hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

10661 Commits

Author SHA1 Message Date
Asger F
3c9e743495 JS: Add change note 2022-06-27 16:16:38 +02:00
Asger F
17d139c87d JS: Add qhelp 2022-06-27 16:14:30 +02:00
Erik Krogh Kristensen
34e7589844 sanitize non-strings from unsafe-html-construction 2022-06-27 13:53:44 +02:00
Asger F
c8b2be616f JS: Bump extractor version string 2022-06-27 13:52:44 +02:00
Asger F
c082578688 JS: Always sniff file type of TypeScript files 2022-06-27 13:48:00 +02:00
Asger F
d92430b0e7 JS: Fix FP from char class 2022-06-27 09:08:37 +02:00
Asger F
9e4116618a JS: Add CaseSensitiveMiddlewarePath query 2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen
28ac47689f changes based on reviews 2022-06-24 13:11:46 +02:00
github-actions[bot]
d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
Asger F
f5a19a1013 JS: Fix unused variable FP in template placeholders 2022-06-23 19:26:32 +02:00
Erik Krogh Kristensen
724721c5c8 fix typo 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
22871138c6 simplify the recursion between TTrace and isReachableFromStartTuple 
similar to the fix made by Shack in `ExponentialBackTracking.qll`
 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
be37763125 improve performance of process() by pruning accept states early 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
bf20b7dfc5 add change note for the ReDoS renamings 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
14204be2f9 add missing qldoc 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3bea7df45d add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
2e4c2df67e move the JS ReDoS test to a more appropriate folder 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
6b0df9bdfb refactor the concretize algorithm 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dbeae9aefb make a parameterized module out of the RegexpMatching implementation 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3be4a86acd make ReDoSPruning into a parameterized module 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dc06e9df02 move predicates that depend on isReDoSCandidate into a ReDoSPruning module 2022-06-23 14:36:24 +02:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
Asger F
90c2b6e47f JS: Downgrade ast_node_symbol relation 2022-06-23 10:17:28 +02:00
Erik Krogh Kristensen
08e4c8b195 Merge pull request #9634 from erik-krogh/jqueryParam 
JS: add all jquery plugin parameters as source to js/html-constructed-from-input
 2022-06-23 08:57:20 +02:00
Nick Rolfe
d91e8a6309 JS: create downgrades pack 2022-06-22 17:31:49 +01:00
Rasmus Wriedt Larsen
876ba71d9b Python/JS/Ruby: Add change-note 2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc SensitiveDataHeuristics: sync 2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen
e1c34c11ed add all jquery plugin parameters as source to js/html-constructed-from-input 2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen
dde7e9e2e8 add test for jquery plugin parameters in js/html-constructed-from-input 2022-06-21 13:21:57 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Asger F
b46ba896dd Merge pull request #9616 from asgerf/js/without-prop-step-await 
JS: Add withoutPropStep and model raw 'await' step with it
 2022-06-21 09:06:01 +02:00
Erik Krogh Kristensen
79696c6c5f Merge pull request #9572 from erik-krogh/heuristicSteps 
JS: add heuristic taint-step for potentially unmodelled libraries
 2022-06-21 09:00:58 +02:00
Asger F
835c9bb0b9 JS: Add test 2022-06-20 20:16:07 +02:00
Asger F
a0d3a6b5b1 JS: Add withoutPropStep and model 'await' steps with it 2022-06-20 20:16:07 +02:00
Erik Krogh Kristensen
3a4f0299c7 fix typo 2022-06-19 20:09:31 +02:00
Asger F
15278fe94f JS: Remove debug println 2022-06-17 14:57:03 +02:00
Asger F
6a4b3a190d JS: Bump extractor version 2022-06-17 14:40:22 +02:00
Asger F
ed4c39bbb4 JS: Upgrade script 2022-06-17 14:40:22 +02:00
Asger F
5610f654e9 JS: Add PackageJson.getTypingsModule 2022-06-17 14:40:22 +02:00
Asger F
a3204f6d74 JS: Trim whitespace in dbscheme 2022-06-17 14:40:22 +02:00
Asger F
608de70568 JS: Associate symbols with external module decls 2022-06-17 14:40:22 +02:00
Asger F
5faff5609d JS: Map symbol base types to their actual type 2022-06-17 14:40:22 +02:00
Asger F
3b4b56be28 JS: Add meta query for measuring library inputs 2022-06-16 11:57:33 +02:00
Erik Krogh Kristensen
ce323e215b add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps 2022-06-15 20:27:49 +02:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00