hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

2332 Commits

Author SHA1 Message Date
aegilops
73fc6bcdb1 Added some missing QLDoc 2024-07-01 17:10:24 +01:00
aegilops
a1b0703690 Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests 2024-07-01 16:21:34 +01:00
am0o0
6ecd8b7ee8 add new default cred kind 2024-07-01 14:42:34 +02:00
am0o0
fa8c457015 move the TextEncoder and Buffer jose.base64url taint steps to a local query taint step 2024-07-01 12:11:53 +02:00
am0o0
60aa711005 implement TextEncoderStep taint step with globalVarRef predicate 2024-07-01 11:59:05 +02:00
am0o0
65fdb8ccce move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results 2024-07-01 11:38:17 +02:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Asger F
1d267efb6b JS: Fix missing qldoc 2024-06-28 14:30:56 +02:00
Asger F
1c730bc66e JS: Fix compilation error in DataFlowImplConsistency.qll 2024-06-27 12:47:15 +02:00
Asger F
df0488a470 Ensure Member tokens from flow summaries are seen in PropertyName 2024-06-27 10:22:14 +02:00
Asger F
c52a4b0621 JS: Provide RenderSummarizedCallable 2024-06-27 09:44:45 +02:00
Asger F
e53c0cdce7 Fix unknown Parameter/Argument decoding 2024-06-27 09:39:06 +02:00
Asger F
88edc06517 Avoid bad join in compatibleTypesCached 
This is identical to the code in Ruby and seems to prevent a bad join ordering
in a cached version of this predicate in DataFlowCommon
 2024-06-26 13:51:41 +02:00
Asger F
fc7c2c5b17 Remove unused code 2024-06-26 13:51:40 +02:00
Asger F
e67e89dd70 Implement decodeUnknownArgument/ParameterPosition 2024-06-26 13:51:39 +02:00
Asger F
3bebd709b3 Handle AnyMemberDeep and ArrayElementDeep in encodeContent 2024-06-26 13:51:38 +02:00
Asger F
6c0c67dce4 Implement encodeWith/WithoutContent 2024-06-26 13:51:37 +02:00
Asger F
b0ea81276b Implement encodeReturn 2024-06-26 13:51:36 +02:00
Asger F
5811a3c5a6 Port getMadStringFromContentSet -> encodeContent 2024-06-26 13:51:35 +02:00
Asger F
8c4e5e8876 Boilerplate implementation of default predicates from FlowSummaryImpl.qll 2024-06-26 13:51:34 +02:00
Asger F
6b35a766a6 Migrate to shared FlowSummary library 2024-06-25 14:43:29 +02:00
Asger F
dd7aff555d Instantiate shared FlowSummary library 2024-06-25 13:35:49 +02:00
Asger F
f0d7c3a7f0 Remove bindingsets 2024-06-25 13:33:06 +02:00
Asger F
6e32f27652 Rename predicates to be consistent with qlpack 
In preparation for migrating to the FlowSummary module in the qlpack,
rename predicates to be consistent with the qlpack.
 2024-06-25 13:30:33 +02:00
Asger F
6c8fb61f60 Js: Update FlowSummaryImpl.qll to make things compile 2024-06-25 13:10:24 +02:00
Asger F
64a9598b89 JS: Update interface for isUnreachableInCall 2024-06-25 13:01:23 +02:00
Asger F
505c532af7 JS: Implement totalorder() 2024-06-25 12:58:35 +02:00
Asger F
102ca77acf Switch to getLocation() in DataFlowCall 2024-06-25 11:49:19 +02:00
Asger F
ecf418b8f6 Merge branch 'main' into js/shared-dataflow 2024-06-25 11:48:41 +02:00
Asger F
f43a189f06 JS: Make CaptureNode.toString() more explicit 2024-06-25 09:56:39 +02:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
erik-krogh
5336a1a251 upgrade TypeScript to 5.5-beta 2024-06-20 20:42:57 +02:00
Asger F
a36e39359f Merge pull request #16739 from RasmusWL/js-array-steps 
JS: Allow many Array steps to be used in type-tracking
 2024-06-20 11:39:46 +02:00
Rasmus Wriedt Larsen
596102d3fb Update javascript/ql/lib/change-notes/2024-06-14-type-tracking-array-steps.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-06-20 10:07:49 +02:00
aegilops
252c9e9416 Added data extension to set defaults, updated help, added README to explain customization 2024-06-19 17:27:17 +01:00
Rasmus Wriedt Larsen
3fc8401370 JS: Add change-note 2024-06-14 15:37:25 +02:00
Rasmus Wriedt Larsen
3f2befc3e5 JS: Support spread arguments in array.splice 2024-06-14 15:33:17 +02:00
Rasmus Wriedt Larsen
ec18786488 JS: Provide better model for Array.splice 2024-06-12 16:29:21 +02:00
Rasmus Wriedt Larsen
1027ca266d JS: Allow many Array steps to be used in type-tracking 2024-06-12 16:14:13 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Anders Schack-Mulligen
0c47203580 Javascript: Add support for pretty-printed provenace in tests. 2024-06-07 11:47:49 +02:00
Asger F
6e0f3df573 Merge pull request #14120 from asgerf/dynamic/typemodel-istypeused 
Dynamic: add TypeModel.isTypeUsed
 2024-06-06 15:31:16 +02:00
am0o0
ee05ec0386 remove sanitnzer and add a where condition instead 
use a simpler where condition(the former sanitizer) for overcoming performance problems
 2024-06-06 14:16:41 +02:00
am0o0
61a11c6512 Or to or in docs 2024-06-06 14:10:15 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
am0o0
c2f96a1352 fix a document 2024-05-25 19:35:20 +02:00
Am
2226f5126b Merge branch 'main' into amammad-js-hardcodedJWTKey 2024-05-25 13:40:46 +03:30