hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

10661 Commits

Author SHA1 Message Date
am0o0
fce183c7cb apply autoformat to HardcodedCredentialsCustomizations.qll 2024-08-05 14:25:15 +02:00
Asger F
df64388d79 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-02 13:18:38 +02:00
am0o0
354fcbe7fe apply changes from @erik-krogh 2024-08-01 20:14:36 +02:00
github-actions[bot]
49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot]
368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin
23320b6e5e Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot]
55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
Cornelius Riemenschneider
620582fc09 Address review. 2024-07-19 10:50:11 +02:00
Cornelius Riemenschneider
3badd61a56 Integration tests: port to pytest. 
Requires an internal PR.
 2024-07-18 16:36:11 +02:00
aegilops
79980a98a2 Added links to eventual location of CUSTOMIZING.md 2024-07-12 14:21:50 +01:00
Paul Hodgkinson
11249e7182 Apply suggestions from code review - docs tweaks of CUSTOMIZING.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 14:20:03 +01:00
Paul Hodgkinson
c9af53f050 Merge branch 'main' into aegilops/polyfill-io-compromised-script 2024-07-12 12:53:44 +01:00
aegilops
61df4d2f04 Merge branch 'aegilops/polyfill-io-compromised-script' of https://github.com/aegilops/codeql into aegilops/polyfill-io-compromised-script 2024-07-12 12:49:18 +01:00
aegilops
00d91dc6ba Created guide on customizing these queries, and referenced it in the query help 2024-07-12 12:49:09 +01:00
aegilops
040f948e65 Added a note that SRI can be considered for some dynamic services 2024-07-12 12:48:36 +01:00
Paul Hodgkinson
3f37fe6add Apply suggestions from code review - docs and wording 
Docs suggestions accepted, thank you 🙏

Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 11:48:39 +01:00
aegilops
d71be8aeaf Moved from experimental into default queries 2024-07-11 11:44:01 +01:00
Paul Hodgkinson
412ad177c2 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-11 11:01:38 +01:00
aegilops
01ec7c22df Fixed test 2024-07-09 19:19:06 +01:00
aegilops
0aab2aef3b Formatting of QLL 2024-07-09 18:16:37 +01:00
aegilops
dae2aeb7d3 QLDoc 2024-07-09 18:16:02 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
aegilops
5a3328b07a Merge branch 'aegilops/js/insecure-helmet-middleware' of https://github.com/aegilops/codeql into aegilops/js/insecure-helmet-middleware 2024-07-08 11:31:15 +01:00
aegilops
2aff2a7385 Fixed code markup 2024-07-08 11:31:06 +01:00
Paul Hodgkinson
d896fdf9fa Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-08 11:25:47 +01:00
aegilops
c003f265b0 Fixed missing li closing tag 2024-07-08 10:58:06 +01:00
aegilops
1fe14e26b1 Split out "compromised" functionality 2024-07-08 10:56:12 +01:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
Erik Krogh Kristensen
1c0c51faaf Merge pull request #16904 from igfoo/igfoo/shouldExtract 
JS: Remove call to shouldExtract
 2024-07-04 12:44:54 +02:00
Ian Lynagh
95a418aa14 JS: Remove call to shouldExtract 
It always returns true nowadays.
 2024-07-04 09:42:07 +01:00
aegilops
e2b37f97b0 Added dot to end of test message 2024-07-01 17:41:26 +01:00
aegilops
73fc6bcdb1 Added some missing QLDoc 2024-07-01 17:10:24 +01:00
aegilops
b4d8c4889a Fixed wrong name for example HTML 2024-07-01 16:58:03 +01:00
aegilops
c985c9adb3 Added change note for polyfill.io query 2024-07-01 16:56:07 +01:00
aegilops
1744a98017 Added full stop to end of message 2024-07-01 16:53:22 +01:00
aegilops
ceda46e317 Fixed ending <p> tags 2024-07-01 16:52:28 +01:00
aegilops
a1b0703690 Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests 2024-07-01 16:21:34 +01:00
aegilops
fc6fba8d06 Fixed CWE tags 2024-07-01 14:25:47 +01:00
aegilops
d1d082982a More external references 2024-07-01 14:25:29 +01:00
am0o0
b360c8adb8 Update hardcodedCredentials query file to only exclude 'jwt key' kind from with the isTestFile predicate. 
According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.
 2024-07-01 15:00:08 +02:00
am0o0
5a1877547f update test cases of __tests__/ dir 
since we want to check if a jwt related sink is in this dir or not
 2024-07-01 14:50:07 +02:00
am0o0
6ecd8b7ee8 add new default cred kind 2024-07-01 14:42:34 +02:00
am0o0
fa8c457015 move the TextEncoder and Buffer jose.base64url taint steps to a local query taint step 2024-07-01 12:11:53 +02:00
am0o0
60aa711005 implement TextEncoderStep taint step with globalVarRef predicate 2024-07-01 11:59:05 +02:00
am0o0
65fdb8ccce move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results 2024-07-01 11:38:17 +02:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Asger F
1d267efb6b JS: Fix missing qldoc 2024-06-28 14:30:56 +02:00
Erik Krogh Kristensen
60811116ab Merge pull request #16332 from erik-krogh/ts55 
JS: upgrade TypeScript to 5.5
 2024-06-28 13:59:52 +02:00
Asger F
e5924c1f84 JS: Another messy test update 2024-06-28 13:08:38 +02:00