Erik Krogh Kristensen
|
3067231b1a
|
Merge pull request #8253 from erik-krogh/domWrite
JS: merge hasDominatingWrite and hasDominatingAssignment
|
2022-03-15 13:37:00 +01:00 |
|
Erik Krogh Kristensen
|
154d0171d3
|
Merge pull request #8438 from erik-krogh/apiDisable
JS: add some API-nodes to js/disabling-certificate-validation
|
2022-03-15 12:56:59 +01:00 |
|
Chris Smowton
|
451661dd20
|
Improve guard class names
|
2022-03-15 11:46:54 +00:00 |
|
Mathias Vorreiter Pedersen
|
9f014be7c7
|
Merge pull request #8447 from MathiasVP/add-missing-security-severity
C++: Add missing `security-severity` tags
|
2022-03-15 11:29:28 +00:00 |
|
Joe Farebrother
|
8acd8ea01f
|
Merge pull request #8446 from joefarebrother/sensitive-logging
Java: Add security severity to sensitive logging query
|
2022-03-15 11:17:46 +00:00 |
|
Jeroen Ketema
|
157a36bc4f
|
Use node variable in all disjuncts
|
2022-03-15 11:55:35 +01:00 |
|
Jeroen Ketema
|
9a0e94f389
|
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
|
2022-03-15 11:55:34 +01:00 |
|
Mathias Vorreiter Pedersen
|
7337ebd569
|
C++: Add missing 'security-severity' tags.
|
2022-03-15 10:54:36 +00:00 |
|
Mathias Vorreiter Pedersen
|
9642e59349
|
Merge pull request #8382 from MathiasVP/use-taint-configuration-in-three-more-queries
C++: Use a `TaintTracking::Configuration` in three more queries
|
2022-03-15 10:43:05 +00:00 |
|
Joe Farebrother
|
e4a16cc700
|
Add security severity
|
2022-03-15 10:42:41 +00:00 |
|
Tony Torralba
|
6d5414281e
|
Merge pull request #8437 from atorralba/atorralba/missing-security-severity-query
Added MissingSecurityMetadata query
|
2022-03-15 11:42:41 +01:00 |
|
Henry Mercer
|
f38b498eed
|
Merge pull request #8433 from github/henrymercer/js-atm-remove-isEffectiveSinkWithOverridingScore
JS: Remove `isEffectiveSinkWithOverridingScore` from ML-powered libraries
|
2022-03-15 10:04:30 +00:00 |
|
Tony Torralba
|
6f484d3d64
|
Merge pull request #8440 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2022-03-15 10:58:27 +01:00 |
|
Asger Feldthaus
|
d628dc0b52
|
Ruby: sync ApiGraphModels.qll
|
2022-03-15 10:52:41 +01:00 |
|
Asger Feldthaus
|
82750638c6
|
JS: Verify models even if package is not used in database
|
2022-03-15 10:51:44 +01:00 |
|
Tony Torralba
|
fd4c9fd543
|
Cover a missing @tag security when @security-severity is used
|
2022-03-15 10:39:42 +01:00 |
|
Asger Feldthaus
|
a19f06ffc0
|
JS: Port checks to JS
|
2022-03-15 10:35:49 +01:00 |
|
Asger Feldthaus
|
7f8205684e
|
Ruby: verify tokens in identifying access path
|
2022-03-15 10:25:59 +01:00 |
|
Tony Torralba
|
82b2fd2d23
|
Exclude queries without precision
|
2022-03-15 10:22:10 +01:00 |
|
Mathias Vorreiter Pedersen
|
7e0e7d5004
|
Merge branch 'main' into use-taint-configuration-in-three-more-queries
|
2022-03-15 09:06:55 +00:00 |
|
Asger Feldthaus
|
97ca1155c3
|
JS: Sync ApiGraphModels.qll and test
|
2022-03-15 09:29:34 +01:00 |
|
Asger Feldthaus
|
65249dabd3
|
Ruby: add warning for wrong number of columns in CSV row
|
2022-03-15 09:28:21 +01:00 |
|
Erik Krogh Kristensen
|
c7509c4dd3
|
Merge branch 'main' into deadCode
|
2022-03-15 09:19:14 +01:00 |
|
Tony Torralba
|
18165cbb46
|
Exclude examples folder
|
2022-03-15 09:14:11 +01:00 |
|
Jonas Jensen
|
d89c52f4b0
|
Merge pull request #8403 from erik-krogh/noUpper
Rename all upper-case variables, and all lower-case modules
