hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

10661 Commits

Author SHA1 Message Date
aegilops
68e21a594a Fixed query help formatting issues 2024-05-21 14:35:18 +01:00
aegilops
bda794fde7 Fixed wrong filenames in the InsecureHelmet tests 2024-05-21 14:34:58 +01:00
aegilops
83037b1195 Adjust structure to avoid warnings about message 2024-05-21 13:51:13 +01:00
Asger F
3b211089d6 JS: Remove redundant import 2024-05-21 14:40:17 +02:00
Asger F
6f19fc2fcd JS: Add isTypeUsed to avoid overpruning 2024-05-21 14:38:52 +02:00
Asger F
632cce2c16 JS: Add failing test due to overpruning 2024-05-21 14:20:13 +02:00
Asger F
43abc72780 JS: Add TypeModel.isTypeUsed 
f
 2024-05-21 14:19:56 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
aegilops
8300aeb0a0 Tests for InsecureHelmet 2024-05-20 12:05:42 +01:00
aegilops
3a885eaf9f Insecure Helmet middle configuration - frameguard or CSP to 'false' 2024-05-20 11:58:55 +01:00
Erik Krogh Kristensen
03cf9b702c Merge pull request #14291 from am0o0/amammad-js-CodeInjection_Shelljs 
JS: Shelljs improvement
 2024-05-17 11:14:11 +02:00
am0o0
42a9962519 make shellJSMember predicate private, improve predicate document 2024-05-16 14:05:06 +02:00
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh
56dff8540f add an example of how to get a floating point value between 0 and 1 2024-05-16 11:15:07 +02:00
erik-krogh
066f3b61a2 RandomSource is deprecated, it's crypto now 2024-05-16 11:14:50 +02:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Chuan-kai Lin
1758a1e04b Merge pull request #16422 from github/cklin/javascript-entities-reorder 
JS: Use entities in reorder directives
 2024-05-13 10:26:41 -07:00
amammad
bdee99ae88 stash 2024-05-13 14:37:05 +02:00
Joe Farebrother
da93a08639 Add change notes 
No change note is needed for Swift, as the new heuristics are unused and thus should not affect any queries.
 2024-05-09 10:03:20 +01:00
Joe Farebrother
9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother
5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
Asger F
536c115c1c JS: Fix location override in CaptureNode 2024-05-06 13:51:25 +02:00
Asger F
5a2260b481 JS: Update to match changes to API 2024-05-06 10:13:25 +02:00
Asger F
19f14622f3 JS: Update use of Locations 2024-05-06 10:13:24 +02:00
Chuan-kai Lin
9b51e0e0ee JS: Use entities in reorder directives 2024-05-03 11:17:13 -07:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
erik-krogh
d9e8e0e00a use some more standard values for credentials-kind for NodeJS client credentials 2024-05-03 13:58:37 +02:00
erik-krogh
ff85db36e2 exclude credentials as kind key from hardcoded-credentials when the key looks like a dummy password 2024-05-03 13:58:11 +02:00
Asger F
c408ab9e6a Merge branch 'main' into js/shared-dataflow 2024-05-02 19:43:34 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan
09e59ccf44 Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
github-actions[bot]
99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot]
5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Erik Krogh Kristensen
7e839792da Merge pull request #16330 from erik-krogh/del-deps-apr-2024 
All: delete outdated deprecations
 2024-04-30 10:43:39 +02:00
erik-krogh
800d7546fa change all the change-notes to breaking 2024-04-26 17:17:23 +02:00
erik-krogh
14d88eb3ce add change-notes 2024-04-26 12:56:28 +02:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Asger F
d0c9e3f7ad JS: Expose InternalModuleNaming 2024-04-25 13:33:17 +02:00
Asger F
9082972842 Merge pull request #16061 from RasmusWL/js-extractor-fix 
JS: More robust CommonJS/ES2015 detection logic for extractor
 2024-04-25 13:26:56 +02:00
Rasmus Wriedt Larsen
290b0fc4ab Merge pull request #16308 from asgerf/js/model-generation-quote 
JS: Fix naming issue in generated models
 2024-04-25 11:36:36 +02:00
Paolo Tranquilli
9f5782b67b Bazel: introduce buildifier formatting 
This introduces tooling and enforcement for formatting bazel files.

The tooling is provided as a bazel run target from
[keith/buildifier-prebuilt](https://github.com/keith/buildifier-prebuilt).

This is used in a [`pre-commit`](https://pre-commit.com/) hook for those
having that installed. In turn this is used in a CI check. Relying on a
`pre-commit` action gives us easy checking that buildifying did not
change anything in the files and printing the diff, without having to
hand-roll the check ourselves.

This enforcement will make usage of gazelle easier, as gazelle itself
might reformat files, even outside of `go`. Having them properly
formatted will allow gazelle to leave them unchanged, without needing
to configure awkward exclude directives.
 2024-04-24 15:49:48 +02:00
Asger F
db07c162e4 JS: Allow generated models to use (package) 2024-04-23 20:25:55 +02:00
Asger F
9d00f660f1 Update ModelGeneration.expected 2024-04-23 20:08:21 +02:00
Asger F
e4f23b31c6 JS: Add quotes around package name to correct parsing 2024-04-23 20:04:23 +02:00
Nick Rolfe
003d208574 JS: do fewer regexp matches in SensitiveActions 2024-04-23 15:31:38 +01:00
Asger F
ac34b922ec Merge pull request #16241 from asgerf/js/re-export 
JS: Improve support for `export * as ...` declarations
 2024-04-19 10:03:17 +02:00