Merge branch 'github:main' into napalys/matchAll-support

2026-04-24 16:25:15 +02:00 · 2024-11-05 09:31:30 +01:00
parent b239bfabf1 3cdf94e83a
commit 7825a46085
1221 changed files with 96473 additions and 82197 deletions
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.2.3
+
+No user-facing changes.
+
 ## 1.2.2

 No user-facing changes.
--- a/javascript/ql/src/change-notes/released/1.2.3.md
+++ b/javascript/ql/src/change-notes/released/1.2.3.md
@@ -0,0 +1,3 @@
+## 1.2.3
+
+No user-facing changes.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.2
+lastReleaseVersion: 1.2.3
--- a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll
+++ b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll
@@ -25,9 +25,16 @@ module CorsPermissiveConfiguration {
   */
  abstract class Sanitizer extends DataFlow::Node { }

-  /** A source of remote user input, considered as a flow source for CORS misconfiguration. */
-  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
-    RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
+  /**
+   * DEPRECATED: Use `ActiveThreatModelSource` from Concepts instead!
+   */
+  deprecated class RemoteFlowSourceAsSource = ActiveThreatModelSourceAsSource;
+
+  /**
+   * An active threat-model source, considered as a flow source.
+   */
+  private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
+    ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
  }

  /** A flow label representing `true` and `null` values. */
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.2.3-dev
+version: 1.2.4-dev
 groups:
  - javascript
  - queries