Mathias Vorreiter Pedersen
8b23461eb5
C++: Update change note.
2020-09-09 12:22:53 +02:00
Geoffrey White
3013ef54ef
C++: Change note.
2020-09-09 11:09:47 +01:00
CodeQL CI
a1cec12377
Merge pull request #4220 from erik-krogh/colonCmd
...
Approved by esbena
2020-09-09 10:13:14 +01:00
Rasmus Wriedt Larsen
038688a55c
Python: Minor updates to 1.25 change notes
...
backporting fixes from `@sj`
2020-09-09 10:34:40 +02:00
Erik Krogh Kristensen
efe3fd7f1e
Update change-notes/1.26/analysis-javascript.md
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2020-09-09 09:41:15 +02:00
Erik Krogh Kristensen
4515d27ad2
Merge branch 'main' of https://github.com/github/codeql into pr/erik-krogh/4220
2020-09-08 14:10:15 +00:00
Erik Krogh Kristensen
38679b6d92
add change note
2020-09-08 14:04:40 +00:00
Anders Schack-Mulligen
02da80aa25
Java: Remove "New Queries" section.
2020-09-08 14:40:33 +02:00
Rasmus Wriedt Larsen
2979f9813e
Python: Add missing change notes
...
I looked through PRs between rc/1.24 and rc/1.25 and added missing change notes for:
- https://github.com/github/codeql/pull/3314
- https://github.com/github/codeql/pull/3302
- https://github.com/github/codeql/pull/3212
- https://github.com/github/codeql/pull/3453
- https://github.com/github/codeql/pull/3407
- https://github.com/github/codeql/pull/3563
```
git log --grep="Merge pull request" --format=oneline rc/1.24..rc/1.25 -- python/
```
2020-09-08 14:27:12 +02:00
Anders Schack-Mulligen
b1e6e3a6f2
Java: Add 1.25 change notes.
2020-09-08 14:18:20 +02:00
Jonas Jensen
464d3630a2
Java: Rename Block -> BlockStmt
2020-09-08 08:40:20 +02:00
Jonas Jensen
ab90f06ddf
C++: Rename Block -> BlockStmt
2020-09-08 08:40:20 +02:00
CodeQL CI
85f6388a19
Merge pull request #4206 from erik-krogh/consistentJquery
...
Approved by esbena
2020-09-07 11:23:23 +01:00
Erik Krogh Kristensen
4175637631
add change note for unsafe-jquery
2020-09-07 11:08:21 +02:00
CodeQL CI
b5872fe848
Merge pull request #3873 from asger-semmle/js/type-qualified-name-fallback
...
Approved by erik-krogh
2020-09-07 09:48:05 +01:00
Jonas Jensen
f92139d2b0
Merge pull request #4202 from geoffw0/localhidesparam
...
C++: Improve handling of template functions in cpp/declaration-hides-parameter
2020-09-04 17:52:35 +02:00
CodeQL CI
58f51899c9
Merge pull request #4173 from erik-krogh/targetBlankFP
...
Approved by esbena
2020-09-04 08:21:22 +01:00
Tom Hvitved
7f18c3377e
Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3
...
C#: Remove assembly prefixes from TRAP labels
2020-09-04 09:20:39 +02:00
Mathias Vorreiter Pedersen
b7774b2a82
Merge pull request #4201 from geoffw0/insert
...
C++: Model iterator versions of string and vector methods
2020-09-03 21:45:36 +02:00
Geoffrey White
5124660831
C++: Change note.
2020-09-03 18:54:27 +01:00
Asger Feldthaus
c05f5c1bc2
JS: Change note
2020-09-03 14:02:08 +01:00
Geoffrey White
50d9a85143
C++: Update change note.
2020-09-03 10:52:27 +01:00
Erik Krogh Kristensen
4fdd2cd794
add change note
2020-09-03 10:06:52 +02:00
Erik Krogh Kristensen
87d39db95f
add change note
2020-09-03 08:58:33 +02:00
Tom Hvitved
701e189c1b
C#: Add change note
2020-09-02 10:52:22 +02:00
Asger F
813d14791d
Merge pull request #4043 from erik-krogh/ts4
...
JS: Add support for TypeScript 4
2020-08-28 14:02:08 +01:00
Calum Grant
93e0bd9d85
Merge pull request #4126 from tamasvajk/feature/array-index
...
C#: Fix computed sizes for implicitly sized array creation
2020-08-28 11:21:39 +01:00
Erik Krogh Kristensen
038cca814a
Merge branch 'main' into ts4
2020-08-28 10:27:49 +02:00
Taus
afe234dade
Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint
...
Python: fstring taint change note should be for 1.26
2020-08-28 10:23:06 +02:00
CodeQL CI
80cb8be405
Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision
...
