
Mark Shannon	3c1a5bb046	Python: Use new taint-tracking query in code-injection query.	2019-04-04 10:56:44 +01:00
Mark Shannon	64e8be6ed1	Python: Use new taint-tracking query in reflected-xss query.	2019-04-04 10:56:44 +01:00
Mark Shannon	7fc5d690cd	Python: Use new taint-tracking query in SQL-injection query.	2019-04-04 10:56:44 +01:00
Anders Schack-Mulligen	15fa4f8b7a	Merge pull request #1007 from jbj/dataflow-dispatch-no-ctx C++: Simplify stubs in DataFlowDispatch.qll	2019-04-04 11:25:50 +02:00
Anders Schack-Mulligen	d144ea2f1c	Java: Exclude slf4j calls in PrintLnArray as it supports array formatting.	2019-04-04 11:09:41 +02:00
yh-semmle	b226cb64cd	Merge pull request #1189 from aschackmull/java/preconditions Java: Support precondition calls as guards (ODASA-7796).	2019-04-03 21:36:08 -04:00
Ziemowit Laski	921523e8e7	Merge branch 'cpp340a' of github.com:zlaski-semmle/ql into cpp340a	2019-04-03 17:56:34 -07:00
Ziemowit Laski	970c45e896	Merge branch 'master' into cpp340a	2019-04-03 17:52:46 -07:00
zlaski-semmle	b060fd13a6	Merge branch 'master' into cpp340a	2019-04-03 17:00:33 -07:00
Ziemowit Laski	e4ce8347bc	[CPP-340] Simplify MistypedFunctionArguments.ql and reduce its precision from very-high to high.	2019-04-03 16:19:37 -07:00
Rebecca Valentine	ec2e17f07a	adds whitelist and recursive cases, per PR change req	2019-04-03 10:06:02 -07:00
Tom Hvitved	f5d52d0652	Merge pull request #274 from lukecartey/csharp/remove-security-tags C#: Remove the 'security' tag from some queries	2019-04-03 17:04:25 +02:00
Asger F	3bc7371fd6	JS: be less conservative about incomplete nodes in prefix sanitizers	2019-04-03 15:20:03 +01:00
Jonas Jensen	d0091b28ee	Merge pull request #1199 from geoffw0/printfld CPP: Support %Ld in printf.qll	2019-04-03 15:38:16 +02:00
Taus	b79b53f5e3	Merge pull request #1103 from markshannon/python-encapsulate-builtins Python: encapsulate extensionals dealing with 'builtin' objects.	2019-04-03 15:20:42 +02:00
Anders Schack-Mulligen	9211927112	Java: Add change note.	2019-04-03 13:17:18 +02:00
calum	42b2f09315	C#: Tidy up query, remove false-positives and add some more test cases.	2019-04-03 12:17:01 +01:00
Geoffrey White	aa21db3ed3	CPP: Change note.	2019-04-03 11:57:38 +01:00
Geoffrey White	d4c931cf11	CPP: Permit %Ld and similar.	2019-04-03 11:46:48 +01:00
Geoffrey White	b3fd7ab757	CPP: Add test cases.	2019-04-03 11:46:30 +01:00
Esben Sparre Andreasen	3c608fe11e	Merge branch 'master' into js/improve-createServer	2019-04-03 12:37:33 +02:00
semmle-qlci	1da828fa80	Merge pull request #1195 from esben-semmle/js/firebase-express-requests Approved by xiemaisi	2019-04-03 11:36:02 +01:00
Anders Schack-Mulligen	5379c6e3c5	Merge pull request #1197 from felicity-semmle/java/update-query-description Java: Fix typo in query description	2019-04-03 12:09:26 +02:00
Felicity Chapman	ffeb61c698	Fix typo in query description	2019-04-03 10:46:48 +01:00
Jonas Jensen	2140995530	C++: Update QLDoc for new use of getFullyConverted	2019-04-03 10:52:05 +02:00
Jonas Jensen	4b159fd2a5	C++: Fix the suppression for alerts about enums The suppression mechanism broke when I changed `relOpWithSwap` to take fully-converted expressions as parameters.	2019-04-03 10:45:39 +02:00
Jonas Jensen	f9c9efeabe	Merge pull request #1188 from geoffw0/donotedit CPP: Consider more files to be generated.	2019-04-03 09:52:28 +02:00
Esben Sparre Andreasen	f23a5a5fee	JS: model firebase-functions/https.onRequest	2019-04-03 08:01:45 +02:00
Robert Marsh	fa8b771944	Merge pull request #1186 from jbj/dataflow-defbyref-1.20-fixes C++: Let data flow past definition by reference	2019-04-02 13:36:37 -07:00
Robert Marsh	65d0412692	Merge pull request #1194 from geoffw0/dead-goto CPP: Fix false positive from DeadCodeGoto.ql	2019-04-02 10:03:15 -07:00
Jonas Jensen	eae2fe5a16	Merge pull request #1190 from Semmle/rc/1.20 Merge 1.20 into master	2019-04-02 15:29:12 +02:00
Geoffrey White	2e106879b8	CPP: Change note.	2019-04-02 14:25:38 +01:00
Geoffrey White	8979361255	CPP: Exclude functions containing preprocessor logic.	2019-04-02 14:24:37 +01:00
Esben Sparre Andreasen	0b733b4f23	JS: treat the last argument to https.createServer as a route handler	2019-04-02 14:38:31 +02:00
Geoffrey White	5cb30b04cc	CPP: Add a test case.	2019-04-02 13:15:40 +01:00
Geoffrey White	1542fdc44b	CPP: Change AV Rule 107.ql to a recommendation.	2019-04-02 12:19:33 +01:00
Geoffrey White	96136a1c55	CPP: Change SloppyGlobal.ql to a recommendation.	2019-04-02 12:18:22 +01:00
Geoffrey White	c3ec7b55b7	CPP: Workaround improvement for File.compiledAsMicrosoft.	2019-04-02 11:40:49 +01:00
semmle-qlci	4ec2df6bad	Merge pull request #1179 from asger-semmle/js-windoc Approved by xiemaisi	2019-04-02 11:21:07 +01:00

... 749 750 751 752 753 ...

41812 Commits