hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

10776 Commits

Author SHA1 Message Date
maikypedia
87cac2a4e3 Express Argument has to be Cors 2023-12-07 23:01:41 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
amammad
1547cd0546 added inline tests, move to experimental dir 2023-12-05 18:59:46 +01:00
amammad
2c4d2d3069 Merge branch 'main' into amammad-js-CodeInjection_execa 2023-12-05 18:38:09 +01:00
amammad
67fb802f29 fix conflict 2023-12-05 18:37:50 +01:00
Maiky
83cbbd7043 Apply docstring changes 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-05 09:05:29 +01:00
Jorge
8abd1d9855 Merge branch 'main' into seclab/dotjs 2023-11-30 19:42:18 +01:00
Jorge
91bc043f30 Add .html.dot to Autobuild.java 2023-11-30 19:38:24 +01:00
Felicity Chapman
4cb2f53223 Remove unwanted period from query name 
Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name
 2023-11-30 14:31:17 +00:00
Maiky
e6c7fc0ead Fixes CI 2023-11-29 19:45:08 +02:00
Rafael
1a05c2e704 Added Django test 2023-11-29 08:26:49 +01:00
Rafael
0a74a3a765 Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael
0b0c9e3e48 Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael
286e3951bf Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
Maiky
6a3cdc90e2 Add change-node 2023-11-27 20:58:47 +02:00
Maiky
3bcb411d1a Using Express::RouteSetup 2023-11-27 20:31:19 +02:00
Maiky
f623db461a Change qldoc 2023-11-27 19:51:13 +02:00
Maiky
bb6ef72e67 getArgument returns Cors::Cors 2023-11-27 19:36:49 +02:00
Maiky
aa24ce5532 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-27 17:48:21 +02:00
amammad
48a9b107b9 add query to detect strapi CVe too 2023-11-24 10:47:17 +01:00
Maiky
4ef4c92e2c Move Customizations and Query 2023-11-23 21:29:09 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
erik-krogh
43c76468c9 add change-note 2023-11-23 21:17:33 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
Maiky
abd53e98a9 Fix minor issues 2023-11-23 13:17:54 +01:00
Maiky
413c11171e Move to /experimental 2023-11-23 11:00:47 +01:00
erik-krogh
dd1e71ace9 update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
Maiky
d661f7f482 Add Flow Labels 2023-11-22 19:50:16 +01:00
amammad
5cc4206e00 add a temporary Query file to demonstrate unsuccessful usage of two DataFlow configs 2023-11-22 08:30:59 +01:00
amammad
eb552b7c93 add failingPositiveTests to inlinetests 2023-11-22 08:00:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad
999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
Max Schaefer
2c5ce3216e Merge pull request #14846 from github/max-schaefer/js/path-injection 
Update qhelp for js/path-injection.
 2023-11-21 13:50:41 +00:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
erik-krogh
5611a3e417 use exact version 2023-11-20 20:48:51 +01:00
erik-krogh
10b3efa667 update to the stable version of TypeScript 5.3 2023-11-20 20:32:24 +01:00
erik-krogh
dde9a7cd7e Merge branch 'main' into ts53-ts 2023-11-20 20:31:00 +01:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Cornelius Riemenschneider
97fd2033f1 Take our node, not the one that comes first on the PATH. 2023-11-09 22:00:00 +01:00
Cornelius Riemenschneider
b4ec13235d Address review. 2023-11-09 09:40:29 +01:00
Cornelius Riemenschneider
6b37d2009b Merge branch 'main' into criemen/js-bazel 2023-11-08 16:11:47 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Erik Krogh Kristensen
f643fd7d74 Merge pull request #14716 from erik-krogh/invalid-main 
JS: catch when the main: path is invalid on Windows
 2023-11-08 08:33:58 +01:00
Geoffrey White
b63294764b Merge pull request #14705 from geoffw0/qhelplink 
Fix a dead ReDoS link in docs
 2023-11-07 17:40:19 +00:00