codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Rasmus Wriedt Larsen	038688a55c	Python: Minor updates to 1.25 change notes backporting fixes from `@sj`	2020-09-09 10:34:40 +02:00
Erik Krogh Kristensen	efe3fd7f1e	Update change-notes/1.26/analysis-javascript.md Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-09-09 09:41:15 +02:00
Erik Krogh Kristensen	4515d27ad2	Merge branch 'main' of https://github.com/github/codeql into pr/erik-krogh/4220	2020-09-08 14:10:15 +00:00
Erik Krogh Kristensen	38679b6d92	add change note	2020-09-08 14:04:40 +00:00
Anders Schack-Mulligen	02da80aa25	Java: Remove "New Queries" section.	2020-09-08 14:40:33 +02:00
Rasmus Wriedt Larsen	2979f9813e	Python: Add missing change notes I looked through PRs between rc/1.24 and rc/1.25 and added missing change notes for: - https://github.com/github/codeql/pull/3314 - https://github.com/github/codeql/pull/3302 - https://github.com/github/codeql/pull/3212 - https://github.com/github/codeql/pull/3453 - https://github.com/github/codeql/pull/3407 - https://github.com/github/codeql/pull/3563 ``` git log --grep="Merge pull request" --format=oneline rc/1.24..rc/1.25 -- python/ ```	2020-09-08 14:27:12 +02:00
Anders Schack-Mulligen	b1e6e3a6f2	Java: Add 1.25 change notes.	2020-09-08 14:18:20 +02:00
Jonas Jensen	464d3630a2	Java: Rename Block -> BlockStmt	2020-09-08 08:40:20 +02:00
Jonas Jensen	ab90f06ddf	C++: Rename Block -> BlockStmt	2020-09-08 08:40:20 +02:00
CodeQL CI	85f6388a19	Merge pull request #4206 from erik-krogh/consistentJquery Approved by esbena	2020-09-07 11:23:23 +01:00
Erik Krogh Kristensen	4175637631	add change note for unsafe-jquery	2020-09-07 11:08:21 +02:00
CodeQL CI	b5872fe848	Merge pull request #3873 from asger-semmle/js/type-qualified-name-fallback Approved by erik-krogh	2020-09-07 09:48:05 +01:00
Jonas Jensen	f92139d2b0	Merge pull request #4202 from geoffw0/localhidesparam C++: Improve handling of template functions in cpp/declaration-hides-parameter	2020-09-04 17:52:35 +02:00
CodeQL CI	58f51899c9	Merge pull request #4173 from erik-krogh/targetBlankFP Approved by esbena	2020-09-04 08:21:22 +01:00
Tom Hvitved	7f18c3377e	Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 C#: Remove assembly prefixes from TRAP labels	2020-09-04 09:20:39 +02:00
Mathias Vorreiter Pedersen	b7774b2a82	Merge pull request #4201 from geoffw0/insert C++: Model iterator versions of string and vector methods	2020-09-03 21:45:36 +02:00
Geoffrey White	5124660831	C++: Change note.	2020-09-03 18:54:27 +01:00
Asger Feldthaus	c05f5c1bc2	JS: Change note	2020-09-03 14:02:08 +01:00
Geoffrey White	50d9a85143	C++: Update change note.	2020-09-03 10:52:27 +01:00
Erik Krogh Kristensen	4fdd2cd794	add change note	2020-09-03 10:06:52 +02:00
Erik Krogh Kristensen	87d39db95f	add change note	2020-09-03 08:58:33 +02:00
Tom Hvitved	701e189c1b	C#: Add change note	2020-09-02 10:52:22 +02:00
Asger F	813d14791d	Merge pull request #4043 from erik-krogh/ts4 JS: Add support for TypeScript 4	2020-08-28 14:02:08 +01:00
Calum Grant	93e0bd9d85	Merge pull request #4126 from tamasvajk/feature/array-index C#: Fix computed sizes for implicitly sized array creation	2020-08-28 11:21:39 +01:00
Erik Krogh Kristensen	038cca814a	Merge branch 'main' into ts4	2020-08-28 10:27:49 +02:00
Taus	afe234dade	Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint Python: fstring taint change note should be for 1.26	2020-08-28 10:23:06 +02:00
CodeQL CI	80cb8be405	Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision Approved by esbena	2020-08-28 08:52:58 +01:00
Rasmus Wriedt Larsen	deff36e9af	Python: fstring taint change note should be for 1.26 This fixes problem introduced in https://github.com/github/codeql/pull/4127	2020-08-28 09:00:07 +02:00
Asger Feldthaus	e7a0bc6be6	JS: Lower precision of ambiguous HTML ID attribute	2020-08-27 15:51:34 +01:00
Tamas Vajk	18c65e9f73	Fix typo in change notes	2020-08-26 15:57:41 +02:00
