hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

10776 Commits

Author SHA1 Message Date
jarlob
6790318769 Added the composite word 2023-04-13 22:58:32 +02:00
Jaroslav Lobačevski
8f1bccbb4d Apply suggestions from code review (comments) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-04-13 22:55:53 +02:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
Arthur Baars
ead8108aed Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-04-13 11:11:55 +02:00
Erik Krogh Kristensen
cfb273ae01 Merge pull request #12799 from erik-krogh/oneColumn 
JS: use 1-based column locations for diagnostics
 2023-04-12 14:48:20 +02:00
Asger F
b819f55203 Merge pull request #12792 from asgerf/js/redux-model-perf 
JS: add getForwardingFunction and use to sharpen useSelector model
 2023-04-12 14:09:59 +02:00
erik-krogh
d3cc1d6991 update expected output of diagnostics test 2023-04-12 13:42:05 +02:00
erik-krogh
b1957623c1 add browser history as XSS sink 2023-04-12 13:38:18 +02:00
Erik Krogh Kristensen
8cb54b748b Merge pull request #12787 from tyage/add-router-sink 
JS: Add New XSS sink - Next.js router.push/replace
 2023-04-12 13:30:21 +02:00
erik-krogh
fe5e4845b1 use 1-based column locations for diagnostics 2023-04-12 08:14:15 +02:00
Arthur Baars
83cd55cb29 Js/Yaml: add getFile() predicate 2023-04-11 16:01:44 +01:00
erik-krogh
3c4bd5b6a7 forward toString() etc. predicates from YamlNode to Locatable 2023-04-11 15:37:01 +02:00
erik-krogh
b5e90483f5 improve the ESLint model to avoid overriding Yaml classes 2023-04-11 15:36:18 +02:00
Asger F
aef0fa3c8a JS: Expand QLDoc 2023-04-11 14:16:36 +02:00
Asger F
d702c7b990 Merge pull request #12759 from asgerf/js/getset-in-pattern 
JS: Fix parsing of 'get' or 'set' pattern with a default value
 2023-04-11 14:03:00 +02:00
Asger F
2c65a49d7c JS: Add getForwardingFunction() to API graphs 2023-04-11 14:00:30 +02:00
Asger F
4ce03d4dc4 JS: Restrict useSelector steps to local callbacks 2023-04-11 13:33:46 +02:00
Asger F
3cc931306f JS: Add test for selector nodes with multiple access paths 2023-04-11 13:33:27 +02:00
Nate Johnson
a0f4a5100f Insecure HTTP parser query for JavaScript 2023-04-09 20:38:55 -04:00
tyage
40d475863d Add change note 2023-04-08 18:36:50 +09:00
tyage
320cb99dbf Add replace method test 2023-04-08 18:31:48 +09:00
tyage
668e1accaa Remove unnecessary whiteline 2023-04-08 18:24:31 +09:00
tyage
7f9b8557ac Add Next.js router push as XSS sink 2023-04-08 18:18:34 +09:00
jarlob
72b66ffe97 Fix comment. 2023-04-07 10:01:14 +02:00
jarlob
7573c615f6 Fix warnings 2023-04-06 23:07:22 +02:00
jarlob
3745cccedd Fix warnings 2023-04-06 23:02:08 +02:00
jarlob
af83d8af41 Add comment 2023-04-06 22:59:09 +02:00
jarlob
9c7eecf547 Add support for composite actions 2023-04-06 22:53:59 +02:00
jarlob
baefeab2d1 fix tests 2023-04-06 19:11:04 +02:00
jarlob
0a878d4db9 Support yAml extensions 2023-04-06 19:07:38 +02:00
Arthur Baars
4fca4b668c JS: use shared YAML library 2023-04-06 15:11:35 +02:00
Henry Mercer
e1b3807dfc Merge remote-tracking branch 'origin/rc/3.9' into henrymercer/merge-back-3.9 2023-04-05 14:57:57 +01:00
jarlob
40635e60d1 Improve documentation 2023-04-05 10:26:02 +02:00
jarlob
9fba7d31f1 Improve documentation 2023-04-05 10:24:07 +02:00
jarlob
40b7910473 Fix QLDoc warnings 2023-04-05 10:14:54 +02:00
jarlob
eef1973b93 Change UI message 2023-04-05 10:05:24 +02:00
jarlob
5c5b9f99a8 Add simple taint tracking for env variables 2023-04-05 10:03:46 +02:00
github-actions[bot]
ac426b1302 Post-release preparation for codeql-cli-2.12.6 2023-04-04 16:49:26 +00:00
Asger F
5cc7380bcd JS: Change note 2023-04-04 16:49:14 +02:00
Asger F
621e2e71c8 JS: Don't try to parse "get=" as a method prop 2023-04-04 16:37:28 +02:00
Asger F
eb8046daef JS: Add trap test showing parse error 2023-04-04 16:33:13 +02:00
jarlob
39ff3c72a2 Remove label sanitizer because it is prone to race conditions 2023-04-03 23:28:31 +02:00
jarlob
8ea418216c Look for script injections in actions/github-script 2023-04-03 23:13:28 +02:00
jarlob
e941218e30 change notes added 2023-04-03 15:15:00 +02:00
jarlob
ba5747dff3 fix formatting 2023-04-03 15:10:27 +02:00
jarlob
c6eaf194a5 Remove empty.js as it is not needed anymore 2023-04-03 15:09:40 +02:00
jarlob
99d634c8a4 Add more sources, more unit tests, fixes to the GitHub Actions injection query 2023-04-03 15:02:02 +02:00
erik-krogh
0b4f239ab5 only set the file in the diagnostics message if the file is within the source root 2023-04-03 13:49:29 +01:00