hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

10105 Commits

Author SHA1 Message Date
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Jean Helie
9e6f9c2705 Merge pull request #11709 from github/jhelie/add-shell-command-injection 
ATM: add boosted version for `ShellCommandInjectionFromEnvironment` query
 2023-01-20 16:03:30 +01:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Mark Vogelgesang
a3ff0725a3 Removed change-note as it was not necessary 2023-01-18 16:08:29 -05:00
Mark Vogelgesang
c9119848d9 Updated express-rate-limit example to match implementation examples found on packages README 2023-01-18 14:42:40 -05:00
erik-krogh
4b74dec18f expand what is parsed as the stem of a pathexpr 2023-01-17 21:28:21 +01:00
Jean Helie
fec7ea6964 ATM: add missing query help files 2023-01-17 12:20:17 +01:00
Jean Helie
b08fa43fdf update tests 2023-01-17 12:20:17 +01:00
Jean Helie
f07984bab2 update test data 2023-01-17 12:20:17 +01:00
Jean Helie
13aaa22df5 add bosted version of ShellCommandInjectionFromEnvironment 2023-01-17 12:20:17 +01:00
Erik Krogh Kristensen
8ccc384043 Merge pull request #11858 from erik-krogh/moreSpawn 
JS: track shell:true more in js/shell-command-constructed-from-input
 2023-01-16 13:24:50 +01:00
erik-krogh
71af8ab022 simplifications inspired by review 2023-01-13 13:18:52 +01:00
erik-krogh
7ae27bcc34 fix errors in JS printAst 2023-01-12 15:37:52 +01:00
Henry Mercer
70f1015fba Merge branch 'main' into codeql-ci/atm/release-0.4.5 2023-01-12 12:32:25 +00:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
github-actions[bot]
76e121e359 JS: Bump version of ML-powered library and query packs to 0.4.6 2023-01-10 21:11:23 +00:00
github-actions[bot]
dc88bdccc7 JS: Bump patch version of ML-powered library and query packs 2023-01-10 21:04:31 +00:00
erik-krogh
38ca68febb recognize "-->" as a bad tag filter 2023-01-10 18:09:56 +01:00
Erik Krogh Kristensen
54c780bdf9 Merge pull request #11853 from erik-krogh/assignMore 
JS: add local flow when recognizing Object.assign calls for library-inputs
 2023-01-10 17:04:29 +01:00
Tony Torralba
72a11e737d Merge pull request #11775 from atorralba/atorralba/all/omittable-exists 
All: Remove omittable exists variables
 2023-01-10 16:07:06 +01:00
erik-krogh
62b69bbd3e autoformat 2023-01-10 15:38:13 +01:00
Erik Krogh Kristensen
6623e5fbf3 Merge pull request #11852 from erik-krogh/jsInfiniteChar 
JS: recognize an infinite repetition of a char-class like regex as a char-class like regex
 2023-01-10 15:32:22 +01:00
Erik Krogh Kristensen
ce8836fb65 Update javascript/ql/lib/semmle/javascript/PackageExports.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2023-01-10 15:30:44 +01:00
erik-krogh
43696f5e27 add explicit this 2023-01-10 15:27:37 +01:00
erik-krogh
23a847b1cf track shell:true more in js/shell-command-constructed-from-input 2023-01-10 15:27:37 +01:00
erik-krogh
5c388c554c fix that the TypeTracker was unrestricted for the base-case of nonFirstLocationType 2023-01-10 13:39:50 +01:00
erik-krogh
e02b67af63 add failing test 2023-01-10 13:39:50 +01:00
Tony Torralba
3b6dae41cd JavaScript: Remove omittable exists variables 2023-01-10 13:37:21 +01:00
erik-krogh
79e161e046 slightly broaden the regular expression that recognizes bad string-concats used as shell commands 2023-01-10 12:49:37 +01:00
erik-krogh
9f100ef2c6 add local flow when recognizing Object.assign calls for library-inputs 2023-01-09 17:44:11 +01:00
erik-krogh
90f9e3f825 recognize an infinite repetition of a char-class like regex as a char-class like regex 2023-01-09 17:25:08 +01:00
erik-krogh
785c21f462 fix bad join-order in js/missing-this-qualifier 2023-01-09 16:06:26 +01:00
github-actions[bot]
cdb8f67601 Post-release preparation for codeql-cli-2.12.0 2023-01-06 10:36:34 +00:00
Jeroen Ketema
170242f79c Apply suggestions from code review 2023-01-05 17:57:19 +01:00
Nick Rolfe
6e07076151 tweak wording in 2.12 release notes 2023-01-05 16:46:44 +00:00
github-actions[bot]
b6a8193785 Release preparation for version 2.12.0 2023-01-05 16:32:14 +00:00
Aditya Sharad
ed73875fac Merge pull request #11747 from adityasharad/tutorial/library-pack 
Tutorial: Move QL detective tutorial library into shared `codeql/tutorial` library pack
 2023-01-04 08:24:53 -08:00
Erik Krogh Kristensen
cedc9c0bff Merge pull request #11582 from erik-krogh/heuristics 
JS: Add experimental variants of common security queries with more sources
 2023-01-04 10:46:19 +01:00
Aditya Sharad
9988c19a42 Merge branch 'main' into tutorial/library-pack 2023-01-03 14:08:37 -08:00
Calum Grant
ad55706527 Merge branch 'main' into calumgrant/remove-lgtm 2023-01-03 10:27:30 +00:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Arthur Baars
035ad65e43 AlertSuppression: move library into util folder 2022-12-21 10:39:57 +01:00
Jacques
b99c500435 Fix associated test 2022-12-20 12:51:13 +09:00
Jacques
97b8126385 Fix javascript 2022-12-20 12:45:59 +09:00
Aditya Sharad
ed29b3e4d6 Shared packs: Depend on codeql/tutorial from all language libraries 
This allows `import tutorial` from queries targeting
any language, just like before, while removing the
duplicate copies of `tutorial.qll`.
 2022-12-19 15:52:11 -08:00
Calum Grant
e982e144a4 JS: Update qltest output 2022-12-19 17:22:51 +00:00
Arthur Baars
a8be5d7274 AlertSuppression: add change notes 2022-12-19 17:02:52 +01:00
Arthur Baars
0f313231bc AlertSuppression: add more tests 2022-12-19 16:43:11 +01:00
Calum Grant
4a37c01c5f JavaScript: Remove references to LGTM 2022-12-19 15:15:17 +00:00