Tamas Vajk	3f54e5d310	Add change note	2020-08-26 15:12:11 +02:00
Rasmus Wriedt Larsen	13148b42d3	Python: Handle taint of f-strings	2020-08-24 17:23:10 +02:00
Erik Krogh Kristensen	db57f3661e	Merge branch 'main' into ts4	2020-08-21 15:08:30 +02:00
Geoffrey White	3d171f358a	Merge remote-tracking branch 'upstream/main' into vecmethods	2020-08-20 13:29:28 +01:00
Geoffrey White	acd1437103	C++: Change note.	2020-08-20 10:46:12 +01:00
CodeQL CI	6adedac337	Merge pull request #4096 from erik-krogh/qlMod Approved by esbena	2020-08-20 10:05:30 +01:00
Erik Krogh Kristensen	5b42e242af	add change note for supporting ".cjs" files	2020-08-20 09:18:26 +02:00
Jonas Jensen	b1c0e6f626	Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant	2020-08-20 08:20:31 +02:00
Jonas Jensen	b14bc42756	Merge pull request #4090 from geoffw0/strmethods C++: Model taint through many more methods in std::string	2020-08-19 16:40:46 +02:00
Jonas Jensen	b65f82210f	Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant	2020-08-18 16:51:56 +02:00
Jonas Jensen	a72d05ccdb	C++: Change note for = and constant	2020-08-18 15:07:35 +02:00
Tom Hvitved	bc77916246	Merge pull request #4093 from tamasvajk/feature/change-notes C#: Add change notes for C# analysis	2020-08-18 14:35:01 +02:00
Tamas Vajk	6ae53b1865	C#: Add change notes for C# analysis	2020-08-18 11:10:04 +02:00
Geoffrey White	5d485859af	Merge remote-tracking branch 'upstream/main' into uncontrolled-alloc-size	2020-08-17 20:49:35 +01:00
Geoffrey White	be91cec7ad	C++: Add change note.	2020-08-17 20:45:49 +01:00
Geoffrey White	d76b25ec22	C++: Change note.	2020-08-17 17:55:52 +01:00
CodeQL CI	c917cd02bd	Merge pull request #4054 from erik-krogh/urlIncludes Approved by esbena	2020-08-17 13:54:25 +01:00
Geoffrey White	498b350add	Merge remote-tracking branch 'upstream/master' into plus	2020-08-13 18:21:28 +01:00
Erik Krogh Kristensen	dc6943b739	Update change-notes/1.26/analysis-javascript.md Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-08-13 11:34:53 +02:00
Jonas Jensen	5e5a112c36	C++: Change note	2020-08-13 08:37:13 +02:00
Erik Krogh Kristensen	dc55ce2bf0	add change note	2020-08-12 14:27:33 +02:00
Erik Krogh Kristensen	211ef61039	add change note	2020-08-12 09:29:34 +02:00
Geoffrey White	50558257fc	C++: Change note.	2020-08-11 17:05:49 +01:00
Jonas Jensen	1f432dc45f	Merge pull request #4023 from geoffw0/loopdir C++: Exclude decrementing unsigned counters from inconsistentLoopDirection.ql	2020-08-10 12:10:29 +02:00
Erik Krogh Kristensen	7670e7da97	retarget change-note for 1.26	2020-08-07 18:17:46 +02:00
Geoffrey White	6e18be43f3	C++: Change note.	2020-08-06 19:27:12 +01:00
Geoffrey White	0281456948	C++: Add a 1.26 change note file (what happened to the templates?)	2020-08-06 19:21:06 +01:00
Erik Krogh Kristensen	b43d410ab1	add change log for JSON serializers	2020-08-05 12:14:56 +02:00
semmle-qlci	5b1d25591e	Merge pull request #3979 from max-schaefer/js/more-comand-injection-models Approved by asgerf	2020-07-30 15:10:46 +01:00
Tom Hvitved	f91043e08e	C#: Add change note	2020-07-29 10:27:40 +02:00
Max Schaefer	91762ec274	JavaScript: Add partial model for `opener`. 3.5M weekly downloads. Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.	2020-07-27 11:42:32 +01:00
Max Schaefer	9aa26fa4bc	JavaScript: Add model for `foreground-child`. >1M weekly downloads, so seems worth doing.	2020-07-27 11:37:06 +01:00
Max Schaefer	2f842042ea	JavaScript: Model another `execa` function relevant for command injection.	2020-07-27 11:34:04 +01:00
semmle-qlci	bfb734e1d7	Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 Approved by erik-krogh	2020-07-02 08:30:45 +01:00
semmle-qlci	45ef3ec4a8	Merge pull request #3619 from erik-krogh/CWE022-Correctness Approved by asgerf	2020-07-01 20:07:58 +01:00
semmle-qlci	c850938af0	Merge pull request #3833 from asger-semmle/js/vue-class-component Approved by erik-krogh	2020-06-30 13:16:42 +01:00
