hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

6335 Commits

Author SHA1 Message Date
Dave Bartolomeo
485fc04029 Initial merge from main 2024-09-15 08:55:31 -04:00
Alvaro Muñoz
061d58ae4a Update javascript/ql/src/change-notes/2024-09-06-new-actions-artifact-leak-query.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-09-10 22:18:04 +02:00
github-actions[bot]
97edff3f70 Post-release preparation for codeql-cli-2.18.4 2024-09-09 18:45:46 +00:00
github-actions[bot]
91537cdf9a Release preparation for version 2.18.4 2024-09-09 16:08:48 +00:00
Alvaro Muñoz
d34a0ba306 Add change note 2024-09-06 23:28:57 +02:00
Alvaro Muñoz
5d1da861a2 fix: Use YamlScalar for booleans 2024-09-06 23:21:41 +02:00
Alvaro Muñoz
5df3af2272 Fix alert message 2024-09-06 23:06:57 +02:00
Alvaro Muñoz
d9e8792d33 [javascript] Query to detect GITHUB_TOKEN leaked in artifacts 2024-09-06 22:55:58 +02:00
Henry Mercer
3490067316 Merge branch 'main' into henrymercer/rc-3.15-mergeback 2024-08-29 19:48:01 +01:00
Asger F
c54f5858b1 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-22 13:22:05 +02:00
Asger F
a1688f6a1a Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model 
Update JS helmet model structure
 2024-08-22 11:59:28 +02:00
github-actions[bot]
0724fd7ce2 Post-release preparation for codeql-cli-2.18.3 2024-08-21 18:25:54 +00:00
github-actions[bot]
17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Asger F
467256d465 JS: Add change note 2024-08-16 11:06:59 +02:00
Kristen Newbury
e84dda4fa6 Update JS helmet model structure 2024-08-15 16:08:48 -04:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
Asger F
df64388d79 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-02 13:18:38 +02:00
github-actions[bot]
49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot]
368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin
23320b6e5e Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot]
55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
aegilops
79980a98a2 Added links to eventual location of CUSTOMIZING.md 2024-07-12 14:21:50 +01:00
Paul Hodgkinson
11249e7182 Apply suggestions from code review - docs tweaks of CUSTOMIZING.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 14:20:03 +01:00
Paul Hodgkinson
c9af53f050 Merge branch 'main' into aegilops/polyfill-io-compromised-script 2024-07-12 12:53:44 +01:00
aegilops
61df4d2f04 Merge branch 'aegilops/polyfill-io-compromised-script' of https://github.com/aegilops/codeql into aegilops/polyfill-io-compromised-script 2024-07-12 12:49:18 +01:00
aegilops
00d91dc6ba Created guide on customizing these queries, and referenced it in the query help 2024-07-12 12:49:09 +01:00
aegilops
040f948e65 Added a note that SRI can be considered for some dynamic services 2024-07-12 12:48:36 +01:00
Paul Hodgkinson
3f37fe6add Apply suggestions from code review - docs and wording 
Docs suggestions accepted, thank you 🙏

Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 11:48:39 +01:00
aegilops
d71be8aeaf Moved from experimental into default queries 2024-07-11 11:44:01 +01:00
Paul Hodgkinson
412ad177c2 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-11 11:01:38 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
aegilops
5a3328b07a Merge branch 'aegilops/js/insecure-helmet-middleware' of https://github.com/aegilops/codeql into aegilops/js/insecure-helmet-middleware 2024-07-08 11:31:15 +01:00
aegilops
2aff2a7385 Fixed code markup 2024-07-08 11:31:06 +01:00
Paul Hodgkinson
d896fdf9fa Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-08 11:25:47 +01:00
aegilops
c003f265b0 Fixed missing li closing tag 2024-07-08 10:58:06 +01:00
aegilops
1fe14e26b1 Split out "compromised" functionality 2024-07-08 10:56:12 +01:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
aegilops
b4d8c4889a Fixed wrong name for example HTML 2024-07-01 16:58:03 +01:00
aegilops
c985c9adb3 Added change note for polyfill.io query 2024-07-01 16:56:07 +01:00
aegilops
1744a98017 Added full stop to end of message 2024-07-01 16:53:22 +01:00
aegilops
ceda46e317 Fixed ending <p> tags 2024-07-01 16:52:28 +01:00
aegilops
a1b0703690 Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests 2024-07-01 16:21:34 +01:00
aegilops
fc6fba8d06 Fixed CWE tags 2024-07-01 14:25:47 +01:00
aegilops
d1d082982a More external references 2024-07-01 14:25:29 +01:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Maiky
d0cf2a978c Merge branch 'main' into maikypedia/javascript-cors 2024-06-27 20:24:42 +02:00