Граф коммитов

1667 Коммитов

Автор SHA1 Сообщение Дата
Mathias Vorreiter Pedersen 8b23461eb5 C++: Update change note. 2020-09-09 12:22:53 +02:00
Geoffrey White 3013ef54ef C++: Change note. 2020-09-09 11:09:47 +01:00
CodeQL CI a1cec12377
Merge pull request #4220 from erik-krogh/colonCmd
Approved by esbena
2020-09-09 10:13:14 +01:00
Rasmus Wriedt Larsen 038688a55c
Python: Minor updates to 1.25 change notes
backporting fixes from `@sj`
2020-09-09 10:34:40 +02:00
Erik Krogh Kristensen efe3fd7f1e
Update change-notes/1.26/analysis-javascript.md
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2020-09-09 09:41:15 +02:00
Erik Krogh Kristensen 4515d27ad2 Merge branch 'main' of https://github.com/github/codeql into pr/erik-krogh/4220 2020-09-08 14:10:15 +00:00
Erik Krogh Kristensen 38679b6d92 add change note 2020-09-08 14:04:40 +00:00
Anders Schack-Mulligen 02da80aa25 Java: Remove "New Queries" section. 2020-09-08 14:40:33 +02:00
Rasmus Wriedt Larsen 2979f9813e Python: Add missing change notes
I looked through PRs between rc/1.24 and rc/1.25 and added missing change notes for:

- https://github.com/github/codeql/pull/3314
- https://github.com/github/codeql/pull/3302
- https://github.com/github/codeql/pull/3212
- https://github.com/github/codeql/pull/3453
- https://github.com/github/codeql/pull/3407
- https://github.com/github/codeql/pull/3563

```
git log --grep="Merge pull request" --format=oneline rc/1.24..rc/1.25 -- python/
```
2020-09-08 14:27:12 +02:00
Anders Schack-Mulligen b1e6e3a6f2 Java: Add 1.25 change notes. 2020-09-08 14:18:20 +02:00
Jonas Jensen 464d3630a2 Java: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Jonas Jensen ab90f06ddf C++: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
CodeQL CI 85f6388a19
Merge pull request #4206 from erik-krogh/consistentJquery
Approved by esbena
2020-09-07 11:23:23 +01:00
Erik Krogh Kristensen 4175637631 add change note for unsafe-jquery 2020-09-07 11:08:21 +02:00
CodeQL CI b5872fe848
Merge pull request #3873 from asger-semmle/js/type-qualified-name-fallback
Approved by erik-krogh
2020-09-07 09:48:05 +01:00
Jonas Jensen f92139d2b0
Merge pull request #4202 from geoffw0/localhidesparam
C++: Improve handling of template functions in cpp/declaration-hides-parameter
2020-09-04 17:52:35 +02:00
CodeQL CI 58f51899c9
Merge pull request #4173 from erik-krogh/targetBlankFP
Approved by esbena
2020-09-04 08:21:22 +01:00
Tom Hvitved 7f18c3377e
Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3
C#: Remove assembly prefixes from TRAP labels
2020-09-04 09:20:39 +02:00
Mathias Vorreiter Pedersen b7774b2a82
Merge pull request #4201 from geoffw0/insert
C++: Model iterator versions of string and vector methods
2020-09-03 21:45:36 +02:00
Geoffrey White 5124660831 C++: Change note. 2020-09-03 18:54:27 +01:00
Asger Feldthaus c05f5c1bc2 JS: Change note 2020-09-03 14:02:08 +01:00
Geoffrey White 50d9a85143 C++: Update change note. 2020-09-03 10:52:27 +01:00
Erik Krogh Kristensen 4fdd2cd794 add change note 2020-09-03 10:06:52 +02:00
Erik Krogh Kristensen 87d39db95f add change note 2020-09-03 08:58:33 +02:00
Tom Hvitved 701e189c1b C#: Add change note 2020-09-02 10:52:22 +02:00
Asger F 813d14791d
Merge pull request #4043 from erik-krogh/ts4
JS: Add support for TypeScript 4
2020-08-28 14:02:08 +01:00
Calum Grant 93e0bd9d85
Merge pull request #4126 from tamasvajk/feature/array-index
C#: Fix computed sizes for implicitly sized array creation
2020-08-28 11:21:39 +01:00
Erik Krogh Kristensen 038cca814a Merge branch 'main' into ts4 2020-08-28 10:27:49 +02:00
Taus afe234dade
Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint
Python: fstring taint change note should be for 1.26
