hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

6335 Commits

Author SHA1 Message Date
Napalys Klicius
65b1275a19 Update javascript/ql/src/RegExp/DuplicateCharacterInCharacterClass.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-10 13:26:08 +02:00
Napalys Klicius
d68f5ebddb Added quality tag to js/regex/duplicate-in-character-class 2025-06-10 12:10:33 +02:00
Napalys Klicius
417ca1aceb Enchanced js/regex/duplicate-in-character-class's qhelp 2025-06-10 12:10:25 +02:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Napalys Klicius
d1869941c2 Renamed UnhandledStreamPipe.ql to a better fitting name and ID 
As a side effect of merge `security-and-quality` does not contain anymore related new query.

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 13:57:10 +02:00
Napalys Klicius
f6e7059589 Merge branch 'main' into js/quality/stream_pipe 2025-06-03 13:48:41 +02:00
Napalys Klicius
8ba1f3f265 Update javascript/ql/src/Quality/UnhandledStreamPipe.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-03 13:43:45 +02:00
Napalys Klicius
7993f7d8c8 Update qhelp example to more accurately demonstrate flagged cases 2025-06-02 19:08:33 +02:00
Napalys Klicius
bf2f19da56 Update UnhandledStreamPipe.ql 
Address comments

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-02 19:02:48 +02:00
Napalys Klicius
ae74edb033 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:53:54 +02:00
Napalys Klicius
d43695c929 Update javascript/ql/src/Quality/UnhandledStreamPipe.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:42 +02:00
Napalys Klicius
7198372ae5 Update javascript/ql/src/Quality/UnhandledStreamPipe.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:41 +02:00
Napalys Klicius
abd446ae77 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:40 +02:00
Napalys Klicius
64f00fd0f2 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:34 +02:00
Napalys Klicius
3cbc4142f0 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:40:06 +02:00
Napalys Klicius
1f256ab71e Added change note 2025-06-02 14:59:43 +02:00
Napalys Klicius
298ef9ab12 Now able to track error handler registration via instance properties 2025-06-02 11:01:41 +02:00
Napalys Klicius
f843cc02f6 Fix false positives in stream pipe analysis by improving error handler tracking via property access. 2025-05-30 18:08:04 +02:00
Napalys Klicius
d3b2a57fbf Fixed ql warning Expression can be replaced with a cast 2025-05-28 17:34:16 +02:00
Napalys Klicius
2e2b9a9d63 Make predicates private and clarify stream reference naming. 2025-05-28 17:23:55 +02:00
Napalys Klicius
f8f5d8f561 Exclude .pipe detection which are in a test file. 2025-05-28 17:18:39 +02:00
Napalys Klicius
5bb29b6e33 Now flags only .pipe calls which have an error somewhere down the stream, but not on the source stream. 2025-05-28 17:17:43 +02:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Napalys Klicius
5214cc0407 Excluded ngrx, datorama, angular, react and langchain from stream pipe query. 2025-05-27 09:45:37 +02:00
Napalys Klicius
1f6b3ad929 Update javascript/ql/src/codeql-suites/javascript-security-and-quality.qls 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-05-27 09:38:24 +02:00
Napalys Klicius
e964b175e6 Added maintainability and error-handling tags 2025-05-26 14:23:20 +02:00
Napalys Klicius
37024ade85 JS: Move query suite selector logic to javascript-security-and-quality.qls 2025-05-26 11:00:48 +02:00
Napalys Klicius
000e69fd48 Replaced fuzzy NonNodeStream MaD to a ql predicate to deal easier with submodules 2025-05-23 13:55:40 +02:00
Napalys Klicius
248f83c4db Added qhelp for UnhandledStreamPipe query 2025-05-23 13:35:36 +02:00
Napalys Klicius
b10a9481f3 Fixed false positives from strapi and rxjs/testing as well as when one passes function as second arg to pipe 2025-05-22 18:50:02 +02:00
Napalys Klicius
ac24fdd348 Add predicate to detect non-stream-like usage in sources of pipe calls 2025-05-22 18:49:59 +02:00
Napalys Klicius
5b1af0c0bd Added detection of custom gulp-plumber sanitizer, thus one would not flag such instances. 2025-05-22 18:49:53 +02:00
Asger F
9202a1b084 Merge pull request #19516 from asgerf/js/npm-package-name-join 
JS: More efficient nested package naming
 2025-05-22 12:46:43 +02:00
Napalys Klicius
09220fce84 Fixed issue where pipe calls from rxjs package would been identified as pipe calls on streams 2025-05-22 12:33:36 +02:00
Napalys Klicius
d7f86db76c Enhance PipeCall to exclude non-function and non-object arguments in pipe method detection 2025-05-22 12:31:27 +02:00
Napalys Klicius
4332de464a Eliminate false positives by detecting non-stream objects returned from pipe() calls based on accessed properties 2025-05-22 12:31:26 +02:00
Napalys Klicius
03d1f9a7d3 Restrict pipe detection to calls with 1-2 arguments 2025-05-21 11:41:22 +02:00
Napalys Klicius
30f2815503 Fixed issue where a custom pipe method which returns non stream would be flagged by the query 2025-05-21 11:41:19 +02:00
Napalys Klicius
ef1bde554a Fixed issue where streams would not be tracked via chainable methods 2025-05-21 11:40:35 +02:00
Napalys Klicius
c27157f021 Add UnhandledStreamPipee Quality query and tests to detect missing error handlers in Node.js streams 2025-05-21 11:38:57 +02:00
Asger F
d644f80921 JS: Remove obsolete meta query 2025-05-20 16:20:49 +02:00
Asger F
6ac35f1c66 JS: Use in MissingAwait 2025-05-20 13:20:13 +02:00
Asger F
5064cd5d94 JS: Exclude externs from CallGraph meta-query 2025-05-20 13:19:48 +02:00
Asger F
317e61d370 JS: Update UnresolvableImports to handle nested packages 2025-05-19 12:53:19 +02:00
Michael Nebel
dabeddb62d Add change-notes. 2025-05-19 09:26:49 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00