hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

10105 Commits

Author SHA1 Message Date
Asger F
c376eeb133 Merge pull request #12978 from asgerf/js/github-actions-sources 
JS: Add sources and sinks related to GitHub Actions
 2023-05-10 09:55:24 +02:00
Asger F
b28254327a Update javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-05-10 08:16:31 +02:00
Kasper Svendsen
c7d72e0d34 JS: Prevent join order regression 2023-05-09 17:01:41 +02:00
Jaroslav Lobačevski
891a94c166 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 16:27:32 +02:00
Jaroslav Lobačevski
5aa71352dc Update javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 12:23:52 +02:00
Jaroslav Lobačevski
1ad23c5366 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 12:23:06 +02:00
Kasper Svendsen
f619a63f6f JS: Make implicit this receivers explicit 2023-05-09 11:37:25 +02:00
Asger F
aec6ba7d5e JS: Fix broken message in example query 2023-05-09 10:53:57 +02:00
Chuan-kai Lin
0984fc7cce JS: Add pragma[only_bind_out] to Locatable::toString() calls 2023-05-04 13:20:56 -07:00
Kasper Svendsen
65deb9d90a Merge pull request #13016 from kaspersv/kaspersv/js-explicit-this-receivers3 
JS: Make implicit this receivers explicit
 2023-05-04 09:15:01 +02:00
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Erik Krogh Kristensen
f29db40371 Merge pull request #13011 from kaspersv/kaspersv/explicit-this-receivers-shared2 
JS, Python, Ruby: Make implicit this receivers explicit
 2023-05-03 15:34:59 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen
aca2ace843 JS, Python, Ruby: Make implicit this receivers explicit 2023-05-03 13:51:51 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Asger F
b9ad4177f9 JS: List safe environment variables in IndirectCommandInjection 2023-05-03 10:48:14 +02:00
Asger F
4c6711d007 JS: Clarify the difference between context and input sources 2023-05-03 10:30:04 +02:00
Asger F
bdcda7ffe6 JS: Move change note to right location 2023-05-03 10:22:40 +02:00
tyage
22f5b7a18b JS: check scoped package and normal package 2023-05-03 13:19:59 +09:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
tyage
be9c8d28b5 JS: drop string comparison 2023-05-02 12:41:03 +09:00
tyage
0d991574ec Fix typo in test 2023-05-02 12:00:42 +09:00
Asger F
5eaaa7e074 JS: Add qldoc 2023-05-01 11:42:55 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
cb95dbfa14 JS: Add tests 2023-05-01 11:42:17 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Asger F
0497e60ce2 JS: Model actions/exec 2023-05-01 11:05:59 +02:00
Asger F
cb9b01cbb7 JS: Port new sources based on comment from JarLob 2023-05-01 11:04:54 +02:00
Asger F
3d208c0a62 JS: Port Actions sources based on PR from R3x 2023-05-01 10:48:43 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
tyage
f52c845663 Fix comment. 2023-04-30 19:52:11 +09:00
tyage
80d401fba8 JS: change note 2023-04-30 18:26:46 +09:00
tyage
71952fe551 JS: Add test for sub module 2023-04-30 18:18:35 +09:00
tyage
c0cf0b430e JS: support submodules 2023-04-30 18:07:52 +09:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
d1c8e0abd7 Merge pull request #12951 from asgerf/js/json-with-comments 
JS: Stop complaining about comments in JSON files
 2023-04-28 20:53:35 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
github-actions[bot]
3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
tyage
933b55d37d Track interfile useRouter 2023-04-28 15:49:26 +09:00
Asger F
8a9308c8b0 JS: Update test output 2023-04-28 07:55:20 +02:00
Asger F
0c8f895e0f JS: Add one more test 2023-04-27 21:06:20 +02:00
Asger F
97a942de80 JS: Update test output 2023-04-27 21:04:35 +02:00
Asger F
0fb79bdf64 JS: Include a local step before store step 2023-04-27 17:58:02 +02:00
Asger F
c674afb674 JS: Fix condition in getRouteHandlerNode 
Previous version did not account for arrays
 2023-04-27 17:58:02 +02:00
Asger F
682ff23e04 JS: Update Express test 2023-04-27 16:36:04 +02:00
Asger F
36889f6d72 JS: Fix isResponse/isRequest 2023-04-27 16:35:56 +02:00
Asger F
70331c0ea4 JS: Decouple chaining from ExplicitResponseSource 2023-04-27 16:14:27 +02:00