codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	219ec9d05d	Merge pull request #13127 from erik-krogh/polReDoS ReDoS: revert new superlinear algorithm.	2023-06-02 16:10:24 +02:00
erik-krogh	ac9ede4ec0	add change-notes	2023-06-02 11:58:11 +02:00
erik-krogh	f61b781386	JS: delete effectively empty file	2023-06-02 11:58:09 +02:00
erik-krogh	3584e85fe8	JS: fix tutorial	2023-06-02 11:58:08 +02:00
erik-krogh	9000243828	JS: fix compilation	2023-06-02 11:58:08 +02:00
erik-krogh	44b6366586	delete old deprecations	2023-06-02 11:58:08 +02:00
Asger F	77d2799278	Update javascript/ql/lib/semmle/javascript/Regexp.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-02 10:33:44 +02:00
erik-krogh	1b44b59842	add stress test	2023-06-01 23:20:23 +02:00
erik-krogh	8eed1a95f6	stop recursive fromRhs related to getLaterBaseAccess	2023-06-01 23:16:52 +02:00
erik-krogh	97afa5733b	add support for namespaced JSX attributes	2023-06-01 21:52:14 +02:00
erik-krogh	f4b68fb8c3	bump TypeScript to stable version	2023-06-01 21:51:43 +02:00
Jami	3886ebffa9	Merge branch 'main' into jcogs33/update-javascript-sink-kinds	2023-06-01 14:09:10 -04:00
erik-krogh	9aeba4f31e	changes based on review	2023-06-01 17:24:44 +02:00
Erik Krogh Kristensen	96a720cfa0	Merge pull request #13285 from erik-krogh/redoshelp ReDoS: fix whitespace in the samples in ReDoS.qhelp	2023-06-01 15:53:58 +02:00
Asger F	baef99995d	JS: Change note	2023-06-01 14:10:11 +02:00
erik-krogh	1e08105863	less duplicated headers in the sql-injection samples	2023-05-31 18:04:34 +02:00
erik-krogh	98820780af	show how to use mysql.escape in the sql-injection qhelp	2023-05-31 18:04:34 +02:00
erik-krogh	7d801e05ee	add an example of using dollar eq	2023-05-31 18:04:23 +02:00
erik-krogh	e24b45b423	elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp	2023-05-31 09:57:38 +02:00
erik-krogh	b343dcaadd	put string/object in the alert-message for sql-injection	2023-05-31 08:06:04 +02:00
Arthur Baars	490d22d123	Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3	2023-05-30 21:31:28 +02:00
Asger F	c637b6f59a	JS: Update test for RegExpAlwaysMatches	2023-05-26 14:10:26 +02:00
Asger F	9df9ca2916	JS: Update test and expectations for MissingRegExpAnchor	2023-05-26 14:07:34 +02:00
Asger F	40daa9c906	JS: Update RegExpInjection test and expectations	2023-05-26 14:05:36 +02:00
Asger F	2629ec1b1d	JS: Be more conservative about flagging "search" call arguments as regex	2023-05-26 11:55:53 +02:00
erik-krogh	9f5bf8fb22	also fix the first code-block	2023-05-25 13:56:29 +02:00
erik-krogh	765076bcba	fix whitespace in the samples in ReDoS.qhelp	2023-05-25 13:28:39 +02:00
github-actions[bot]	d2e192020b	Post-release preparation for codeql-cli-2.13.3	2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen	796e71f8be	Merge pull request #13176 from MaxSchlueter/fixquery12 Fix "Introducing the JavaScript libraries" query12.qll and add test case	2023-05-24 10:56:53 +02:00
Arthur Baars	e33f3a6668	Merge pull request #13154 from aibaars/sync-dbscheme-py JS/Ruby/QL/Python: sync dbscheme fragments	2023-05-23 19:14:29 +02:00
Max Schlueter	40aa9417d0	Fix query12 and add test case	2023-05-23 11:52:51 +02:00
erik-krogh	f7419c9250	add expected output	2023-05-23 09:56:06 +02:00
erik-krogh	f85b3e13c2	update expected output	2023-05-23 09:56:06 +02:00
Erik Krogh Kristensen	50cb5ea184	Merge pull request #13164 from erik-krogh/polyQhelp ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-23 09:25:15 +02:00
Erik Krogh Kristensen	e658177c31	Merge pull request #12975 from tyage/support-sub-modules JS: Support sub modules	2023-05-23 09:24:43 +02:00
github-actions[bot]	7aa23cf11d	Release preparation for version 2.13.3	2023-05-22 20:47:00 +00:00
Erik Krogh Kristensen	653cd86c13	update qldoc	2023-05-22 20:48:21 +02:00
Arthur Baars	7978c65467	JS: add upgrade/downgrade scripts	2023-05-22 19:28:59 +02:00
Erik Krogh Kristensen	3647b9cfeb	Merge pull request #13196 from erik-krogh/indirectCommand JS: require arguments to be shell interpreted to be flagged by indirect-command-injection	2023-05-22 11:53:57 +02:00
erik-krogh	708a99528f	initial implementation of TS 5.1	2023-05-22 10:11:32 +02:00
erik-krogh	710b309142	apply suggestions from doc review	2023-05-21 22:18:48 +02:00
erik-krogh	10bf17c33e	Merge branch 'main' into polyQhelp	2023-05-21 22:17:06 +02:00
Erik Krogh Kristensen	239234c5d2	fix bad change-note Co-authored-by: Asger F <asgerf@github.com>	2023-05-17 14:47:32 +02:00
erik-krogh	5a82454710	add change-note	2023-05-17 12:02:21 +02:00
erik-krogh	cbd7601a41	implement `isShellInterpreted` on `ExecActionsCall`	2023-05-17 11:07:48 +02:00
erik-krogh	3293a55e8f	require arguments to be shell interpreted to be flagged by indirect-command-injection	2023-05-17 11:07:45 +02:00
Asger F	f94fdc6348	JS: Remove mention of TrackedNode in docs	2023-05-17 10:37:12 +02:00
erik-krogh	480e71fd69	avoid contractions	2023-05-17 08:42:45 +02:00
Jami Cogswell	003bb2f6f5	JS: add change note	2023-05-16 15:45:55 -04:00
Jami Cogswell	359f6ffd1e	JS: update 'credentials[%]' sink kind to 'credentials-%'	2023-05-16 15:45:55 -04:00

... 34 35 36 37 38 ...

10776 Commits