github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
25 607 коммитов 1 544 Ветки 132 Теги 502 MiB
Граф коммитов

158 Коммитов

Автор SHA1 Сообщение Дата
Tom Hvitved b6d93ae81d Merge remote-tracking branch 'upstream/rc/1.25' into merge-rc-1.25 2020-09-22 09:35:39 +02:00
Rasmus Wriedt Larsen 637ea4ad6f
Merge pull request #4226 from RasmusWL/python-missing-1.25-change-notes 
Python: Add missing 1.25 change notes
 2020-09-14 13:18:24 +02:00
Calum Grant 3414063f2e
Update change-notes/1.25/analysis-python.md 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswl@github.com>
 2020-09-11 13:16:26 +01:00
Rasmus Wriedt Larsen 038688a55c
Python: Minor updates to 1.25 change notes 
backporting fixes from `@sj`
 2020-09-09 10:34:40 +02:00
Anders Schack-Mulligen 02da80aa25 Java: Remove "New Queries" section. 2020-09-08 14:40:33 +02:00
Rasmus Wriedt Larsen 2979f9813e Python: Add missing change notes 
I looked through PRs between rc/1.24 and rc/1.25 and added missing change notes for:

- https://github.com/github/codeql/pull/3314
- https://github.com/github/codeql/pull/3302
- https://github.com/github/codeql/pull/3212
- https://github.com/github/codeql/pull/3453
- https://github.com/github/codeql/pull/3407
- https://github.com/github/codeql/pull/3563

```
git log --grep="Merge pull request" --format=oneline rc/1.24..rc/1.25 -- python/
```
 2020-09-08 14:27:12 +02:00
Anders Schack-Mulligen b1e6e3a6f2 Java: Add 1.25 change notes. 2020-09-08 14:18:20 +02:00
Erik Krogh Kristensen 211ef61039 add change note 2020-08-12 09:29:34 +02:00
semmle-qlci 5b1d25591e
Merge pull request #3979 from max-schaefer/js/more-comand-injection-models 
Approved by asgerf
 2020-07-30 15:10:46 +01:00
Tom Hvitved f91043e08e C#: Add change note 2020-07-29 10:27:40 +02:00
Max Schaefer 91762ec274 JavaScript: Add partial model for `opener`. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer 9aa26fa4bc JavaScript: Add model for `foreground-child`. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer 2f842042ea JavaScript: Model another `execa` function relevant for command injection. 2020-07-27 11:34:04 +01:00
semmle-qlci bfb734e1d7
Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3 
Approved by erik-krogh
 2020-07-02 08:30:45 +01:00
semmle-qlci 45ef3ec4a8
Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
semmle-qlci c850938af0
Merge pull request #3833 from asger-semmle/js/vue-class-component 
Approved by erik-krogh
 2020-06-30 13:16:42 +01:00
Asger Feldthaus fcb365188b JS: Add change note 2020-06-29 09:59:17 +01:00
ubuntu bb06014f3d Add fancy-log 2020-06-28 22:02:02 +02:00
Asger Feldthaus 84d21074e5 JS: Support Vue class components 2020-06-27 21:24:46 +01:00
semmle-qlci 92cc59b47b
Merge pull request #3800 from esbena/js/npmlog 
Approved by erik-krogh
 2020-06-26 07:54:08 +01:00
semmle-qlci cf0cd00458
Merge pull request #3627 from asger-semmle/js/unneeded-defensive-return 
Approved by erik-krogh
 2020-06-25 15:28:57 +01:00
semmle-qlci c39dce4d66
Merge pull request #3781 from asger-semmle/js/deprecate-type-member-lookup 
Approved by erik-krogh
 2020-06-25 14:56:17 +01:00
Esben Sparre Andreasen 4bfce4b8a3 JS: model npmlog (and recognize the "verbose" log level) 2020-06-25 12:06:51 +02:00
Asger Feldthaus a109c1fc96 JS: Change note 2020-06-25 11:04:08 +01:00
Robert Marsh 3e6a19843d
Merge pull request #3727 from jbj/tainted-format-string-high 
C++: Raise cpp/tainted-format-string* precisions to high
 2020-06-24 15:06:13 -07:00
Asger Feldthaus e2a300e811 JS: Add change note 2020-06-24 10:33:45 +01:00
Erik Krogh Kristensen 76ed03f75b
update change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-24 09:30:43 +02:00
Erik Krogh Kristensen 79599b6cc0 add change-note 2020-06-23 15:57:55 +02:00
semmle-qlci 0d61443915
Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger Feldthaus b4f75ef414 Merge branch 'master' into js-team-sprint-merge2 2020-06-23 00:18:09 +01:00
Asger F ca06f6dfb4
Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-23 00:16:02 +01:00
Asger F 7d54b02fb9
Merge branch 'js-team-sprint' into js/delay-slow-query-merge 2020-06-22 16:34:49 +01:00
Esben Sparre Andreasen d4ad9a8bb2
Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-22 14:55:27 +02:00
Esben Sparre Andreasen 9a0bbb31f4 Revert "Merge pull request #3702 from esbena/js/memory-exhaustion" 
This reverts commit eca5e2df8a, reversing
changes made to 1548eca994.
 2020-06-22 14:46:51 +02:00
Esben Sparre Andreasen 3be094ea5b JS: polish js/incomplete-html-attribute-sanitization 2020-06-22 14:35:00 +02:00
Asger Feldthaus 1edb2a1892 JS: Rephrase XSS queries that use exception/dom text as source 2020-06-22 10:44:46 +01:00
Esben Sparre Andreasen 0654823b97
Merge branch 'js-team-sprint' into js/insecure-http-options 2020-06-22 11:25:25 +02:00
Esben Sparre Andreasen 3e898487e8
Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-22 11:23:40 +02:00
Asger F eca5e2df8a
Merge pull request #3702 from esbena/js/memory-exhaustion 
JS: add query js/memory-exhaustion
 2020-06-19 20:35:57 +01:00
Erik Krogh Kristensen 0f5ef2c02a
Merge branch 'js-team-sprint' into https-fix 2020-06-19 14:57:44 +02:00
Erik Krogh Kristensen e46bd709c4 add change note 2020-06-19 14:15:50 +02:00
Erik Krogh Kristensen a17d152ca4
Merge branch 'js-team-sprint' into priv-file-polish 2020-06-19 13:19:10 +02:00
Erik Krogh Kristensen 7d6dac479c
Merge branch 'js-team-sprint' into https-fix 2020-06-18 16:53:01 +02:00
Erik Krogh Kristensen dcf617b235
Merge branch 'js-team-sprint' into bad-random-polish 2020-06-18 16:52:32 +02:00
Erik Krogh Kristensen 1556b62007 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-18 16:40:53 +02:00
Esben Sparre Andreasen 3f67e90374 JS: rename query, support timeouts, add documentation, add to suite 2020-06-18 13:01:02 +02:00
Esben Sparre Andreasen 44aa182d0d
Update change-notes/1.25/analysis-javascript.md 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-18 10:14:16 +02:00
Esben Sparre Andreasen 5e31f3a34e JS: polish js/disabling-certificate-validation 2020-06-18 09:07:08 +02:00
Erik Krogh Kristensen 7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen 218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00