Asger Feldthaus	fcb365188b	JS: Add change note	2020-06-29 09:59:17 +01:00
ubuntu	bb06014f3d	Add fancy-log	2020-06-28 22:02:02 +02:00
Asger Feldthaus	84d21074e5	JS: Support Vue class components	2020-06-27 21:24:46 +01:00
semmle-qlci	92cc59b47b	Merge pull request #3800 from esbena/js/npmlog Approved by erik-krogh	2020-06-26 07:54:08 +01:00
semmle-qlci	cf0cd00458	Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return Approved by erik-krogh	2020-06-25 15:28:57 +01:00
semmle-qlci	c39dce4d66	Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup Approved by erik-krogh	2020-06-25 14:56:17 +01:00
Esben Sparre Andreasen	4bfce4b8a3	JS: model npmlog (and recognize the "verbose" log level)	2020-06-25 12:06:51 +02:00
Asger Feldthaus	a109c1fc96	JS: Change note	2020-06-25 11:04:08 +01:00
Robert Marsh	3e6a19843d	Merge pull request #3727 from jbj/tainted-format-string-high C++: Raise cpp/tainted-format-string* precisions to high	2020-06-24 15:06:13 -07:00
Asger Feldthaus	e2a300e811	JS: Add change note	2020-06-24 10:33:45 +01:00
Erik Krogh Kristensen	76ed03f75b	update change-note Co-authored-by: Asger F <asgerf@github.com>	2020-06-24 09:30:43 +02:00
Erik Krogh Kristensen	79599b6cc0	add change-note	2020-06-23 15:57:55 +02:00
semmle-qlci	0d61443915	Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing Approved by erik-krogh	2020-06-23 13:01:41 +01:00
Asger Feldthaus	b4f75ef414	Merge branch 'master' into js-team-sprint-merge2	2020-06-23 00:18:09 +01:00
Asger F	ca06f6dfb4	Merge branch 'js-team-sprint' into js/insecure-http-options	2020-06-23 00:16:02 +01:00
Asger F	7d54b02fb9	Merge branch 'js-team-sprint' into js/delay-slow-query-merge	2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen	d4ad9a8bb2	Update change-notes/1.25/analysis-javascript.md Co-authored-by: Asger F <asgerf@github.com>	2020-06-22 14:55:27 +02:00
Esben Sparre Andreasen	9a0bbb31f4	Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" This reverts commit `eca5e2df8a`, reversing changes made to `1548eca994`.	2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen	3be094ea5b	JS: polish js/incomplete-html-attribute-sanitization	2020-06-22 14:35:00 +02:00
Asger Feldthaus	1edb2a1892	JS: Rephrase XSS queries that use exception/dom text as source	2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen	0654823b97	Merge branch 'js-team-sprint' into js/insecure-http-options	2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen	3e898487e8	Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2020-06-22 11:23:40 +02:00
Asger F	eca5e2df8a	Merge pull request #3702 from esbena/js/memory-exhaustion JS: add query js/memory-exhaustion	2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen	0f5ef2c02a	Merge branch 'js-team-sprint' into https-fix	2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen	e46bd709c4	add change note	2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen	a17d152ca4	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen	7d6dac479c	Merge branch 'js-team-sprint' into https-fix	2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen	dcf617b235	Merge branch 'js-team-sprint' into bad-random-polish	2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen	1556b62007	Merge branch 'js-team-sprint' into priv-file-polish	2020-06-18 16:40:53 +02:00
Esben Sparre Andreasen	3f67e90374	JS: rename query, support timeouts, add documentation, add to suite	2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen	44aa182d0d	Update change-notes/1.25/analysis-javascript.md Co-authored-by: Asger F <asgerf@github.com>	2020-06-18 10:14:16 +02:00
Esben Sparre Andreasen	5e31f3a34e	JS: polish js/disabling-certificate-validation	2020-06-18 09:07:08 +02:00
Erik Krogh Kristensen	7a1c161e9e	Merge branch 'js-team-sprint' into https-fix	2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen	218338b4f1	Merge branch 'js-team-sprint' into bad-random-polish	2020-06-17 21:04:00 +02:00

1 2 3 4 5 ...

1664 Коммитов