codeql

mirror of https://github.com/github/codeql.git synced 2026-02-22 01:43:41 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	6bab41ce8b	Merge pull request #5350 from JarLob/actions github actions queries	2021-03-18 14:46:25 +01:00
Erik Krogh Kristensen	f94f82a0dc	use getAChainedMethodCall	2021-03-18 14:35:10 +01:00
Erik Krogh Kristensen	38a9c71380	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2021-03-18 14:33:13 +01:00
Erik Krogh Kristensen	0e98ea0c10	remove spurious import of PackageExports	2021-03-18 14:09:08 +01:00
Nick Rolfe	4ce7faf868	Fix erroneous flow from 'raise' call to StmtSequence	2021-03-18 13:01:27 +00:00
Erik Krogh Kristensen	67a5831ac0	update expected output	2021-03-18 13:59:44 +01:00
Erik Krogh Kristensen	c0bb169342	recognize a `src/index.js` file as a main module for a package	2021-03-18 13:41:36 +01:00
Erik Krogh Kristensen	add0c88530	loosen the requirement that the `package.json` file must be the top-most `package.json`	2021-03-18 13:39:12 +01:00
Erik Krogh Kristensen	d998d06b94	add link to source in alert-message for js/shell-command-constructed-from-input	2021-03-18 13:37:18 +01:00
Mathias Vorreiter Pedersen	c0e1df47a6	Merge pull request #5431 from MathiasVP/av-rule-79-use-gvn C++: Use GVN in AV Rule 79	2021-03-18 12:35:26 +01:00
Nick Rolfe	ceda7c8fd2	Generalise splitting of parenthesized exprs to all statement sequences	2021-03-18 11:21:11 +00:00
CodeQL CI	3b34bfd1c6	Merge pull request #5432 from asgerf/js/more-string-steps Approved by erik-krogh	2021-03-18 04:16:07 -07:00
Nick Rolfe	c8eab42c1d	Minor comment fixes	2021-03-18 11:09:21 +00:00
Rasmus Wriedt Larsen	42b2c3ed52	Python: Model C-based loaders for PyYAML Not really that important. But easy to do while I was working on this library.	2021-03-18 11:55:01 +01:00
Rasmus Wriedt Larsen	54e6f51512	Python: Add example of C-based PyYAML loaders ``` In [6]: yaml.load("!!python/object/new:os.system [echo EXPLOIT!]", yaml.CLoader) EXPLOIT! Out[6]: 0 ```	2021-03-18 11:50:59 +01:00
Rasmus Wriedt Larsen	25b15d7470	Python: Move PyYAML modeling classes within module For now, this is how we're trying to structure things -- all in all it doesn't matter too much, since everything is still marked as private.	2021-03-18 11:48:30 +01:00
Rasmus Wriedt Larsen	5ec8511d50	Python: Port PyYAML model to API graphs	2021-03-18 11:47:46 +01:00
Porcuiney Hairs	a88c3682ff	remove sanitiserGuards	2021-03-18 16:12:00 +05:30
Porcuiney Hairs	84c9137152	Include suggestions from review	2021-03-18 16:12:00 +05:30
porcupineyhairs	f27d2bdf6d	Update java/ql/src/experimental/semmle/code/java/Logging.qll Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-03-18 16:12:00 +05:30
Porcuiney Hairs	d0c82d3756	Add flogger and android logging support	2021-03-18 16:12:00 +05:30
Porcuiney Hairs	17d7ba8049	Add Log Injection Vulnerability	2021-03-18 16:12:00 +05:30
Rasmus Wriedt Larsen	14e9bda5de	Python: Refactor PyYAML tests a bit	2021-03-18 11:39:47 +01:00
Rasmus Wriedt Larsen	45a1fc6a96	Python: Add link to better PyYAML docs I found this randomly	2021-03-18 11:20:22 +01:00
Asger Feldthaus	e30fa89405	JS: Update more test expectations	2021-03-18 10:04:39 +00:00
Erik Krogh Kristensen	8b931626ce	add edge from root type MkHasUnderlyingType	2021-03-18 11:04:08 +01:00
Rasmus Wriedt Larsen	7b92012edf	Python: Apply suggestions from code review Co-authored-by: yoff <lerchedahl@gmail.com>	2021-03-18 10:58:49 +01:00
Jaroslav Lobačevski	a9ed3317bf	Fix regex per suggestion	2021-03-18 11:54:55 +02:00
Erik Krogh Kristensen	40ec23cf13	refactor MkHasUnderlyingType to use Label::instance()	2021-03-18 10:47:38 +01:00
Tom Hvitved	3bb2c529a5	CFG: Revert change to mandatory parameters	2021-03-18 10:43:10 +01:00
Arthur Baars	d4030c66d8	Update Consistency.qll	2021-03-18 09:54:44 +01:00
Mathias Vorreiter Pedersen	2abf4c068f	C++: Use getAnExpr. Also extend the other recursive case similarly.	2021-03-18 08:42:10 +01:00
Tom Hvitved	c761ab6882	Merge pull request #156 from github/hvitved/ipa-ast Make external `AstNode` an IPA type	2021-03-17 22:23:05 +01:00
Nick Rolfe	32e2b257bf	Port CFG implementation to public AST interface	2021-03-17 20:28:47 +00:00
Nick Rolfe	26c251f080	Order CFG nodes by column as well	2021-03-17 19:07:52 +00:00
Erik Krogh Kristensen	b2d6982318	add change note	2021-03-17 19:17:23 +01:00
Erik Krogh Kristensen	3995ff322d	add models for `koa-route` and `koa-router`	2021-03-17 19:17:20 +01:00
Jaroslav Lobačevski	7b6773c96a	Update javascript/ql/src/experimental/semmle/javascript/Actions.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-03-17 19:49:03 +02:00
CodeQL CI	1d9f8c2d37	Merge pull request #5427 from RasmusWL/use-new-builtin-modeling Approved by yoff	2021-03-17 09:07:36 -07:00
Jaroslav Lobačevski	e3bf308952	Removed positive lookbehind	2021-03-17 17:32:10 +02:00
Mathias Vorreiter Pedersen	834e35f192	C++: Add change-note.	2021-03-17 16:26:15 +01:00
Asger Feldthaus	ae410aabd6	JS: Add change note	2021-03-17 15:24:10 +00:00
Asger Feldthaus	e4d891cab5	JS: Add tests for flow through replace	2021-03-17 15:20:40 +00:00
Asger Feldthaus	9cfbb90591	JS: Add test case for insufficient replace-sanitizer	2021-03-17 15:20:40 +00:00
Asger Feldthaus	198bdcab26	JS: Make XSS MetacharEscapeSanitizer more precise	2021-03-17 15:20:40 +00:00
Asger Feldthaus	effa52f9e1	JS: Step through string replace callbacks	2021-03-17 15:15:49 +00:00
CodeQL CI	7c20c4a664	Merge pull request #5396 from asgerf/js/shared-taint-step Approved by erik-krogh, esbena	2021-03-17 08:07:20 -07:00
Mathias Vorreiter Pedersen	a3f806bb1d	Use GVN in AV rule 79.	2021-03-17 16:01:49 +01:00
Rasmus Wriedt Larsen	d426f1efaf	Docs: Highlight need for explicit import of DataFlow lib at least in some langauges	2021-03-17 16:01:20 +01:00
yoff	514c9efcdd	Merge pull request #5426 from RasmusWL/insecure-default-protocl-tests-are-also-py3 Python: Also test py/insecure-default-protocol on Python 3	2021-03-17 15:59:00 +01:00

... 239 240 241 242 243 ...

33872 Commits