Approved by esbena
2020-08-28 08:52:58 +01:00
Rasmus Wriedt Larsen
deff36e9af
Python: fstring taint change note should be for 1.26
...
This fixes problem introduced in https://github.com/github/codeql/pull/4127
2020-08-28 09:00:07 +02:00
Asger Feldthaus
e7a0bc6be6
JS: Lower precision of ambiguous HTML ID attribute
2020-08-27 15:51:34 +01:00
Tamas Vajk
18c65e9f73
Fix typo in change notes
2020-08-26 15:57:41 +02:00
Tamas Vajk
3f54e5d310
Add change note
2020-08-26 15:12:11 +02:00
Rasmus Wriedt Larsen
13148b42d3
Python: Handle taint of f-strings
2020-08-24 17:23:10 +02:00
Erik Krogh Kristensen
db57f3661e
Merge branch 'main' into ts4
2020-08-21 15:08:30 +02:00
Geoffrey White
3d171f358a
Merge remote-tracking branch 'upstream/main' into vecmethods
2020-08-20 13:29:28 +01:00
Geoffrey White
acd1437103
C++: Change note.
2020-08-20 10:46:12 +01:00
CodeQL CI
6adedac337
Merge pull request #4096 from erik-krogh/qlMod
...
Approved by esbena
2020-08-20 10:05:30 +01:00
Erik Krogh Kristensen
5b42e242af
add change note for supporting ".cjs" files
2020-08-20 09:18:26 +02:00
Jonas Jensen
b1c0e6f626
Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant
2020-08-20 08:20:31 +02:00
Jonas Jensen
b14bc42756
Merge pull request #4090 from geoffw0/strmethods
...
C++: Model taint through many more methods in std::string
2020-08-19 16:40:46 +02:00
Jonas Jensen
b65f82210f
Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant
2020-08-18 16:51:56 +02:00
Jonas Jensen
a72d05ccdb
C++: Change note for *= and constant *
2020-08-18 15:07:35 +02:00
Tom Hvitved
bc77916246
Merge pull request #4093 from tamasvajk/feature/change-notes
...
C#: Add change notes for C# analysis
2020-08-18 14:35:01 +02:00
Tamas Vajk
6ae53b1865
C#: Add change notes for C# analysis
2020-08-18 11:10:04 +02:00
Geoffrey White
5d485859af
Merge remote-tracking branch 'upstream/main' into
...
uncontrolled-alloc-size
2020-08-17 20:49:35 +01:00
Geoffrey White
be91cec7ad
C++: Add change note.
2020-08-17 20:45:49 +01:00
Geoffrey White
d76b25ec22
C++: Change note.
2020-08-17 17:55:52 +01:00
CodeQL CI
c917cd02bd
Merge pull request #4054 from erik-krogh/urlIncludes
...
Approved by esbena
2020-08-17 13:54:25 +01:00
Geoffrey White
498b350add
Merge remote-tracking branch 'upstream/master' into plus
2020-08-13 18:21:28 +01:00
Erik Krogh Kristensen
dc6943b739
Update change-notes/1.26/analysis-javascript.md
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2020-08-13 11:34:53 +02:00
Jonas Jensen
5e5a112c36
C++: Change note
2020-08-13 08:37:13 +02:00
Erik Krogh Kristensen
dc55ce2bf0
add change note
2020-08-12 14:27:33 +02:00
Erik Krogh Kristensen
211ef61039
add change note
2020-08-12 09:29:34 +02:00
Geoffrey White
50558257fc
C++: Change note.
2020-08-11 17:05:49 +01:00
Jonas Jensen
1f432dc45f
Merge pull request #4023 from geoffw0/loopdir
...
C++: Exclude decrementing unsigned counters from inconsistentLoopDirection.ql
2020-08-10 12:10:29 +02:00
Erik Krogh Kristensen
7670e7da97
retarget change-note for 1.26
2020-08-07 18:17:46 +02:00
Geoffrey White
6e18be43f3
C++: Change note.
2020-08-06 19:27:12 +01:00
Geoffrey White
0281456948
C++: Add a 1.26 change note file (what happened to the templates?)
2020-08-06 19:21:06 +01:00
Erik Krogh Kristensen
b43d410ab1
add change log for JSON serializers
2020-08-05 12:14:56 +02:00
semmle-qlci
5b1d25591e
Merge pull request #3979 from max-schaefer/js/more-comand-injection-models
...
Approved by asgerf
2020-07-30 15:10:46 +01:00
Tom Hvitved
f91043e08e
C#: Add change note
2020-07-29 10:27:40 +02:00
Max Schaefer
91762ec274
JavaScript: Add partial model for `opener`.
...
