10661 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	a10b45e0db	Merge pull request #11927 from mvogelgesang/express-rate-limit ... JS: Updated express-rate-limit example to match implementation examples f…	2023-01-23 14:37:50 +01:00
erik-krogh	3cece50f78	add encodeURIComponent as a sanitizer for request-forgery	2023-01-23 13:53:53 +01:00
erik-krogh	be8ef1b324	add failing test	2023-01-23 13:52:36 +01:00
Erik Krogh Kristensen	1ee9957838	Merge pull request #9807 from erik-krogh/endFilter ... JS: recognize "-->" as a bad tag filter	2023-01-23 10:06:50 +01:00
Michael Nebel	69a42d8b1f	Merge pull request #11931 from michaelnebel/csharp/refactor ... Remove the Csv postfix of some predicate names.	2023-01-23 09:09:48 +01:00
Mathias Vorreiter Pedersen	e664662df9	Merge pull request #11944 from github/post-release-prep/codeql-cli-2.12.1 ... Post-release preparation for codeql-cli-2.12.1	2023-01-20 21:52:55 +00:00
github-actions[bot]	b62cb6ba84	Post-release preparation for codeql-cli-2.12.1	2023-01-20 19:49:56 +00:00
Jean Helie	9e6f9c2705	Merge pull request #11709 from github/jhelie/add-shell-command-injection ... ATM: add boosted version for `ShellCommandInjectionFromEnvironment` query	2023-01-20 16:03:30 +01:00
github-actions[bot]	005b3e4a47	Release preparation for version 2.12.1	2023-01-20 12:03:19 +00:00
Michael Nebel	dc223cb82e	Sync files and make corresponding changes for other languages.	2023-01-19 15:14:06 +01:00
Mark Vogelgesang	a3ff0725a3	Removed change-note as it was not necessary	2023-01-18 16:08:29 -05:00
Mark Vogelgesang	c9119848d9	Updated express-rate-limit example to match implementation examples found on packages README	2023-01-18 14:42:40 -05:00
erik-krogh	4b74dec18f	expand what is parsed as the stem of a pathexpr	2023-01-17 21:28:21 +01:00
Jean Helie	fec7ea6964	ATM: add missing query help files	2023-01-17 12:20:17 +01:00
Jean Helie	b08fa43fdf	update tests	2023-01-17 12:20:17 +01:00
Jean Helie	f07984bab2	update test data	2023-01-17 12:20:17 +01:00
Jean Helie	13aaa22df5	add bosted version of ShellCommandInjectionFromEnvironment	2023-01-17 12:20:17 +01:00
Erik Krogh Kristensen	8ccc384043	Merge pull request #11858 from erik-krogh/moreSpawn ... JS: track shell:true more in js/shell-command-constructed-from-input	2023-01-16 13:24:50 +01:00
erik-krogh	71af8ab022	simplifications inspired by review	2023-01-13 13:18:52 +01:00
erik-krogh	7ae27bcc34	fix errors in JS printAst	2023-01-12 15:37:52 +01:00
Henry Mercer	70f1015fba	Merge branch 'main' into codeql-ci/atm/release-0.4.5	2023-01-12 12:32:25 +00:00
Pierre	c3116b3f0f	Merge branch 'main' into turbo/experimental/combined	2023-01-11 18:02:55 +01:00
github-actions[bot]	76e121e359	JS: Bump version of ML-powered library and query packs to 0.4.6	2023-01-10 21:11:23 +00:00
github-actions[bot]	dc88bdccc7	JS: Bump patch version of ML-powered library and query packs	2023-01-10 21:04:31 +00:00
erik-krogh	38ca68febb	recognize "-->" as a bad tag filter	2023-01-10 18:09:56 +01:00
Erik Krogh Kristensen	54c780bdf9	Merge pull request #11853 from erik-krogh/assignMore ... JS: add local flow when recognizing Object.assign calls for library-inputs	2023-01-10 17:04:29 +01:00
Tony Torralba	72a11e737d	Merge pull request #11775 from atorralba/atorralba/all/omittable-exists ... All: Remove omittable exists variables	2023-01-10 16:07:06 +01:00
erik-krogh	62b69bbd3e	autoformat	2023-01-10 15:38:13 +01:00
Erik Krogh Kristensen	6623e5fbf3	Merge pull request #11852 from erik-krogh/jsInfiniteChar ... JS: recognize an infinite repetition of a char-class like regex as a char-class like regex	2023-01-10 15:32:22 +01:00
Erik Krogh Kristensen	ce8836fb65	Update javascript/ql/lib/semmle/javascript/PackageExports.qll ... Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2023-01-10 15:30:44 +01:00
erik-krogh	43696f5e27	add explicit this	2023-01-10 15:27:37 +01:00
erik-krogh	23a847b1cf	track shell:true more in js/shell-command-constructed-from-input	2023-01-10 15:27:37 +01:00
erik-krogh	5c388c554c	fix that the TypeTracker was unrestricted for the base-case of nonFirstLocationType	2023-01-10 13:39:50 +01:00
erik-krogh	e02b67af63	add failing test	2023-01-10 13:39:50 +01:00
Tony Torralba	3b6dae41cd	JavaScript: Remove omittable exists variables	2023-01-10 13:37:21 +01:00
erik-krogh	79e161e046	slightly broaden the regular expression that recognizes bad string-concats used as shell commands	2023-01-10 12:49:37 +01:00
erik-krogh	9f100ef2c6	add local flow when recognizing Object.assign calls for library-inputs	2023-01-09 17:44:11 +01:00
erik-krogh	90f9e3f825	recognize an infinite repetition of a char-class like regex as a char-class like regex	2023-01-09 17:25:08 +01:00
erik-krogh	785c21f462	fix bad join-order in js/missing-this-qualifier	2023-01-09 16:06:26 +01:00
github-actions[bot]	cdb8f67601	Post-release preparation for codeql-cli-2.12.0	2023-01-06 10:36:34 +00:00
Jeroen Ketema	170242f79c	Apply suggestions from code review	2023-01-05 17:57:19 +01:00
Nick Rolfe	6e07076151	tweak wording in 2.12 release notes	2023-01-05 16:46:44 +00:00
github-actions[bot]	b6a8193785	Release preparation for version 2.12.0	2023-01-05 16:32:14 +00:00
Aditya Sharad	ed73875fac	Merge pull request #11747 from adityasharad/tutorial/library-pack ... Tutorial: Move QL detective tutorial library into shared `codeql/tutorial` library pack	2023-01-04 08:24:53 -08:00
Erik Krogh Kristensen	cedc9c0bff	Merge pull request #11582 from erik-krogh/heuristics ... JS: Add experimental variants of common security queries with more sources	2023-01-04 10:46:19 +01:00
Aditya Sharad	9988c19a42	Merge branch 'main' into tutorial/library-pack	2023-01-03 14:08:37 -08:00
Calum Grant	ad55706527	Merge branch 'main' into calumgrant/remove-lgtm	2023-01-03 10:27:30 +00:00
Arthur Baars	98c5b81456	Merge pull request #11723 from aibaars/alert-suppression ... CodeQL alert suppression	2022-12-21 10:59:57 +01:00
Arthur Baars	035ad65e43	AlertSuppression: move library into util folder	2022-12-21 10:39:57 +01:00
Jacques	b99c500435	Fix associated test	2022-12-20 12:51:13 +09:00