codeql

mirror of https://github.com/github/codeql.git synced 2026-03-27 09:48:16 +01:00

Author	SHA1	Message	Date
Felicity Chapman	0e0d0499bb	Merge pull request #3413 from felicitymay/update-docs-reviews Update requirements for docs review	2020-05-05 19:05:57 +01:00
Mathias Vorreiter Pedersen	114310700a	Merge pull request #3414 from geoffw0/issue3356 C++: Fix error in QLDoc.	2020-05-05 18:07:49 +02:00
Geoffrey White	3e2e69c06a	C++: Autoformat.	2020-05-05 16:55:15 +01:00
Max Schaefer	9f59777cc9	Merge pull request #119 from jcreedcmu/jcreed/jump-to-def-ide Add queries for ide search.	2020-05-05 15:10:58 +01:00
Jason Reed	c759e891d0	Python: Exclude additional tag from LGTM suites	2020-05-05 09:43:40 -04:00
jcreedcmu	6cf30ef87a	Update python/ql/src/analysis/DefinitionTracking.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-05-05 09:40:54 -04:00
Jason Reed	5653889a39	Exclude IDE queries from query suites.	2020-05-05 09:22:44 -04:00
Max Schaefer	2fb3d39f61	Merge pull request #128 from sauyon/mux Add support for Mux library	2020-05-05 13:57:37 +01:00
Anders Schack-Mulligen	11ffcc4378	Merge pull request #2912 from Mithrilwoodrat/master Add check for disabled HTTPOnly setting in Tomcat	2020-05-05 14:39:32 +02:00
Geoffrey White	27490a35ae	C++: Fix error in QLDoc.	2020-05-05 13:37:14 +01:00
monkey-junkie	560674b670	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-05 15:36:11 +03:00
monkey-junkie	758e85dd3e	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-05 15:34:57 +03:00
Tom Hvitved	e8e27e0e00	C#: Address review comments	2020-05-05 14:28:13 +02:00
Tom Hvitved	3d37a49ccd	C#: Add change note	2020-05-05 14:28:13 +02:00
Tom Hvitved	19c3e6a58d	C#: Add DB upgrade script	2020-05-05 14:28:13 +02:00
Tom Hvitved	c324c388d0	C#: Refine `UnboundGeneric` and `ConstructedGeneric`	2020-05-05 14:28:13 +02:00
Tom Hvitved	8a01023dee	C#: Add more generics tests	2020-05-05 14:28:13 +02:00
Tom Hvitved	4f7743058a	C#: Restructure existing generics tests	2020-05-05 14:28:13 +02:00
Felicity Chapman	c0ebf12ab0	Update requirements for docs review	2020-05-05 13:25:19 +01:00
monkey-junkie	a8019705b5	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-05 15:24:24 +03:00
monkey-junkie	0aaa8af3bd	Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2020-05-05 15:24:10 +03:00
Geoffrey White	2940f4794e	C++: Fix isfromtemplateinstantiation test.	2020-05-05 13:12:44 +01:00
Esben Sparre Andreasen	99e5db407f	JS: address review comments	2020-05-05 14:04:05 +02:00
Erik Krogh Kristensen	a4eee7e88e	more -> additional Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-05 14:01:39 +02:00
Tom Hvitved	e95cc24b3f	Data flow: Support stores into nodes that are not `PostUpdateNode`s	2020-05-05 14:01:04 +02:00
Geoffrey White	0b381b9ba7	C++: Autoformat.	2020-05-05 12:58:54 +01:00
Erik Krogh Kristensen	bffb12725b	add test and change-note to prototype-polution	2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen	38db731e0b	add change note and new test for js/incomplete-url-scheme-check	2020-05-05 13:38:27 +02:00
Erik Krogh Kristensen	f56915d99f	add change note for js/xss	2020-05-05 13:36:50 +02:00
Erik Krogh Kristensen	3568439769	change getAnElementRead to getASubstringRead	2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen	8711a8744c	update expected output	2020-05-05 13:27:32 +02:00
Erik Krogh Kristensen	fe02137d0b	change naming of StringSplitCall methods	2020-05-05 13:27:14 +02:00
Anders Schack-Mulligen	b7458091a9	Merge pull request #3110 from hvitved/dataflow/no-more-summaries Data flow: No more flow summaries	2020-05-05 13:27:07 +02:00
Erik Krogh Kristensen	4a26c293c1	fix number of arguments for String.prototype.split	2020-05-05 13:22:35 +02:00
Erik Krogh Kristensen	f586639703	change getSplitAt to getSeparator Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-05-05 13:22:21 +02:00
Matthew Gretton-Dann	52d8acc1a1	Merge pull request #3404 from nickrolfe/field_attrs C++: add test for attributes on fields	2020-05-05 12:12:28 +01:00
Max Schaefer	a79f2b4f44	Add change note for `CleartextLogging`.	2020-05-05 12:05:09 +01:00
Max Schaefer	b177d58c88	Tweak test. The query under test isn't a `@problem` query, so we should refer to "alerts".	2020-05-05 12:05:09 +01:00
Max Schaefer	60a6c96863	Simplify modeling of `NewContent`.	2020-05-05 12:05:09 +01:00
Max Schaefer	5a96b0e8ac	Add two function models for handling MIME APIs.	2020-05-05 12:05:09 +01:00
Max Schaefer	be94f2b9e6	Improve and extend various standard-library function models.	2020-05-05 12:05:09 +01:00
Max Schaefer	ca0d9cc66e	Merge pull request #127 from max-schaefer/clean-up-email-injection Clean up `EmailInjection.qll` and related libraries.	2020-05-05 11:56:43 +01:00
Sauyon Lee	a841077cbe	Add support for Mux library	2020-05-05 03:25:08 -07:00
Max Schaefer	54f10157b0	Update ql/src/semmle/go/frameworks/Email.qll Co-authored-by: Sauyon Lee <sauyon@github.com>	2020-05-05 11:24:19 +01:00
Rasmus Wriedt Larsen	6488714758	Python: Autoformat	2020-05-05 11:38:17 +02:00
Rasmus Wriedt Larsen	07ae40206f	Python: Don't allow getParameter(-1) for BoundMethodValue As per discussion in the PR	2020-05-05 11:37:10 +02:00
Rasmus Wriedt Larsen	5d5d412b78	Python: Add test of safe methods for py/modification-of-default-value	2020-05-05 11:14:37 +02:00
james	28f51d9d9c	fix js reusable	2020-05-05 10:13:55 +01:00
Rasmus Wriedt Larsen	4da5222255	Python: More safe methods for py/modification-of-default-value Fixes https://github.com/github/codeql/issues/3397	2020-05-05 11:09:05 +02:00
Geoffrey White	31a7e2c34e	C++: Make getAnonymousParameterDescription private.	2020-05-05 10:05:18 +01:00

... 714 715 716 717 718 ...

48840 Commits