3.5M weekly downloads.
Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc
JavaScript: Add model for `foreground-child`.
...
>1M weekly downloads, so seems worth doing.
2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea
JavaScript: Model another `execa` function relevant for command injection.
2020-07-27 11:34:04 +01:00
semmle-qlci
bfb734e1d7
Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3
...
Approved by erik-krogh
2020-07-02 08:30:45 +01:00
semmle-qlci
45ef3ec4a8
Merge pull request #3619 from erik-krogh/CWE022-Correctness
...
Approved by asgerf
2020-07-01 20:07:58 +01:00
semmle-qlci
c850938af0
Merge pull request #3833 from asger-semmle/js/vue-class-component
...
Approved by erik-krogh
2020-06-30 13:16:42 +01:00
Asger Feldthaus
fcb365188b
JS: Add change note
2020-06-29 09:59:17 +01:00
ubuntu
bb06014f3d
Add fancy-log
2020-06-28 22:02:02 +02:00
Asger Feldthaus
84d21074e5
JS: Support Vue class components
2020-06-27 21:24:46 +01:00
semmle-qlci
92cc59b47b
Merge pull request #3800 from esbena/js/npmlog
...
Approved by erik-krogh
2020-06-26 07:54:08 +01:00
semmle-qlci
cf0cd00458
Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return
...
Approved by erik-krogh
2020-06-25 15:28:57 +01:00
semmle-qlci
c39dce4d66
Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup
...
Approved by erik-krogh
2020-06-25 14:56:17 +01:00
Esben Sparre Andreasen
4bfce4b8a3
JS: model npmlog (and recognize the "verbose" log level)
2020-06-25 12:06:51 +02:00
Asger Feldthaus
a109c1fc96
JS: Change note
2020-06-25 11:04:08 +01:00
Robert Marsh
3e6a19843d
Merge pull request #3727 from jbj/tainted-format-string-high
...
C++: Raise cpp/tainted-format-string* precisions to high
2020-06-24 15:06:13 -07:00
Asger Feldthaus
e2a300e811
JS: Add change note
2020-06-24 10:33:45 +01:00
Erik Krogh Kristensen
76ed03f75b
update change-note
...
Co-authored-by: Asger F <asgerf@github.com>
2020-06-24 09:30:43 +02:00
Erik Krogh Kristensen
79599b6cc0
add change-note
2020-06-23 15:57:55 +02:00
semmle-qlci
0d61443915
Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing
...
Approved by erik-krogh
2020-06-23 13:01:41 +01:00
Asger Feldthaus
b4f75ef414
Merge branch 'master' into js-team-sprint-merge2
2020-06-23 00:18:09 +01:00
Asger F
ca06f6dfb4
Merge branch 'js-team-sprint' into js/insecure-http-options
2020-06-23 00:16:02 +01:00
Asger F
7d54b02fb9
Merge branch 'js-team-sprint' into js/delay-slow-query-merge
2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen
d4ad9a8bb2
Update change-notes/1.25/analysis-javascript.md
...
Co-authored-by: Asger F <asgerf@github.com>
2020-06-22 14:55:27 +02:00
Esben Sparre Andreasen
9a0bbb31f4
Revert "Merge pull request #3702 from esbena/js/memory-exhaustion"
...
This reverts commit eca5e2df8a
, reversing
changes made to 1548eca994
.
2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen
3be094ea5b
JS: polish js/incomplete-html-attribute-sanitization
2020-06-22 14:35:00 +02:00
Asger Feldthaus
1edb2a1892
JS: Rephrase XSS queries that use exception/dom text as source
2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen
0654823b97
Merge branch 'js-team-sprint' into js/insecure-http-options
2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen
3e898487e8
Apply suggestions from code review
...
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2020-06-22 11:23:40 +02:00
Asger F
eca5e2df8a
Merge pull request #3702 from esbena/js/memory-exhaustion
...
JS: add query js/memory-exhaustion
2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen
0f5ef2c02a
Merge branch 'js-team-sprint' into https-fix
2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen
e46bd709c4
add change note
2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen
a17d152ca4
Merge branch 'js-team-sprint' into priv-file-polish
2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen
7d6dac479c
Merge branch 'js-team-sprint' into https-fix
2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen
dcf617b235
Merge branch 'js-team-sprint' into bad-random-polish
2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen
1556b62007
Merge branch 'js-team-sprint' into priv-file-polish
2020-06-18 16:40:53 +02:00
Esben Sparre Andreasen
3f67e90374
JS: rename query, support timeouts, add documentation, add to suite
2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen
44aa182d0d
Update change-notes/1.25/analysis-javascript.md
...
Co-authored-by: Asger F <asgerf@github.com>
2020-06-18 10:14:16 +02:00