hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

1958 Commits

Author SHA1 Message Date
Asger F
77d2799278 Update javascript/ql/lib/semmle/javascript/Regexp.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-06-02 10:33:44 +02:00
erik-krogh
8eed1a95f6 stop recursive fromRhs related to getLaterBaseAccess 2023-06-01 23:16:52 +02:00
Jami
3886ebffa9 Merge branch 'main' into jcogs33/update-javascript-sink-kinds 2023-06-01 14:09:10 -04:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Asger F
2629ec1b1d JS: Be more conservative about flagging "search" call arguments as regex 2023-05-26 11:55:53 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Arthur Baars
e33f3a6668 Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Erik Krogh Kristensen
e658177c31 Merge pull request #12975 from tyage/support-sub-modules 
JS: Support sub modules
 2023-05-23 09:24:43 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Erik Krogh Kristensen
653cd86c13 update qldoc 2023-05-22 20:48:21 +02:00
Arthur Baars
7978c65467 JS: add upgrade/downgrade scripts 2023-05-22 19:28:59 +02:00
erik-krogh
708a99528f initial implementation of TS 5.1 2023-05-22 10:11:32 +02:00
erik-krogh
cbd7601a41 implement isShellInterpreted on ExecActionsCall 2023-05-17 11:07:48 +02:00
erik-krogh
3293a55e8f require arguments to be shell interpreted to be flagged by indirect-command-injection 2023-05-17 11:07:45 +02:00
Jami Cogswell
003bb2f6f5 JS: add change note 2023-05-16 15:45:55 -04:00
Jami Cogswell
359f6ffd1e JS: update 'credentials[%]' sink kind to 'credentials-%' 2023-05-16 15:45:55 -04:00
Jami Cogswell
7880e9e92c JS: update 'command-line-injection' sink kind to 'command-injection' 2023-05-16 15:45:55 -04:00
Arthur Baars
2911a6cc30 JS: remove unused tables 2023-05-16 17:03:41 +02:00
Arthur Baars
fef0e1f1c8 JS: sync shared dbscheme fragments 2023-05-16 17:03:41 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
tyage
93af0d0c2f formatting 2023-05-13 17:37:31 +00:00
tyage
6f66c047d0 JS: ignoresub pkgs in node_modules directory 2023-05-13 09:12:28 +00:00
Kasper Svendsen
7dd9906e95 JS: Enable implicit this receiver warnings 2023-05-12 09:49:14 +02:00
Kasper Svendsen
189f8515c0 JS: Make implicit this receivers explicit 2023-05-12 09:49:14 +02:00
Kasper Svendsen
489a73c2c3 JS: Make implicit this receivers explicit 2023-05-11 11:50:56 +02:00
tyage
f6a8cd27ca Update javascript/ql/lib/semmle/javascript/NPM.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-05-10 19:36:49 +09:00
Asger F
f4b5f39c57 Merge pull request #13044 from cklin/javascript-locatable-tostring-join-ordering 
JS: Add pragma[only_bind_out] to Locatable::toString() calls
 2023-05-10 10:08:48 +02:00
Asger F
c376eeb133 Merge pull request #12978 from asgerf/js/github-actions-sources 
JS: Add sources and sinks related to GitHub Actions
 2023-05-10 09:55:24 +02:00
Asger F
b28254327a Update javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-05-10 08:16:31 +02:00
Kasper Svendsen
c7d72e0d34 JS: Prevent join order regression 2023-05-09 17:01:41 +02:00
Jaroslav Lobačevski
891a94c166 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 16:27:32 +02:00
Jaroslav Lobačevski
1ad23c5366 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 12:23:06 +02:00
Chuan-kai Lin
0984fc7cce JS: Add pragma[only_bind_out] to Locatable::toString() calls 2023-05-04 13:20:56 -07:00
Kasper Svendsen
65deb9d90a Merge pull request #13016 from kaspersv/kaspersv/js-explicit-this-receivers3 
JS: Make implicit this receivers explicit
 2023-05-04 09:15:01 +02:00
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Erik Krogh Kristensen
f29db40371 Merge pull request #13011 from kaspersv/kaspersv/explicit-this-receivers-shared2 
JS, Python, Ruby: Make implicit this receivers explicit
 2023-05-03 15:34:59 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen
aca2ace843 JS, Python, Ruby: Make implicit this receivers explicit 2023-05-03 13:51:51 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Asger F
b9ad4177f9 JS: List safe environment variables in IndirectCommandInjection 2023-05-03 10:48:14 +02:00
Asger F
4c6711d007 JS: Clarify the difference between context and input sources 2023-05-03 10:30:04 +02:00
tyage
22f5b7a18b JS: check scoped package and normal package 2023-05-03 13:19:59 +09:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
tyage
be9c8d28b5 JS: drop string comparison 2023-05-02 12:41:03 +09:00
Asger F
5eaaa7e074 JS: Add qldoc 2023-05-01 11:42:55 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Asger F
0497e60ce2 JS: Model actions/exec 2023-05-01 11:05:59 +02:00