6335 Commits

Author	SHA1	Message	Date
Tony Torralba	433fc680ec	Apply suggestions from code review ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2023-06-19 10:17:40 +02:00
Tony Torralba	c97868f774	Add change notes	2023-06-16 09:01:02 +02:00
Tony Torralba	3e96fe60c5	Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query ... All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous	2023-06-16 08:52:44 +02:00
github-actions[bot]	e4be303a23	Release preparation for version 2.13.4	2023-06-08 19:57:37 +00:00
Asger F	76a8e9827e	Merge pull request #13283 from asgerf/js/restrict-regex-search-function ... JS: Be more conservative about flagging "search" call arguments as regex	2023-06-08 10:50:51 +02:00
Erik Krogh Kristensen	6ba7f9a238	Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp ... delete old deprecations	2023-06-07 13:00:57 +02:00
Erik Krogh Kristensen	b78cd48954	Merge pull request #13329 from erik-krogh/sqlhelp ... JS: improve the sql-injection help page	2023-06-06 08:44:44 +02:00
erik-krogh	3cb2ec4e87	fix nits from doc review	2023-06-05 19:06:07 +02:00
erik-krogh	f61b781386	JS: delete effectively empty file	2023-06-02 11:58:09 +02:00
erik-krogh	44b6366586	delete old deprecations	2023-06-02 11:58:08 +02:00
erik-krogh	9aeba4f31e	changes based on review	2023-06-01 17:24:44 +02:00
Erik Krogh Kristensen	96a720cfa0	Merge pull request #13285 from erik-krogh/redoshelp ... ReDoS: fix whitespace in the samples in ReDoS.qhelp	2023-06-01 15:53:58 +02:00
Asger F	baef99995d	JS: Change note	2023-06-01 14:10:11 +02:00
erik-krogh	1e08105863	less duplicated headers in the sql-injection samples	2023-05-31 18:04:34 +02:00
erik-krogh	98820780af	show how to use mysql.escape in the sql-injection qhelp	2023-05-31 18:04:34 +02:00
erik-krogh	7d801e05ee	add an example of using dollar eq	2023-05-31 18:04:23 +02:00
erik-krogh	e24b45b423	elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp	2023-05-31 09:57:38 +02:00
erik-krogh	b343dcaadd	put string/object in the alert-message for sql-injection	2023-05-31 08:06:04 +02:00
Arthur Baars	490d22d123	Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3	2023-05-30 21:31:28 +02:00
erik-krogh	9f5bf8fb22	also fix the first code-block	2023-05-25 13:56:29 +02:00
erik-krogh	765076bcba	fix whitespace in the samples in ReDoS.qhelp	2023-05-25 13:28:39 +02:00
github-actions[bot]	d2e192020b	Post-release preparation for codeql-cli-2.13.3	2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen	50cb5ea184	Merge pull request #13164 from erik-krogh/polyQhelp ... ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-23 09:25:15 +02:00
github-actions[bot]	7aa23cf11d	Release preparation for version 2.13.3	2023-05-22 20:47:00 +00:00
erik-krogh	710b309142	apply suggestions from doc review	2023-05-21 22:18:48 +02:00
erik-krogh	10bf17c33e	Merge branch 'main' into polyQhelp	2023-05-21 22:17:06 +02:00
Erik Krogh Kristensen	239234c5d2	fix bad change-note ... Co-authored-by: Asger F <asgerf@github.com>	2023-05-17 14:47:32 +02:00
erik-krogh	5a82454710	add change-note	2023-05-17 12:02:21 +02:00
erik-krogh	480e71fd69	avoid contractions	2023-05-17 08:42:45 +02:00
erik-krogh	2ebce99eae	add another example of how to fix the prototype pollution issue	2023-05-15 17:24:02 +02:00
erik-krogh	7a338c408e	fix typo, the variable in the example is called items	2023-05-15 17:23:40 +02:00
erik-krogh	83ca1495e0	trim the whitespace in the poly-redos examples	2023-05-15 16:47:24 +02:00
erik-krogh	d989359656	add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-15 16:47:02 +02:00
Asger F	20e8ee8423	Merge pull request #12748 from JarLob/yi ... JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query	2023-05-15 11:03:00 +02:00
Max Schaefer	5dfe52afd0	Merge pull request #13152 from github/max-schaefer/unsafe-shell-command-construction-examples-sync ... JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.	2023-05-12 16:50:25 +01:00
Max Schaefer	2e7eb50319	JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.	2023-05-12 14:42:11 +01:00
Max Schaefer	a4f6ccf2fc	JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass	2023-05-12 14:21:40 +01:00
Kasper Svendsen	7dd9906e95	JS: Enable implicit this receiver warnings	2023-05-12 09:49:14 +02:00
Asger F	c376eeb133	Merge pull request #12978 from asgerf/js/github-actions-sources ... JS: Add sources and sinks related to GitHub Actions	2023-05-10 09:55:24 +02:00
Jaroslav Lobačevski	5aa71352dc	Update javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp ... Co-authored-by: Asger F <asgerf@github.com>	2023-05-09 12:23:52 +02:00
Kasper Svendsen	67950c8e6b	JS: Make implicit this receivers explicit	2023-05-03 15:31:00 +02:00
Ian Lynagh	b56b843d13	Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 ... Post-release preparation for codeql-cli-2.13.1	2023-05-03 13:12:10 +01:00
Asger F	bdcda7ffe6	JS: Move change note to right location	2023-05-03 10:22:40 +02:00
Asger F	67afbee06d	Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher ... JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…	2023-05-02 13:59:30 +02:00
github-actions[bot]	18d4af994d	Post-release preparation for codeql-cli-2.13.1	2023-05-02 10:50:20 +00:00
Asger F	e9f1e99526	Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization ... JS: Update model of js-yaml	2023-05-01 09:57:20 +02:00
Asger F	1b75afb5b1	JS: Change note	2023-04-28 14:32:11 +02:00
github-actions[bot]	3bd29171fb	Release preparation for version 2.13.1	2023-04-28 12:14:35 +00:00
Asger F	c9c281cb9a	JS: Change note	2023-04-26 12:50:59 +02:00
Asger F	5f011a262c	JS: Change note	2023-04-26 12:49:24 +02:00