10661 Commits

Author	SHA1	Message	Date
tyage	c22f9443f2	Refactoring Next.js parameter ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:28:51 +09:00
tyage	e8b751ae17	Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:24:08 +09:00
tyage	ac27307a2b	Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:23:59 +09:00
tyage	54050bf1b6	update test result XssWithAdditionalSources	2022-10-27 10:23:37 +09:00
Dave Bartolomeo	23b572e9b7	Use ${workspace} for intra-workspace dependencies ... Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release. Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.	2022-10-26 16:40:01 -04:00
Daniel Santos	63c71b7d09	Merge branch 'main' into main	2022-10-26 14:05:26 -05:00
Daniel Santos	64da2cec50	removed unnecessary getACall and fixed formatting	2022-10-26 12:02:55 -05:00
erik-krogh	0f9b4334cc	remove some FPs in js/password-in-configuration-file	2022-10-26 11:51:56 +02:00
erik-krogh	21e7e27e1f	push more context into load/store steps from the exploratory flow-analysis	2022-10-26 10:52:47 +02:00
Asger F	414bd40c41	JS: Do not track returned values out of the enclosing function	2022-10-26 09:29:49 +02:00
tyage	7a19744cf2	add change note	2022-10-26 15:17:50 +09:00
tyage	95dca7c3ed	update comment	2022-10-26 15:13:59 +09:00
tyage	09f8ca8cc0	add query in comment	2022-10-26 15:13:03 +09:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router ... as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
Daniel Santos	f7ace6f801	Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-25 14:27:03 -05:00
Daniel Santos	feece6f7b4	Merge branch 'github:main' into main	2022-10-25 10:43:20 -05:00
Daniel Santos	5b080481aa	TokenBuiltFromUuid formatting	2022-10-25 09:51:48 -05:00
Daniel Santos	375edf7455	TokenAssignmentValueSink refactor	2022-10-25 09:50:04 -05:00
Alvaro Muñoz	9830d2bebc	Format Restify.qll	2022-10-25 12:53:44 +02:00
Henry Mercer	1dc14bcaee	Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.6	2022-10-25 10:54:08 +01:00
Alvaro Muñoz	a80b691358	Remove unnecessary TaggedTemplateEntryPoint	2022-10-25 11:44:45 +02:00
Alvaro Muñoz	37ea3f23f1	Refactored ReplySource to ReplyCall. Got rid of unnecessary ref()	2022-10-25 11:42:48 +02:00
github-actions[bot]	caf3a098c8	JS: Bump version of ML-powered library and query packs to 0.3.7	2022-10-25 09:12:00 +00:00
github-actions[bot]	5d100c8036	JS: Bump patch version of ML-powered library and query packs	2022-10-25 09:00:40 +00:00
Daniel Santos	a2ad924376	Minor formatting fixes	2022-10-24 09:38:17 -05:00
Alvaro Muñoz	742e4aa471	Apply suggestions from code review ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-24 16:17:11 +02:00
Daniel Santos	066ffb7520	Tokens built from predictable UUIDs	2022-10-22 11:15:43 -05:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Josh Soref	ff6676e59b	spelling: normalize ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
Josh Soref	c5c9f4d746	spelling: dependencies ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
Alvaro Muñoz	c7ac237968	Update test results after merging new XSS improvements	2022-10-19 23:41:37 +02:00
Alvaro Muñoz	c10087b9a3	Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements	2022-10-19 22:18:29 +02:00
Alvaro Muñoz	009403b61e	Add QLDoc for FormatterSetup.getAFormatterHandler	2022-10-19 22:18:13 +02:00
Alvaro Muñoz	2ad5a70cf1	Merge branch 'main' into restify_improvements	2022-10-19 21:57:37 +02:00
Alvaro Muñoz	245be44eac	Merge branch 'main' into javascript_xss_improvements	2022-10-19 18:18:19 +02:00
Alvaro Muñoz	976dd7f99f	Fix format errors	2022-10-19 18:14:25 +02:00
Alvaro Muñoz	31d271b8e1	Fix format errors	2022-10-19 17:32:34 +02:00
Henry Mercer	6a12d676b8	Merge pull request #10878 from jsoref/spelling-ml ... Spelling ml	2022-10-19 16:28:06 +01:00
Henry Mercer	3afb9c1b3b	Merge pull request #10845 from github/henrymercer/remove-worsening-queries ... ATM: Remove worsening-based queries	2022-10-19 10:05:53 +01:00
Josh Soref	d722448796	spelling: injection ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-19 04:27:37 -04:00
Josh Soref	a4beafbe44	spelling: classifier ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-19 04:27:37 -04:00
Alvaro Muñoz	b79f7f3e95	Address code review comments ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-18 21:42:15 +02:00
Alvaro Muñoz	6ab62da015	Add Restify/Spife support	2022-10-18 21:41:34 +02:00
github-actions[bot]	fa274e4375	ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d	2022-10-18 11:53:42 +00:00
Erik Krogh Kristensen	71135da7ff	Merge pull request #10768 from erik-krogh/fixFileLoops ... JS: fix that js/file-system-race could have FPs related to loops	2022-10-17 12:01:55 +02:00
Henry Mercer	c0ac7ad7db	Remove query for worsening-based classifier evaluation	2022-10-14 15:35:43 +01:00
Henry Mercer	63ab295a46	Remove queries for worsening-based evaluation	2022-10-14 15:18:19 +01:00