|
2022-03-15 09:00:37 +01:00 |
|
Asger Feldthaus
|
f28acbf3dc
|
Ruby: autoformat
|
2022-03-15 08:15:18 +01:00 |
|
github-actions[bot]
|
b10adfc8da
|
Add changed framework coverage reports
|
2022-03-15 00:13:15 +00:00 |
|
Arthur Baars
|
3311fedda7
|
Merge pull request #8365 from aibaars/qldoc-test
CI: add QLdoc test
|
2022-03-14 23:36:01 +01:00 |
|
Erik Krogh Kristensen
|
195ce9c58a
|
add some API-nodes to js/disabling-certificate-validation
|
2022-03-14 21:33:13 +01:00 |
|
Arthur Baars
|
6a74e761c8
|
Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3
Post-release preparation for codeql-cli-2.8.3
|
2022-03-14 21:05:09 +01:00 |
|
Tom Hvitved
|
d3d20c69dd
|
Merge pull request #8425 from hvitved/csharp/structural-comparision-fix
C#: Avoid combinatorial explosion in structural comparison library
|
2022-03-14 20:10:40 +01:00 |
|
Henry Mercer
|
5102cadf8e
|
Merge pull request #8404 from github/codeql-ci/js-atm-new-release
JS: Bump version numbers of ML-powered packs after 0.1.0 release
|
2022-03-14 17:32:37 +00:00 |
|
Tony Torralba
|
03f3535188
|
Added MissingSecuritySeverity query
|
2022-03-14 17:53:08 +01:00 |
|
Asger Feldthaus
|
fee32d3480
|
Elaborate on qldoc for API::EntryPoint
|
2022-03-14 17:52:07 +01:00 |
|
Asger Feldthaus
|
be65b9bebc
|
Ruby: remove spurious Instance token from getExtraSuccessorFromInvoke
|
2022-03-14 17:39:43 +01:00 |
|
Asger Feldthaus
|
072ad8f4a7
|
Ruby: add (from model) to remote flow description
|
2022-03-14 17:39:17 +01:00 |
|
Asger Feldthaus
|
37bbd46e43
|
Ruby: fix broken comment
|
2022-03-14 17:33:57 +01:00 |
|
Asger Feldthaus
|
c9d7651c59
|
Be explicit about re-exporting
|
2022-03-14 17:26:30 +01:00 |
|
Nick Rolfe
|
488c8ef609
|
Ruby: accept test changes after adding more literals
|
2022-03-14 15:49:22 +00:00 |
|
Nick Rolfe
|
2a892c39ac
|
Ruby: add change note for getConstantValue improvements
|
2022-03-14 15:45:58 +00:00 |
|
Nick Rolfe
|
a39aed52c6
|
Ruby: add more tests for edge cases in parsing of integers
|
2022-03-14 15:45:57 +00:00 |
|
Nick Rolfe
|
6c5868cfb5
|
Ruby: use NumberUtils in parseInteger
And make parse{Binary,Octal,Hex}Int hold only for values in the range
0 to 2^31-1 (incl.)
|
2022-03-14 15:45:57 +00:00 |
|
Nick Rolfe
|
6bd9616c6e
|
Ruby: interpret string escape sequences in getConstantValue()
|
2022-03-14 15:45:57 +00:00 |
|
Michael Nebel
|
bcdbfefb2b
|
Merge pull request #8329 from michaelnebel/csharp/model-generator
C#: Capture Summary models.
|
2022-03-14 16:10:05 +01:00 |
|
Erik Krogh Kristensen
|
c93f29b1a1
|
fix typo in change note
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
|
2022-03-14 16:03:45 +01:00 |
|
Joe Farebrother
|
d4b5eed3e4
|
Merge pull request #8410 from joefarebrother/sensitive-logging
Java: Promote Sensitive Logging query
|
2022-03-14 14:50:26 +00:00 |
|
Henry Mercer
|
8b1b2af2d8
|
JS: Remove isEffectiveSinkWithOverridingScore
This was previously used in the ATM external API query, but is now dead
code.
|
2022-03-14 14:25:36 +00:00 |
|
Erik Krogh Kristensen
|
8c28b93427
|
QL: rename query to ql/name-casing
|
2022-03-14 15:03:58 +01:00 |
|
Erik Krogh Kristensen
|
87987872c6
|
QL: use an/a correctly in the alert message
|
2022-03-14 15:03:07 +01:00 |
|
Erik Krogh Kristensen
|
93fcfc3012
|
QL: use negative char classes to generalize query to detect e.g. underscores
|
2022-03-14 15:00:27 +01:00 |
|