hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

4435 Commits

Author SHA1 Message Date
erik-krogh
79e161e046 slightly broaden the regular expression that recognizes bad string-concats used as shell commands 2023-01-10 12:49:37 +01:00
erik-krogh
9f100ef2c6 add local flow when recognizing Object.assign calls for library-inputs 2023-01-09 17:44:11 +01:00
erik-krogh
90f9e3f825 recognize an infinite repetition of a char-class like regex as a char-class like regex 2023-01-09 17:25:08 +01:00
Calum Grant
ad55706527 Merge branch 'main' into calumgrant/remove-lgtm 2023-01-03 10:27:30 +00:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Jacques
b99c500435 Fix associated test 2022-12-20 12:51:13 +09:00
Calum Grant
e982e144a4 JS: Update qltest output 2022-12-19 17:22:51 +00:00
Arthur Baars
0f313231bc AlertSuppression: add more tests 2022-12-19 16:43:11 +01:00
Calum Grant
4a37c01c5f JavaScript: Remove references to LGTM 2022-12-19 15:15:17 +00:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Erik Krogh Kristensen
1500fa5f67 Merge pull request #10663 from pwntester/restify_improvements 
Javascript: Improve Restify support and add new Spife support
 2022-12-15 11:08:22 +01:00
Alvaro Muñoz
818c2da1aa fix Spife tests (without heuristics) 2022-12-14 15:42:27 +01:00
Alvaro Muñoz
14faff4477 fix restify tests 2022-12-14 15:38:35 +01:00
Alvaro Muñoz
a71fc930a6 add tests 2022-12-14 13:11:02 +01:00
Asger F
6b15839221 JS: Add tests for the examples used in the docs 2022-12-13 11:33:12 +01:00
Asger F
afe7872838 Merge pull request #11565 from asgerf/js/rephined-variable-in-access-path 
JS: handle rephined variable in access path
 2022-12-07 09:26:38 +01:00
Asger F
80777b8c50 JS: handle rephined variables in local access paths 2022-12-05 15:11:50 +01:00
Asger F
025cfe4064 JS: Add reproduction test case 2022-12-05 15:11:43 +01:00
Erik Krogh Kristensen
6b9cab23d4 Merge pull request #11248 from erik-krogh/js-redosMod 
JS: use the shared regex pack
 2022-12-05 14:48:37 +01:00
Asger F
2d578c1a73 Merge branch 'main' into merge-package-type-columns 2022-12-02 10:00:44 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
Asger F
2e3413c9b8 JS: Merge package/type columns 2022-11-23 11:17:42 +01:00
Erik Krogh Kristensen
f67219965e Merge pull request #11082 from erik-krogh/shellArr 
JS: treat arrays that gets executed with shell:true as a sink for `js/shell-command-constructed-from-input`
 2022-11-22 13:03:50 +01:00
Erik Krogh Kristensen
06386b2cdd Merge pull request #11072 from erik-krogh/slicing 
JS: poly-redos: don't sanitize calls through substring calls that just remove the start
 2022-11-22 13:02:09 +01:00
erik-krogh
6b5cd9abc3 use RegExpTreeView insteaed of RegexTreeView in JS 2022-11-22 12:55:48 +01:00
erik-krogh
ba2734909f JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
erik-krogh
fe49e41d7b JS: convert some block-comments that could be QLDoc to QLDoc 2022-11-16 13:45:35 +01:00
Mauro Baluda
784475dd66 Merge branch 'main' into main 2022-11-16 11:06:27 +01:00
Mauro Baluda
ec04f0c88f hapi/glue tests 2022-11-15 23:45:27 +01:00
erik-krogh
d4c6f873af add test for auto-accessors 2022-11-15 22:07:25 +01:00
erik-krogh
65567fa1ce add test for the more precise type-narrowing with the in operator 2022-11-15 22:07:25 +01:00
erik-krogh
e98d1df5f4 add dataflow support 2022-11-15 22:07:25 +01:00
erik-krogh
a8973c1147 add test for dataflow 2022-11-15 22:07:24 +01:00
erik-krogh
75ef5b1b0b add support for satisfies-expressions 2022-11-15 22:07:24 +01:00
erik-krogh
29cf695b07 update expected output of the queries (some sorting changed due to locations being used slightly differently in the shared pack) 2022-11-15 17:14:38 +01:00
erik-krogh
e18ceba49e port the JS regex/redos queries to use the shared pack 2022-11-15 17:14:38 +01:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Erik Krogh Kristensen
724a31b746 fix comment that wasn't updated in test 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-10 15:56:44 +01:00
Asger F
83291f378b Merge pull request #11157 from asgerf/js/yaml-locations 
JS: fix issue with zero-column yaml locations
 2022-11-09 15:57:54 +01:00
Erik Krogh Kristensen
c537c80ed6 Merge pull request #11095 from erik-krogh/exportRead 
JS: recognize more re-exported values as exported
 2022-11-09 12:39:41 +01:00
erik-krogh
23add8a72b recognize passcode as sensitive 2022-11-09 11:30:57 +01:00
erik-krogh
e0bcfe2afb add failing test 2022-11-09 11:30:31 +01:00
Asger F
694d987365 JS: Update test output 2022-11-09 09:36:03 +01:00
Erik Krogh Kristensen
e01cbb2ffa Merge pull request #10378 from erik-krogh/aliasFlow 
JS: expand localFieldStep to use access-paths, and build access-paths in more cases
 2022-11-08 14:26:12 +01:00
Asger F
92e8f059c8 JS: Avoid emitting column zero in yaml files 2022-11-08 11:38:26 +01:00
Asger F
a887ff4f09 JS: Add test cases to include results with column-zero end locations 2022-11-07 15:13:25 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
40032f295a treat arrays that gets executed with shell:true as a sink for js/shell-command-constructed-from-input 2022-11-07 09:19:05 +01:00
erik-krogh
bc5b7455cf add failing test 2022-11-07 09:14:52 +01:00