codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
erik-krogh	15416a9c86	fix getCanonicalCharClass in NfaUtils	2022-11-01 21:35:07 +01:00
erik-krogh	78e35e2f29	add failing test	2022-11-01 21:33:19 +01:00
Dave Bartolomeo	9d5e5e3ee7	`${workspace}` all the things	2022-11-01 13:29:05 -04:00
Dave Bartolomeo	49c4c554c4	Merge from `main`	2022-11-01 13:22:40 -04:00
erik-krogh	6f3ca40fed	expand the explanation to include with arguments make the commands vulnerable	2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen	8fd6424db9	fix the qhelp Co-authored-by: Asger F <asgerf@github.com>	2022-11-01 14:05:25 +01:00
Erik Krogh Kristensen	ff2a5e8c27	Merge pull request #10986 from erik-krogh/tsPerf JS: push more context into load/store steps from the exploratory flow-analysis	2022-11-01 09:03:24 +01:00
erik-krogh	5e5160d4fc	add which commands are flagged in the change-note	2022-10-31 21:42:59 +01:00
erik-krogh	fc2112831c	add second-order-command-injection query	2022-10-30 21:20:47 +01:00
erik-krogh	0a7e797090	update expected outputs after reordering tests	2022-10-28 10:16:21 +02:00
erik-krogh	946720f414	reorder the CWE-078 tests into subdirectories	2022-10-28 10:16:21 +02:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
Taus	503cc560cf	Merge pull request #10943 from bananabr/main Javascript/Python: Tokens built from predictable UUIDs	2022-10-27 14:12:34 +02:00
Jeroen Ketema	1d7efd8e82	Merge pull request #10905 from jsoref/spelling-code-scanning-product Spelling code scanning product	2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen	cecb498bf3	Merge pull request #10984 from tyage/add-next-js-source JS: Add Next.js parameters as source	2022-10-27 10:36:12 +02:00
tyage	c22f9443f2	Refactoring Next.js parameter Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:28:51 +09:00
tyage	e8b751ae17	Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:24:08 +09:00
tyage	ac27307a2b	Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:23:59 +09:00
tyage	54050bf1b6	update test result `XssWithAdditionalSources`	2022-10-27 10:23:37 +09:00
Dave Bartolomeo	23b572e9b7	Use `${workspace}` for intra-workspace dependencies Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release. Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.	2022-10-26 16:40:01 -04:00
Daniel Santos	63c71b7d09	Merge branch 'main' into main	2022-10-26 14:05:26 -05:00
Daniel Santos	64da2cec50	removed unnecessary getACall and fixed formatting	2022-10-26 12:02:55 -05:00
erik-krogh	0f9b4334cc	remove some FPs in `js/password-in-configuration-file`	2022-10-26 11:51:56 +02:00
erik-krogh	21e7e27e1f	push more context into load/store steps from the exploratory flow-analysis	2022-10-26 10:52:47 +02:00
Asger F	414bd40c41	JS: Do not track returned values out of the enclosing function	2022-10-26 09:29:49 +02:00
tyage	7a19744cf2	add change note	2022-10-26 15:17:50 +09:00
tyage	95dca7c3ed	update comment	2022-10-26 15:13:59 +09:00
tyage	09f8ca8cc0	add `query` in comment	2022-10-26 15:13:03 +09:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
Daniel Santos	f7ace6f801	Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-25 14:27:03 -05:00
Daniel Santos	feece6f7b4	Merge branch 'github:main' into main	2022-10-25 10:43:20 -05:00
Daniel Santos	5b080481aa	TokenBuiltFromUuid formatting	2022-10-25 09:51:48 -05:00
Daniel Santos	375edf7455	TokenAssignmentValueSink refactor	2022-10-25 09:50:04 -05:00
Alvaro Muñoz	9830d2bebc	Format Restify.qll	2022-10-25 12:53:44 +02:00
Henry Mercer	1dc14bcaee	Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.6	2022-10-25 10:54:08 +01:00
Alvaro Muñoz	a80b691358	Remove unnecessary TaggedTemplateEntryPoint	2022-10-25 11:44:45 +02:00
Alvaro Muñoz	37ea3f23f1	Refactored `ReplySource` to `ReplyCall`. Got rid of unnecessary `ref()`	2022-10-25 11:42:48 +02:00
github-actions[bot]	caf3a098c8	JS: Bump version of ML-powered library and query packs to 0.3.7	2022-10-25 09:12:00 +00:00
github-actions[bot]	5d100c8036	JS: Bump patch version of ML-powered library and query packs	2022-10-25 09:00:40 +00:00
Daniel Santos	a2ad924376	Minor formatting fixes	2022-10-24 09:38:17 -05:00
Alvaro Muñoz	742e4aa471	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-24 16:17:11 +02:00
Daniel Santos	066ffb7520	Tokens built from predictable UUIDs	2022-10-22 11:15:43 -05:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Josh Soref	ff6676e59b	spelling: normalize Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
Josh Soref	c5c9f4d746	spelling: dependencies Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
Alvaro Muñoz	c7ac237968	Update test results after merging new XSS improvements	2022-10-19 23:41:37 +02:00
Alvaro Muñoz	c10087b9a3	Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements	2022-10-19 22:18:29 +02:00

... 50 51 52 53 54 ...

10776 Commits