hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

10776 Commits

Author SHA1 Message Date
Asger F
4f0e17bf97 JS: Add step to a few other queries 2023-03-07 09:39:40 +01:00
Arthur Baars
51599b3cae Address review comments 2023-03-06 18:40:29 +01:00
Asger F
d4b4d22378 JS: Step through HTML sanitizers in SQL injection query 2023-03-06 15:10:26 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Dave Bartolomeo
b342e93989 Move change note to appropriate pack 2023-03-03 14:43:00 -05:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Asger F
37999eaea0 JS: Fix implicit this 2023-03-03 13:43:17 +01:00
Asger F
f4b13e0955 JS: Update printAst expected output 2023-03-03 13:42:42 +01:00
Erik Krogh Kristensen
d94e51aaf6 Merge pull request #12377 from erik-krogh/jHtml 
JS: add the html argument to the jQuery functions as an XSS sink
 2023-03-03 13:19:38 +01:00
Asger F
7f96fe725b JS: Change note 2023-03-03 12:21:20 +01:00
Asger F
1264029282 JS: Bump extractor version string 2023-03-03 12:21:20 +01:00
Asger F
7a55b003d2 JS: Fix location of assert clause 2023-03-03 12:21:20 +01:00
Asger F
38194c6ae7 JS: Extract import assertions to DB 2023-03-03 12:21:20 +01:00
Asger F
f454151e7a JS: Convert TypeScript import assertions 2023-03-03 12:21:20 +01:00
Asger F
3af085afcb JS: Drive-by allow trailing commas in dynamic imports 2023-03-03 12:21:20 +01:00
Asger F
8d9060f1f9 JS: Store in the Java AST 2023-03-03 12:21:03 +01:00
Asger F
c715de2a10 JS: parse import assertions without storing in AST 2023-03-03 12:21:03 +01:00
Asger F
5fdc293d82 JS: Add trap test for import assertions 2023-03-03 12:21:03 +01:00
erik-krogh
a6c9af4182 add the html argument to the jQuery functions as an XSS sink 2023-03-03 11:09:53 +01:00
erik-krogh
94870b838f add failing test 2023-03-03 11:08:33 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
erik-krogh
fc9e63275f only print a constant when catching an OOM 2023-03-02 22:14:29 +01:00
Erik Krogh Kristensen
094a2b0c46 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-03-02 22:14:17 +01:00
github-actions[bot]
50c90bbc5c ATM: Update model pack dependency of ML-powered model building and query packs 2023-03-02 17:31:03 +00:00
erik-krogh
88810420b1 add location to the parse-error diagnostics 2023-03-02 14:54:58 +01:00
erik-krogh
c460eae2e1 implement diagnostics 2023-03-02 14:54:54 +01:00
Asger F
b6ec9464eb JS: Remove trailing whitespace 2023-03-01 15:29:51 +01:00
Erik Krogh Kristensen
64dad3db8a Merge pull request #12333 from kaspersv/kaspersv/fix-join-order 
ReflectedXss: Prevent bad join order
 2023-03-01 12:48:30 +01:00
Erik Krogh Kristensen
f3f5f6eacf Merge pull request #12190 from erik-krogh/fix-erb 
JS: Actually extract `.html.erb` files.
 2023-02-28 16:11:32 +01:00
Kasper Svendsen
86925646f3 ReflectedXss: Prevent bad join order 2023-02-28 12:06:27 +01:00
Erik Krogh Kristensen
50aa5e072a Merge pull request #12177 from erik-krogh/alias-html 
JS: More precise type-test sanitizer guards in unsafe-html-construction
 2023-02-27 18:16:11 +01:00
erik-krogh
505168f24b fix upper-case .html.erb files 2023-02-27 17:19:43 +01:00
Erik Krogh Kristensen
927c322b7b Merge pull request #11769 from erik-krogh/moreSan 
JS: Sanitizer for `sanitizer(x) === true`
 2023-02-27 15:48:34 +01:00
Alex Ford
7c85448cba Merge pull request #12080 from alexrford/js-use-shared-cryptography 
JS: Use shared `CryptographicOperation` concept
 2023-02-27 12:26:38 +00:00
erik-krogh
0e60fc5512 Merge branch 'main' into alias-html 2023-02-27 09:16:25 +01:00
Erik Krogh Kristensen
f8f926ad50 Merge pull request #12175 from erik-krogh/reg-input 
JS: add process.env and process.argv etc. as source for `js/regex-injection`
 2023-02-27 09:12:02 +01:00
Erik Krogh Kristensen
4ffe20ae75 Merge pull request #12189 from erik-krogh/more-export 
JS: also consider relative exports when finding library inputs
 2023-02-27 09:02:55 +01:00
Henry Mercer
eb1fe57590 Merge branch 'main' into codeql-ci/atm/release-0.4.8 2023-02-23 16:23:32 +00:00
github-actions[bot]
7e2b286f03 JS: Bump version of ML-powered library and query packs to 0.4.9 2023-02-23 16:12:23 +00:00
github-actions[bot]
e02368f6fa JS: Bump patch version of ML-powered library and query packs 2023-02-23 16:04:39 +00:00
erik-krogh
271cc6b961 remove lefterover debug comment 2023-02-17 09:50:22 +01:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Alex Ford
9cfd0f5f46 JS: fix qldoc 2023-02-16 11:00:37 +00:00
Alex Ford
1556b1a728 Merge branch 'main' into js-use-shared-cryptography 2023-02-15 17:13:53 +00:00
Alex Ford
1958b9dcd5 JS: add missing qldoc 2023-02-15 16:59:03 +00:00
Alex Ford
43af306d60 dynamic: more detailed qldoc for CryptographicOperation#getBlockMode() 2023-02-15 16:55:18 +00:00
Alex Ford
e8cbf7287d JS: breaking change note for CryptographicOperation sync 2023-02-15 16:50:24 +00:00
Alex Ford
925b4a3fa8 JS: improve documentation on deprecated CryptographicOperation#getInput() predicate 2023-02-15 16:23:46 +00:00