github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 573 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

1311 Коммитов

Автор SHA1 Сообщение Дата
Erik Krogh Kristensen 9c06c48dc7
Merge pull request #2884 from esbena/js/practically-exploitable-redos 
JS: add query js/exploitable-polynomial-redos
 2020-02-27 10:19:17 +01:00
Esben Sparre Andreasen 1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Asger F 160fc48803
Merge pull request #2896 from asger-semmle/typescript-3.8 
TS: Support Typescript 3.8
 2020-02-25 08:19:01 +00:00
Asger F e665e3c187
Update change-notes/1.24/analysis-javascript.md 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-02-24 15:07:28 +00:00
Asger Feldthaus 6360073da4 JS: Rephrase change note 2020-02-24 14:35:17 +00:00
Asger Feldthaus 05d9e64dab TS: Add change note 2020-02-24 11:40:27 +00:00
Asger Feldthaus 1ee112a341 JS: Add change note 2020-02-21 13:55:27 +00:00
semmle-qlci ee5cf95f5b
Merge pull request #2892 from asger-semmle/js/field-methods 
Approved by esbena
 2020-02-21 13:49:42 +00:00
Asger Feldthaus 01fed95fe6 JS: Add change note 2020-02-21 11:49:20 +00:00
Robert Marsh 7a7444b4e1
Docs: Simplify change note 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-02-20 12:50:52 -08:00
Robert Marsh d151c2eeb7 C++: change note for IR-based GVN 2020-02-19 14:39:36 -08:00
Robert Marsh 8ea5739b7a C++: release note for DefaultTaintTracking 2020-02-19 14:32:49 -08:00
Esben Sparre Andreasen abe7aeef7c
Merge pull request #2643 from esbena/js/unsafe-jquery 
JS: add query js/unsafe-jquery-plugin
 2020-02-18 09:26:14 +01:00
semmle-qlci ecad925101
Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
semmle-qlci 23ed2bcc64
Merge pull request #2782 from asger-semmle/js/export-as-ns 
Approved by erik-krogh, max-schaefer
 2020-02-17 11:22:58 +00:00
Tom Hvitved 8e325ead91 Add change notes 2020-02-17 11:00:10 +01:00
Max Schaefer ad83a8946c JavaScript: Sort lines in change notes. 2020-02-14 11:15:09 +00:00
Max Schaefer f181111886 JavaScript: Add model of `http2` compatibility API. 
Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.
 2020-02-14 11:14:31 +00:00
semmle-qlci da566a4484
Merge pull request #2828 from erik-krogh/CVE24 
Approved by esbena
 2020-02-14 09:12:48 +00:00
semmle-qlci 769dce511b
Merge pull request #2788 from erik-krogh/CVE42-sink 
Approved by esbena
 2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen d6afd438ba add model for chrome-remote-interface as a ClientRequest 2020-02-13 10:58:07 +01:00
Taus 12113e947f
Merge pull request #2603 from RasmusWL/python-fix-http-source-sink 
Python: Make web libs use HttpRequestTaintSource and HttpResponseTaintSink
 2020-02-12 13:42:22 +01:00
Robert Marsh 5269fb713f
Merge pull request #2812 from geoffw0/nospacezero 
C++: Improve NoSpaceForZeroTerminator.ql
 2020-02-11 14:37:32 -05:00
Geoffrey White 87781a944b C++: Change note. 2020-02-11 15:25:59 +00:00
Tom Hvitved 1948446ad3 Address review comments 2020-02-11 11:56:40 +01:00
Tom Hvitved dc27ee7b9f C#: Add change note 2020-02-10 20:33:57 +01:00
Tom Hvitved 2b2bb5db80
Merge pull request #2803 from calumgrant/cs/stackalloc-expr 
C#: Handle implicitly-typed stackallocs
 2020-02-10 20:28:16 +01:00
Erik Krogh Kristensen 67cd303a91 add change note 2020-02-10 13:51:48 +01:00
Calum Grant a95ef31984 C#: Analysis change notes 2020-02-10 11:36:30 +00:00
Esben Sparre Andreasen 736ccb98c2 JS: model the `send` library for `js/path-injection` 2020-02-07 12:45:32 +01:00
Calum Grant 389e6266d9
Merge pull request #2773 from hvitved/csharp/useless-assignment-to-local-default 
C#: Remove false positives for `cs/useless-assignment-to-local`
 2020-02-07 10:37:19 +00:00
Asger Feldthaus 91a5385e7f JS: Add libraries to change note 2020-02-06 14:59:52 +00:00
Asger Feldthaus 75c008eec1 JS: Change note 2020-02-06 14:33:20 +00:00
Tom Hvitved 69d9d4122a C#: Add change note 2020-02-05 20:12:41 +01:00
Felicity Chapman d0e7bfce28
Merge pull request #2738 from aschackmull/java/ldapinjection-changenote 
Java: Add change note for LDAP injection query.
 2020-02-05 11:29:29 +00:00
semmle-qlci 53763c789f
Merge pull request #2741 from esbena/js/split-and-slice-for-tainted-path 
Approved by erik-krogh
 2020-02-05 10:53:39 +00:00
Anders Schack-Mulligen cf815351a9 Java: Elaborate change note. 2020-02-04 16:18:35 +01:00
Tom Hvitved 00fdc70155
Merge pull request #2710 from calumgrant/cs/short-circuit-out 
C#: Remove false positive in cs/non-short-circuit
 2020-02-04 12:09:17 +01:00
Esben Sparre Andreasen bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Asger Feldthaus 9abf5f06e6 TS: Resolve imports using TypeScript symbols 2020-02-03 09:32:56 +00:00
Esben Sparre Andreasen 7f25c1bf47 JS: address doc-review comments 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
semmle-qlci d995d5a4a0
Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Anders Schack-Mulligen 7647d94068 Java: Add change note for LDAP injection query. 2020-01-31 16:48:35 +01:00
yo-h 563be9f817
Merge pull request #2719 from aschackmull/java/deprecate-parexpr 
Java: Deprecate ParExpr
 2020-01-30 18:23:13 -05:00
Anders Schack-Mulligen 843fd37c75 Java: Add change note. 2020-01-30 10:52:16 +01:00
Anders Schack-Mulligen b7a8d0e903
Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-01-30 10:41:13 +01:00
Anders Schack-Mulligen 2039ec37e5 Java/C++/C#: Add change note for taint-getters. 2020-01-29 16:26:23 +01:00
Tom Hvitved 474815bf57
Merge pull request #2660 from calumgrant/cs/release-notes 
C#: Add release notes and precisions to queries
 2020-01-29 16:05:45 +01:00
Esben Sparre Andreasen a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00