2020-08-28 10:23:06 +02:00
CodeQL CI 80cb8be405
Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision
Approved by esbena
2020-08-28 08:52:58 +01:00
Rasmus Wriedt Larsen deff36e9af Python: fstring taint change note should be for 1.26
This fixes problem introduced in https://github.com/github/codeql/pull/4127
2020-08-28 09:00:07 +02:00
Asger Feldthaus e7a0bc6be6 JS: Lower precision of ambiguous HTML ID attribute 2020-08-27 15:51:34 +01:00
Tamas Vajk 18c65e9f73 Fix typo in change notes 2020-08-26 15:57:41 +02:00
Tamas Vajk 3f54e5d310 Add change note 2020-08-26 15:12:11 +02:00
Rasmus Wriedt Larsen 13148b42d3 Python: Handle taint of f-strings 2020-08-24 17:23:10 +02:00
Erik Krogh Kristensen db57f3661e Merge branch 'main' into ts4 2020-08-21 15:08:30 +02:00
Geoffrey White 3d171f358a Merge remote-tracking branch 'upstream/main' into vecmethods 2020-08-20 13:29:28 +01:00
Geoffrey White acd1437103 C++: Change note. 2020-08-20 10:46:12 +01:00
CodeQL CI 6adedac337
Merge pull request #4096 from erik-krogh/qlMod
Approved by esbena
2020-08-20 10:05:30 +01:00
Erik Krogh Kristensen 5b42e242af add change note for supporting ".cjs" files 2020-08-20 09:18:26 +02:00
Jonas Jensen b1c0e6f626 Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-20 08:20:31 +02:00
Jonas Jensen b14bc42756
Merge pull request #4090 from geoffw0/strmethods
C++: Model taint through many more methods in std::string
2020-08-19 16:40:46 +02:00
Jonas Jensen b65f82210f Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-18 16:51:56 +02:00
Jonas Jensen a72d05ccdb C++: Change note for *= and constant * 2020-08-18 15:07:35 +02:00
Tom Hvitved bc77916246
Merge pull request #4093 from tamasvajk/feature/change-notes
C#: Add change notes for C# analysis
2020-08-18 14:35:01 +02:00
Tamas Vajk 6ae53b1865 C#: Add change notes for C# analysis 2020-08-18 11:10:04 +02:00
Geoffrey White 5d485859af Merge remote-tracking branch 'upstream/main' into
uncontrolled-alloc-size
2020-08-17 20:49:35 +01:00
Geoffrey White be91cec7ad C++: Add change note. 2020-08-17 20:45:49 +01:00
Geoffrey White d76b25ec22 C++: Change note. 2020-08-17 17:55:52 +01:00
CodeQL CI c917cd02bd
Merge pull request #4054 from erik-krogh/urlIncludes
Approved by esbena
2020-08-17 13:54:25 +01:00
Geoffrey White 498b350add Merge remote-tracking branch 'upstream/master' into plus 2020-08-13 18:21:28 +01:00
Erik Krogh Kristensen dc6943b739
Update change-notes/1.26/analysis-javascript.md
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2020-08-13 11:34:53 +02:00
Jonas Jensen 5e5a112c36 C++: Change note 2020-08-13 08:37:13 +02:00
Erik Krogh Kristensen dc55ce2bf0 add change note 2020-08-12 14:27:33 +02:00
Erik Krogh Kristensen 211ef61039 add change note 2020-08-12 09:29:34 +02:00
Geoffrey White 50558257fc C++: Change note. 2020-08-11 17:05:49 +01:00
Jonas Jensen 1f432dc45f
Merge pull request #4023 from geoffw0/loopdir
C++: Exclude decrementing unsigned counters from inconsistentLoopDirection.ql
2020-08-10 12:10:29 +02:00
Erik Krogh Kristensen 7670e7da97 retarget change-note for 1.26 2020-08-07 18:17:46 +02:00
Geoffrey White 6e18be43f3 C++: Change note. 2020-08-06 19:27:12 +01:00
Geoffrey White 0281456948 C++: Add a 1.26 change note file (what happened to the templates?) 2020-08-06 19:21:06 +01:00
Erik Krogh Kristensen b43d410ab1 add change log for JSON serializers 2020-08-05 12:14:56 +02:00
semmle-qlci 5b1d25591e
Merge pull request #3979 from max-schaefer/js/more-comand-injection-models
Approved by asgerf
2020-07-30 15:10:46 +01:00
Tom Hvitved f91043e08e C#: Add change note 2020-07-29 10:27:40 +02:00
Max Schaefer 91762ec274 JavaScript: Add partial model for `opener`.
