codeql

mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00

Author	SHA1	Message	Date
Joe Farebrother	41b7db144d	Allow for array types in model signatures	2021-02-25 11:40:48 +00:00
Max Schaefer	f93937f40a	Add change note.	2021-02-25 10:51:01 +00:00
Rasmus Lerchedahl Petersen	64c0eaf305	Python: Update test expectations	2021-02-25 11:49:57 +01:00
yoff	f15084254b	Add comment explaining tacky nature of code	2021-02-25 11:49:57 +01:00
Rasmus Lerchedahl Petersen	5b51a3461d	Python: Force read- and store steps to add nodes. This gives muche nicer path explanations on some snapshots. It is achieved by making stepped-to nodes `CastNode`s. This seems somewhat reasonable as types then to change, when we move between content and container. We could probably refine it, though.	2021-02-25 11:49:57 +01:00
Max Schaefer	3fe249f25c	Address review comments.	2021-02-25 10:48:23 +00:00
Erik Krogh Kristensen	de6b604930	cache RemoteFlowSource	2021-02-25 11:41:08 +01:00
Erik Krogh Kristensen	86bc7d3e1a	avoid a ValueNode x TypeTracker join in Hapi::RouteSetup::getARouteHandler	2021-02-25 11:41:08 +01:00
Erik Krogh Kristensen	d35ea7fb15	always get a good join-order in `getAnAliasedSourceNode`	2021-02-25 11:41:08 +01:00
Rasmus Wriedt Larsen	472ff97561	Docs: Add crypto to supported Python frameworks	2021-02-25 11:31:03 +01:00
Rasmus Wriedt Larsen	4610b1b392	Pyhton: Use type back-tracking for keysize on key-generation Internal evaluation showed that this didn't perform better than normal (forward) type-tracking, but it feels more like the right approach.	2021-02-25 11:31:00 +01:00
Rasmus Wriedt Larsen	c195c64982	Python: Use type-tracking for integer literal tracking Like we've done for pretty much everything else. An experiment to see what this means for query performance.	2021-02-25 11:30:56 +01:00
Rasmus Wriedt Larsen	27987717dc	Merge branch 'main' into crypto	2021-02-25 11:30:32 +01:00
Asger Feldthaus	55a1ab5714	JS: Autoformat	2021-02-25 10:20:13 +00:00
Tamas Vajk	a5543c689e	C#: Fix potentially concurrent file moves	2021-02-25 10:35:49 +01:00
Max Schaefer	2e252ba3e4	JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes.	2021-02-25 09:06:58 +00:00
Max Schaefer	ae2a5da63f	JavaScript: Add new tests for recognising receiver of event handler as DOM element.	2021-02-25 09:04:46 +00:00
Jonas Jensen	2b54c33904	Merge pull request #5257 from MathiasVP/doh-its-2021-mathias C++: Turns out we're in 2021 and not 2020.	2021-02-25 09:30:08 +01:00
Rasmus Lerchedahl Petersen	aba22689fa	Python: Add change note	2021-02-25 09:25:17 +01:00
Rasmus Lerchedahl Petersen	86cec40286	Python: update test	2021-02-25 09:22:57 +01:00
Anders Schack-Mulligen	f0d3841369	Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage CWE-1104: Maven POM dependence upon Bintray/JCenter	2021-02-25 09:08:31 +01:00
Rasmus Lerchedahl Petersen	780a6a96f8	Python: Add concept tests	2021-02-25 08:54:42 +01:00
Rasmus Lerchedahl Petersen	41743b6afa	Python: restrict to caught exceptions also modernise code	2021-02-25 07:53:35 +01:00
Rasmus Lerchedahl Petersen	24b51e8851	Merge branch 'main' of github.com:github/codeql into python-port-stacktrace-exosure	2021-02-25 07:24:41 +01:00
Rasmus Lerchedahl Petersen	76f080978a	Python: Add missing QLDoc	2021-02-24 23:35:44 +01:00
Rasmus Lerchedahl Petersen	192988077e	Python: Move `<ul>` outside of `<p>`	2021-02-24 23:28:13 +01:00
Artem Smotrakov	e02b51f42b	Improved SpringHttpInvokerUnsafeDeserialization.qhelp	2021-02-24 22:35:20 +01:00
Artem Smotrakov	aac0c27dcd	Added tests for SpringHttpInvokerUnsafeDeserialization.ql	2021-02-24 22:35:20 +01:00
Artem Smotrakov	95284ad71d	Added SpringHttpInvokerUnsafeDeserialization.qhelp and example	2021-02-24 22:35:20 +01:00
Artem Smotrakov	476309af6d	Added SpringHttpInvokerUnsafeDeserialization.ql	2021-02-24 22:35:20 +01:00
Artem Smotrakov	34b6ed0a05	Removed commented code from JexlUberspect	2021-02-24 22:31:03 +01:00
Rasmus Lerchedahl Petersen	bf3e5fceea	Python: Rearrange directories	2021-02-24 22:07:27 +01:00
Rasmus Lerchedahl Petersen	10657160bc	Python: Improve qlhelp according to review	2021-02-24 22:02:16 +01:00
yoff	89d0724fb4	Update python/change-notes/2021-02-23-port-insecure-default-protocol.md Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-02-24 19:57:49 +01:00
Bas van Schaik	4ede277c7c	Update CODEOWNERS	2021-02-24 18:30:22 +00:00
luchua-bc	e34a203731	Refactor the check of a main method in a test program to improve maintainability	2021-02-24 17:15:08 +00:00
Erik Krogh Kristensen	ea17de6225	prevent join between `getAValue()` and `DefiniteAbstractValue` in AMD.qll	2021-02-24 18:12:55 +01:00
Erik Krogh Kristensen	be26a48a16	use pragma[only_bind_into] to prevent bad join in Ssa::hasLocationInfo	2021-02-24 18:05:57 +01:00
Erik Krogh Kristensen	ccd706ea10	and pragmas to prevent bad join in RemoteFlowSource	2021-02-24 18:05:10 +01:00
Erik Krogh Kristensen	674b9ad4fe	use getALocalSource instead of smallstep in JQuery::legacyObjectSource	2021-02-24 18:04:50 +01:00
Mathias Vorreiter Pedersen	70a953b633	C++: Add change-note.	2021-02-24 18:02:16 +01:00
Mathias Vorreiter Pedersen	ef8b734863	C++: Move tests out of experimental and merge with old existing tests from the other memset PRs.	2021-02-24 18:02:16 +01:00
Mathias Vorreiter Pedersen	c44fbaaf3c	C++: Promote memset query out of experimental.	2021-02-24 18:01:41 +01:00
Erik Krogh Kristensen	69348b1914	remove redundant hasLocationInfo	2021-02-24 18:01:35 +01:00
Erik Krogh Kristensen	8443b8e421	cache Module::getAnExportedValue	2021-02-24 18:01:16 +01:00
Erik Krogh Kristensen	fd9d738d53	use Expr instead of mising DataFlow-nodes and Exprs in charpred	2021-02-24 18:00:55 +01:00
Joe Farebrother	caa6f00292	Switch to CSV based modelling	2021-02-24 16:59:49 +00:00
Erik Krogh Kristensen	8c19f7810d	replace forex with unique in DOM.qll	2021-02-24 17:59:38 +01:00
Jonathan Leitschuh	237fefbcf1	Add release notes	2021-02-24 11:19:20 -05:00
Mathias Vorreiter Pedersen	fc4162ba1a	C++: Turns out we're in 2021 and not 2020.	2021-02-24 17:15:51 +01:00

... 22 23 24 25 26 ...

21651 Commits