hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

10776 Commits

Author SHA1 Message Date
Asger F
7766f97232 JS: Remove obsolete TODO 2025-01-09 09:39:26 +01:00
Asger F
8ac08db5c2 JS: Remove TODOs about WithArrayElement not being a taint step 
This isn't going to become a taint step, the workaround is the permanent solution
 2025-01-09 09:39:23 +01:00
Asger F
3cc1525985 JS: Remove obsolete TODOs 2025-01-09 09:19:30 +01:00
Asger F
1997e0a7b6 Merge pull request #18427 from asgerf/jss/change-note 
JS: Add migration guide and change note
 2025-01-09 09:13:16 +01:00
aegilops
4b57d5feb2 Added XSS sink for innerHTML/outerHTML using new Angular attribute def 2025-01-08 16:36:46 +00:00
aegilops
2dc9e7bab7 Moved def from AngularJSCore to Angular2 2025-01-08 16:36:10 +00:00
Asger F
b6b93dcead Merge pull request #18392 from asgerf/jss/deprecate-modules 
JS: Deprecate some .qll files
 2025-01-08 11:10:28 +01:00
Asger F
062391334e JS: Remove notes about changing API in the future 2025-01-08 09:15:13 +01:00
Asger F
df9b95575e JS: Add deprecation qldoc to Configuration classes 2025-01-08 09:15:12 +01:00
Asger F
e7d267e5d2 JS: Add migration guide and change note 2025-01-08 09:12:38 +01:00
Asger F
36f0d2f63e JS: Move VarAccessBarrier outside the deprecated Configuration.qll file 2025-01-08 08:56:53 +01:00
Asger F
c47419e66d JS: Remove an obsolete TODO comment (this has been fixed) 2025-01-08 08:54:41 +01:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
Asger F
f17cc5af15 JS: Move all hidden node definitions into DataFlowPrivate 2025-01-07 10:44:09 +01:00
Asger F
47cc3c09f5 JS: Deprecate an import 2025-01-07 10:43:40 +01:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
aegilops
4530118681 Comment out hardcoded definition of sink 2025-01-06 17:33:31 +00:00
aegilops
820fe6cd04 Formatting 2025-01-06 16:59:04 +00:00
aegilops
322c731ac3 Attempt at AttributeDefinition to generalise Angular Renderer2 support 2025-01-06 16:52:38 +00:00
aegilops
6fb201372b Update changelog note to remove new source 2025-01-06 16:51:59 +00:00
aegilops
e414b8c5be Remove @Input() decorated members as remote sources, in favour of a later Threat Model 2025-01-06 16:51:35 +00:00
aegilops
8dac00aa83 Change from getParameter() to getArgument() 2025-01-06 15:43:47 +00:00
Asger F
0cdda87161 JS: Restrict AP length in prototype-polluting function 2025-01-06 14:33:41 +01:00
Asger F
7ccb476b1b JS: Restrict AP length in ExceptionXss 2025-01-06 14:28:58 +01:00
Asger F
23d7420cec JS: Hide default exceptional return node 2025-01-06 14:27:20 +01:00
Asger F
e2af19b946 JS: Restrict "get" step to Map objects 2025-01-06 13:17:32 +01:00
Asger F
4c9f406e34 JS: Exclude some sinks in UnvalidatedDynamicMethodCall 2025-01-06 10:32:11 +01:00
aegilops
aba8be2902 Changelog for Angular source/sink update 2025-01-03 17:07:35 +00:00
aegilops
7128700003 Simplified AngularInputUse class 2025-01-03 17:02:55 +00:00
aegilops
4891c1e5fe Added QLdoc and simplified QL in source class 2025-01-03 16:50:47 +00:00
aegilops
4773917876 Formatting 2025-01-03 16:43:00 +00:00
Paul Hodgkinson
a23f4ee007 Merge branch 'main' into angular-sources-sinks 2025-01-03 16:38:48 +00:00
aegilops
0f64822356 New remote source - reading from an @Input() decorated class member 2025-01-03 16:34:15 +00:00
aegilops
09e4c78b0f New XSS sink - writing to innerHTML using the Angular Renderer2 API 2025-01-03 16:33:42 +00:00
Asger F
25f5ecba25 JS: Deprecate the Configuration.qll file 2025-01-03 11:41:41 +01:00
Asger F
0339bd0f3e JS: Deprecate forward/backward exploration modules 2025-01-03 11:41:39 +01:00
Asger F
942ba189f7 JS: Minor test output change in nodes/edges 
I suspect this is due to some fixes in the DeduplicatePathGraph module
 2024-12-19 15:25:49 +01:00
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
4a6030c592 JS: Update expected with some absent result sets 2024-12-19 15:25:46 +01:00
Asger F
cd6ebb103e JS: Make test not assume implicit through for maps 2024-12-19 15:25:45 +01:00
Asger F
dc2f39c399 JS: Add model of Map#groupBy 2024-12-19 15:25:43 +01:00
Asger F
de5e6ddeed JS: Update with changes in TaintTracking test 2024-12-19 15:25:42 +01:00
Asger F
c204527c08 JS: Update Array test output (new tests added on main) 2024-12-19 15:25:41 +01:00
Asger F
33e8bd5032 JS: Update testUtilities import 2024-12-19 15:25:39 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Asger F
e5ae7e0231 JS: Fix bad join in isOptionallySanitizedEdgeInternal 
This was previously called from isBarrier(node, state) but without restricting the state. The call was therefore moved to isBarrier(node), but this caused some optimisation changes resulting in a bad join.
 2024-12-16 15:35:54 +01:00