hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

10776 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
erik-krogh
0de4fd8430 add test for the better type-narrowing in TS 5.5 2024-06-20 20:55:44 +02:00
erik-krogh
9966be6975 update to the stable release of TypeScript 5.5 2024-06-20 20:47:43 +02:00
erik-krogh
b936f725b5 update to 5.5.1-rc 2024-06-20 20:43:01 +02:00
erik-krogh
a691ec01b3 add test for the inferred type predicates in TS5.5 2024-06-20 20:42:59 +02:00
erik-krogh
5336a1a251 upgrade TypeScript to 5.5-beta 2024-06-20 20:42:57 +02:00
Erik Krogh Kristensen
60ed51781e Merge pull request #16790 from github/max-schaefer-patch-1 
JavaScript: Fix CodeQL alert in extractor
 2024-06-20 20:20:00 +02:00
Erik Krogh Kristensen
e84028d01e Merge pull request #14088 from am0o0/amammad-js-JWT 
JS: decoding JWT without signature verification
 2024-06-20 20:13:40 +02:00
Asger F
a36e39359f Merge pull request #16739 from RasmusWL/js-array-steps 
JS: Allow many Array steps to be used in type-tracking
 2024-06-20 11:39:46 +02:00
Rasmus Wriedt Larsen
596102d3fb Update javascript/ql/lib/change-notes/2024-06-14-type-tracking-array-steps.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-06-20 10:07:49 +02:00
aegilops
1ecd72727d Renamed README to CUSTOMIZING, removed details from qhelp and referenced md doc instead 2024-06-19 17:59:43 +01:00
aegilops
a07639f4f6 Set severity to 7.0, in line with other configuration queries 2024-06-19 17:43:41 +01:00
aegilops
26f1b36736 Fixed formatting 2024-06-19 17:41:58 +01:00
aegilops
252c9e9416 Added data extension to set defaults, updated help, added README to explain customization 2024-06-19 17:27:17 +01:00
Max Schaefer
2be171746b JavaScript: Fix CodeQL alert in extractor 
This doesn't make a difference in practice because we only run the method on arrays of even length, but we might as well fix it.
 2024-06-19 17:13:01 +01:00
Paul Hodgkinson
3a98edb60b Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-06-19 12:53:32 +01:00
aegilops
d142f830da Change note and changed name of query in .ql file 2024-06-19 12:04:32 +01:00
aegilops
8a3cec4977 Fix formatting for check 2024-06-19 11:38:20 +01:00
Paolo Tranquilli
b7a2ea8981 CI: accept other diagnostic format related test changes 2024-06-19 11:33:50 +02:00
aegilops
de96d3951d Renamed to helmetProperty everywhere 2024-06-19 10:15:06 +01:00
aegilops
f4691b1919 Changed to more-modern Dataflow libraries 2024-06-19 10:11:06 +01:00
aegilops
81ef255a87 Change to helmetProperty from helmetSetting variable name 2024-06-19 10:09:50 +01:00
aegilops
da9e1e61a4 Moved examples into separate files 2024-06-18 19:50:06 +01:00
Rasmus Wriedt Larsen
3fc8401370 JS: Add change-note 2024-06-14 15:37:25 +02:00
Rasmus Wriedt Larsen
3f2befc3e5 JS: Support spread arguments in array.splice 2024-06-14 15:33:17 +02:00
Rasmus Wriedt Larsen
269f8ca2cd JS: Add splice(...arr) test 2024-06-14 15:19:56 +02:00
Rasmus Wriedt Larsen
68ccec3d43 JS: Prepare for new test 2024-06-14 15:18:47 +02:00
Rasmus Wriedt Larsen
194ef607f7 JS: Updated .expected 2024-06-14 14:49:34 +02:00
am0o0
4e1f7a930d fix invalid js file sample in qlhelp 2024-06-14 13:47:01 +02:00
Cornelius Riemenschneider
ede0b5bdf4 Merge remote-tracking branch 'origin/main' into criemen/codeql-pack-group 2024-06-13 21:53:31 +02:00
am0o0
bb03a9faba format the query file 2024-06-13 14:54:29 +02:00
am0o0
f0a467e80b update tests 2024-06-13 14:52:22 +02:00
am0o0
84b9d4d1ac fix qlhelp errors 2024-06-13 14:32:41 +02:00
Maiky
8ba7ac678d Update javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-06-12 19:38:13 +02:00
Maiky
4be5cf4e78 Update javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-06-12 19:38:02 +02:00
Rasmus Wriedt Larsen
ec18786488 JS: Provide better model for Array.splice 2024-06-12 16:29:21 +02:00
Rasmus Wriedt Larsen
54a0e6dc45 JS: Add new test for Array.splice 2024-06-12 16:24:33 +02:00
Rasmus Wriedt Larsen
9ed6da1072 JS: prepare to extend Array tests 
Oh how I have enjoyed working with InlineExpectationTests for these sort
of things, not worrying about all the .expected files changing because
you add a few lines in the middle of your tests :D
 2024-06-12 16:22:55 +02:00
Rasmus Wriedt Larsen
1027ca266d JS: Allow many Array steps to be used in type-tracking 2024-06-12 16:14:13 +02:00
Mauro Baluda
1db5e32e86 Extract SAP XSJS file types as Javascript 2024-06-11 23:53:41 +02:00
Mauro Baluda
45a48f360f Extract SAP XSJS file types as Javascript 2024-06-11 23:51:44 +02:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
Cornelius Riemenschneider
3cf719cb39 pkg.bzl: Significantly restructure codeql_pack rule. 
This PR introduces a `codeql_pack_rule` that does the heavy lifting
of extracting arch- and common zip files for production dist building.
It also factors out the installer targets for individual packs,
as well as pack groups.

This changes the contract between the internal build system and the pack
definition significantly, which is why an accompanying internal PR is required.
No backwards compatibility layer is provided, as the PR as complex enough as-is.

The individual `codeql_pack` rules are now much simpler,
as they mostly stuff their inputs into a new `_CodeQLPackInfo` provider,
and let the installer and `codeql_pack_group` rules do the heavy lifting.
For working in the external repo with self-contained packs,
the per-pack installer targets are still available.
Internally, we'll only use the new `codeql_pack_group` targets
going forward, both for defining intree-dists and for building
the production zip files.
 2024-06-11 13:15:05 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
Cornelius Riemenschneider
00319c5010 Upgrade bazel to 7.2.0. 
This also bumps a bunch of external dependencies.
 2024-06-10 17:03:59 +02:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
am0o0
9db334d02f update select statement, update test cases 2024-06-07 21:26:20 +02:00
am0o0
2c9340331d update test cases expected results 2024-06-07 21:16:31 +02:00
am0o0
5e0a78c4c7 make predicate for env key and value nodes, use propertyRead/Write instead of API nodes to find env key and value assignments, fix a bug thanks to @erik-krogh 2024-06-07 21:15:30 +02:00