codeql

mirror of https://github.com/github/codeql.git synced 2026-01-15 07:24:49 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	aa3482cbae	improve detection of duplicate results with `js/code-injection`	2020-06-10 22:58:02 +02:00
Erik Krogh Kristensen	5142670138	don't import AdditionalSinks, refactor sink out in new HeuristicSinks instead	2020-06-10 22:30:45 +02:00
Mathias Vorreiter Pedersen	a38839b446	C++: Include copy of IntWrapper class with two data members	2020-06-10 22:27:40 +02:00
Mathias Vorreiter Pedersen	ca20f17703	C++: Implement move constructor in terms of swap. I'm haven't found anything online on whether this is good or bad, and the only reason for not doing it might be performance.	2020-06-10 22:16:58 +02:00
Esben Sparre Andreasen	d6ae905eac	JS: remove speculative property access sink from js/server-crash	2020-06-10 21:40:12 +02:00
semmle-qlci	b841cacb83	Merge pull request #3676 from max-schaefer/js/global-access-paths-minor-fixes Approved by erik-krogh	2020-06-10 20:02:55 +01:00
Calum Grant	cd914deeff	Merge pull request #3666 from hvitved/csharp/ir-experimental C#: Move IR code into 'experimental' folder	2020-06-10 19:50:37 +01:00
Erik Krogh Kristensen	373a437d71	add query to detect improperly sanitized code	2020-06-10 19:50:12 +02:00
Owen Mansel-Chan	d8900448ec	Add references to the AST class reference for go	2020-06-10 17:32:41 +01:00
Owen Mansel-Chan	48ff00832c	Add a reference to the AST class reference for go	2020-06-10 17:24:40 +01:00
semmle-qlci	4cdb3c13df	Merge pull request #3658 from RasmusWL/python-3.8-dict-ismapping Approved by tausbn	2020-06-10 17:19:49 +01:00
semmle-qlci	f7c6b1364b	Merge pull request #3640 from RasmusWL/python-handle-3.8-enum-convert Approved by tausbn	2020-06-10 17:19:22 +01:00
Erik Krogh Kristensen	5c31b94761	autoformat and update expected output	2020-06-10 18:00:56 +02:00
Marcono1234	5d2b911596	Fix incorrect java.util.regex.Pattern name in specification	2020-06-10 17:56:57 +02:00
Max Schaefer	0f2186c844	JavaScript: Fix a few typos.	2020-06-10 16:44:24 +01:00
Owen Mansel-Chan	5b2c0fbb04	AST class reference for go The master copy of this file is in the codeql-go repository	2020-06-10 16:42:03 +01:00
Mathias Vorreiter Pedersen	1a95095505	C++: Add default move constructor. Also removed debug comment I forgot to remove earlier. Luckily, that meant that no line numbers changed in .expected files.	2020-06-10 17:13:04 +02:00
Rasmus Wriedt Larsen	ce1f0a39ac	Python: Minor fixup of qhelp for XPath injection	2020-06-10 16:59:40 +02:00
Mathias Vorreiter Pedersen	5abab25c28	Update cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp Co-authored-by: Jonas Jensen <jbj@github.com>	2020-06-10 16:51:21 +02:00
Rasmus Wriedt Larsen	48b2d2cc5c	Python: Make isSequence() and isMapping() tests version specific Since unicode/bytes difference, output can't match between Python 2 and Python 3.	2020-06-10 16:43:56 +02:00
Asger Feldthaus	f23c6030aa	JS: Restrict domValueRef to known DOM property names	2020-06-10 15:14:23 +01:00
Asger Feldthaus	bb2b7fb6fb	JS: Add test with class stored in global variable	2020-06-10 15:14:23 +01:00
Rasmus Wriedt Larsen	721713b9e1	Python: Minor fixes from code review Co-authored-by: Taus <tausbn@gmail.com>	2020-06-10 16:14:21 +02:00
Taus	5b0d92d72b	Merge pull request #3464 from yoff/UnicodeEscape Python: Handle more escapes in regexes	2020-06-10 15:47:09 +02:00
Taus	da6736df37	Merge pull request #3668 from RasmusWL/python-random-modernisations Python: Two small modernisations	2020-06-10 15:45:07 +02:00
Geoffrey White	91b9b78c48	C++: Add a test case for CWE-114 involving pointers and references.	2020-06-10 14:09:46 +01:00
Asger Feldthaus	36c4803694	JS: Add test	2020-06-10 14:08:33 +01:00
Mathias Vorreiter Pedersen	88dabffd2b	C++: Add tests that demonstrate flow through custom swap functions	2020-06-10 15:06:57 +02:00
Asger Feldthaus	07e90ff65f	JS: Autoformat	2020-06-10 14:03:01 +01:00
semmle-qlci	df79f2adc5	Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix Approved by esbena	2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen	1d396524a3	JS: add initial version of ServerCrash.ql	2020-06-10 14:25:56 +02:00
semmle-qlci	1b8f3c4b84	Merge pull request #3657 from hvitved/dataflow/hidden-nodes Approved by aschackmull, jbj	2020-06-10 13:22:09 +01:00
Erik Krogh Kristensen	c4f61134f1	include the source of cryptographically random number in alert message	2020-06-10 13:32:46 +02:00
semmle-qlci	22d50f009e	Merge pull request #3667 from aschackmull/java/compiletimeconstant-cast-eval Approved by aibaars	2020-06-10 12:05:42 +01:00
Bas van Schaik	bf19489501	Update CONTRIBUTING.md	2020-06-10 12:02:24 +01:00
Bas van Schaik	be48daf0d0	Update CONTRIBUTING.md	2020-06-10 11:58:38 +01:00
Erik Krogh Kristensen	7e8fd80327	use steps from InsecureRandomness, and use small-steps	2020-06-10 12:27:50 +02:00
Rasmus Wriedt Larsen	f73876e6ce	Python: Modernise ShouldBeContextManager	2020-06-10 11:53:11 +02:00
Rasmus Wriedt Larsen	37cfb5400d	Python: Modernise RatioOfDefinitions	2020-06-10 11:51:41 +02:00
Anders Schack-Mulligen	4b3ca13f25	Merge pull request #3491 from luchua-bc/java-insecure-smtp-ssl Java: CWE-297 insecure JavaMail SSL configuration	2020-06-10 11:02:50 +02:00
Robert Brignull	ded5eec76a	rename slow-queries.yml to exclude-slow-queries.yml	2020-06-10 09:59:31 +01:00
Anders Schack-Mulligen	c334d72f11	Java: Fix CompileTimeConstantExpr qldoc and add char cast case.	2020-06-10 10:59:10 +02:00
Erik Krogh Kristensen	9029dbacf5	refactor isAdditionalTaintStep to a utility predicate in InsecureRandomness	2020-06-10 10:55:30 +02:00
Erik Krogh Kristensen	9189f23403	add support for secure-random	2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen	16ec405724	add explanations about modulo by power of 2	2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen	111f6d406c	introduce query to detect biased random number generators	2020-06-10 10:00:10 +02:00
Tom Hvitved	70c3ff36f8	C#: Adjust IR imports	2020-06-10 09:54:56 +02:00
Tom Hvitved	d5b8c9728c	Update `identifal-files.json`	2020-06-10 09:40:44 +02:00
Tom Hvitved	3c8735f43f	C#: Move IR code into 'experimental' folder	2020-06-10 09:37:30 +02:00
Erik Krogh Kristensen	733e04c1eb	Move rest-pattern inside property-pattern step to a taint-step	2020-06-10 09:02:22 +02:00

... 126 127 128 129 130 ...

19777 Commits