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
2020-07-27 11:42:32 +01:00
Max Schaefer 9aa26fa4bc JavaScript: Add model for `foreground-child`.
>1M weekly downloads, so seems worth doing.
2020-07-27 11:37:06 +01:00
Max Schaefer 2f842042ea JavaScript: Model another `execa` function relevant for command injection. 2020-07-27 11:34:04 +01:00
semmle-qlci bfb734e1d7
Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3
Approved by erik-krogh
2020-07-02 08:30:45 +01:00
semmle-qlci 45ef3ec4a8
Merge pull request #3619 from erik-krogh/CWE022-Correctness
Approved by asgerf
2020-07-01 20:07:58 +01:00
semmle-qlci c850938af0
Merge pull request #3833 from asger-semmle/js/vue-class-component
Approved by erik-krogh
2020-06-30 13:16:42 +01:00
Asger Feldthaus fcb365188b JS: Add change note 2020-06-29 09:59:17 +01:00
ubuntu bb06014f3d Add fancy-log 2020-06-28 22:02:02 +02:00
Asger Feldthaus 84d21074e5 JS: Support Vue class components 2020-06-27 21:24:46 +01:00
semmle-qlci 92cc59b47b
Merge pull request #3800 from esbena/js/npmlog
Approved by erik-krogh
2020-06-26 07:54:08 +01:00
semmle-qlci cf0cd00458
Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return
Approved by erik-krogh
2020-06-25 15:28:57 +01:00
semmle-qlci c39dce4d66
Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup
Approved by erik-krogh
2020-06-25 14:56:17 +01:00
Esben Sparre Andreasen 4bfce4b8a3 JS: model npmlog (and recognize the "verbose" log level) 2020-06-25 12:06:51 +02:00
Asger Feldthaus a109c1fc96 JS: Change note 2020-06-25 11:04:08 +01:00
Robert Marsh 3e6a19843d
Merge pull request #3727 from jbj/tainted-format-string-high
C++: Raise cpp/tainted-format-string* precisions to high
2020-06-24 15:06:13 -07:00
Asger Feldthaus e2a300e811 JS: Add change note 2020-06-24 10:33:45 +01:00
Erik Krogh Kristensen 76ed03f75b
update change-note
Co-authored-by: Asger F <asgerf@github.com>
2020-06-24 09:30:43 +02:00
Erik Krogh Kristensen 79599b6cc0 add change-note 2020-06-23 15:57:55 +02:00
semmle-qlci 0d61443915
Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing
Approved by erik-krogh
2020-06-23 13:01:41 +01:00
Asger Feldthaus b4f75ef414 Merge branch 'master' into js-team-sprint-merge2 2020-06-23 00:18:09 +01:00
Asger F ca06f6dfb4
Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
Asger F 7d54b02fb9
Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen d4ad9a8bb2
Update change-notes/1.25/analysis-javascript.md
Co-authored-by: Asger F <asgerf@github.com>
2020-06-22 14:55:27 +02:00
Esben Sparre Andreasen 9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion"
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen 3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Asger Feldthaus 1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen 0654823b97
Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen 3e898487e8
Apply suggestions from code review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2020-06-22 11:23:40 +02:00
Asger F eca5e2df8a
Merge pull request #3702 from esbena/js/memory-exhaustion
JS: add query js/memory-exhaustion
2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen 0f5ef2c02a
Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen e46bd709c4 add change note 2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen a17d152ca4
Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen 7d6dac479c
Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen dcf617b235
Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen 1556b62007 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-18 16:40:53 +02:00
Esben Sparre Andreasen 3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen 44aa182d0d
Update change-notes/1.25/analysis-javascript.md
Co-authored-by: Asger F <asgerf@github.com>
2020-06-18 10:14:16 +02:00