hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

2332 Commits

Author SHA1 Message Date
Asger F
f4b5f39c57 Merge pull request #13044 from cklin/javascript-locatable-tostring-join-ordering 
JS: Add pragma[only_bind_out] to Locatable::toString() calls
 2023-05-10 10:08:48 +02:00
Asger F
c376eeb133 Merge pull request #12978 from asgerf/js/github-actions-sources 
JS: Add sources and sinks related to GitHub Actions
 2023-05-10 09:55:24 +02:00
Asger F
b28254327a Update javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-05-10 08:16:31 +02:00
Kasper Svendsen
c7d72e0d34 JS: Prevent join order regression 2023-05-09 17:01:41 +02:00
Jaroslav Lobačevski
891a94c166 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 16:27:32 +02:00
Jaroslav Lobačevski
1ad23c5366 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 12:23:06 +02:00
Chuan-kai Lin
0984fc7cce JS: Add pragma[only_bind_out] to Locatable::toString() calls 2023-05-04 13:20:56 -07:00
Kasper Svendsen
65deb9d90a Merge pull request #13016 from kaspersv/kaspersv/js-explicit-this-receivers3 
JS: Make implicit this receivers explicit
 2023-05-04 09:15:01 +02:00
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Erik Krogh Kristensen
f29db40371 Merge pull request #13011 from kaspersv/kaspersv/explicit-this-receivers-shared2 
JS, Python, Ruby: Make implicit this receivers explicit
 2023-05-03 15:34:59 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen
aca2ace843 JS, Python, Ruby: Make implicit this receivers explicit 2023-05-03 13:51:51 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Asger F
b9ad4177f9 JS: List safe environment variables in IndirectCommandInjection 2023-05-03 10:48:14 +02:00
Asger F
4c6711d007 JS: Clarify the difference between context and input sources 2023-05-03 10:30:04 +02:00
tyage
22f5b7a18b JS: check scoped package and normal package 2023-05-03 13:19:59 +09:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
tyage
be9c8d28b5 JS: drop string comparison 2023-05-02 12:41:03 +09:00
Asger F
5eaaa7e074 JS: Add qldoc 2023-05-01 11:42:55 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Asger F
0497e60ce2 JS: Model actions/exec 2023-05-01 11:05:59 +02:00
Asger F
cb9b01cbb7 JS: Port new sources based on comment from JarLob 2023-05-01 11:04:54 +02:00
Asger F
3d208c0a62 JS: Port Actions sources based on PR from R3x 2023-05-01 10:48:43 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
tyage
f52c845663 Fix comment. 2023-04-30 19:52:11 +09:00
tyage
80d401fba8 JS: change note 2023-04-30 18:26:46 +09:00
tyage
c0cf0b430e JS: support submodules 2023-04-30 18:07:52 +09:00
Erik Krogh Kristensen
3d41cd583f Merge pull request #12963 from tyage/track-interfile-use-router 
JS: Track interfile useRouter
 2023-04-28 22:41:43 +02:00
Asger F
f87740ab18 Merge pull request #12867 from asgerf/js/webpack-bundles 
JS: Ignore more webpack modules
 2023-04-28 14:35:57 +02:00
github-actions[bot]
3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
tyage
933b55d37d Track interfile useRouter 2023-04-28 15:49:26 +09:00
Asger F
0fb79bdf64 JS: Include a local step before store step 2023-04-27 17:58:02 +02:00
Asger F
c674afb674 JS: Fix condition in getRouteHandlerNode 
Previous version did not account for arrays
 2023-04-27 17:58:02 +02:00
Asger F
36889f6d72 JS: Fix isResponse/isRequest 2023-04-27 16:35:56 +02:00
Asger F
70331c0ea4 JS: Decouple chaining from ExplicitResponseSource 2023-04-27 16:14:27 +02:00
Asger F
96e415aba6 JS: Track express route handlers into arrays 2023-04-27 16:14:22 +02:00
Asger F
cf1e87de9e JS: Track DOM elements out of collections 2023-04-26 14:55:34 +02:00
Asger F
cb04df49eb JS: Treat Angular2 ElementRef.nativeElement as a DOM value 2023-04-26 14:33:04 +02:00
Asger F
1d0a0dec6f JS: Fix typo 2023-04-20 12:48:17 +02:00
Asger F
1acc0d2ddf JS: Update model of js-yaml 2023-04-20 12:47:13 +02:00
smiddy007
bda0ef3a75 Merge branch 'github:main' into JS-Allow-Truncated-Hash-Forge-NonKeyCipher 2023-04-19 13:40:32 -04:00
smiddy007
4f7275f064 Reformat doc and move change note 2023-04-19 13:39:18 -04:00
smiddy007
31b56bf966 Update javascript/ql/lib/change-notes/2023-04-13-Forge-truncated-sha512-hash 
Co-authored-by: Asger F <asgerf@github.com>
 2023-04-19 13:32:23 -04:00
Asger F
1c2fdc8df9 JS: Ignore more webpack modules 2023-04-19 10:29:14 +02:00
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Arthur Baars
e5d89b969a Merge pull request #12780 from aibaars/shared-yaml-lib 
JS: extract YAML library to a shared pack
 2023-04-18 11:09:53 +02:00
Kasper Svendsen
9d34d090ab Merge pull request #12843 from kaspersv/kaspersv/prevent-bad-js-join-order 
Prevent JS join order regression
 2023-04-18 09:09:43 +02:00