codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	7cef4322e7	add model for chownr	2022-06-29 22:09:23 +02:00
Andrew Eisenberg	fbeecd6c08	Merge pull request #9744 from github/aeisenberg/move-contextual-queries	2022-06-29 11:44:33 -07:00
Andrew Eisenberg	7864a7580e	Fix import statements	2022-06-29 10:22:45 -07:00
Andrew Eisenberg	ddf06f8617	Add change notes and qldoc for moved files	2022-06-29 10:03:12 -07:00
Andrew Eisenberg	a3f4d1bf66	Move contextual queries from src to lib With this change, users are now able to run View AST command in vscode within vscode workspaces that do not include the core libraries. The relevant core library only needs to be installed in the package cache.	2022-06-29 07:51:26 -07:00
Erik Krogh Kristensen	0e4954a68c	add navigation.navigate as an XSS / URL sink	2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen	b81251865f	Merge pull request #9716 from erik-krogh/htmlTypeSan JS: sanitize non-strings from html-constructed-from-input	2022-06-28 17:31:00 +02:00
Erik Krogh Kristensen	112caa3f5d	rewrite qldoc based on review	2022-06-28 13:23:44 +02:00
Asger F	c33690381e	JS: Add explicit 'this'	2022-06-28 10:21:44 +02:00
Asger F	c1a2e2abe0	JS: Rename to `isLikelyCaseSensitiveRegExp`	2022-06-28 10:21:33 +02:00
Asger F	fd28397056	JS: Fix typo	2022-06-28 10:10:23 +02:00
Asger F	9cf48fc804	JS: Clarify that strings are case insensitive by default	2022-06-28 10:09:56 +02:00
Asger F	b1251f0c63	JS: invertCase -> toOtherCase	2022-06-28 10:07:57 +02:00
Erik Krogh Kristensen	a343ceaf8b	add suspicious-regexp-range query	2022-06-28 09:49:27 +02:00
Asger F	cc57cb8af5	Merge branch 'main' into post-release-prep/codeql-cli-2.10.0	2022-06-27 20:37:25 +02:00
Asger F	3c9e743495	JS: Add change note	2022-06-27 16:16:38 +02:00
Asger F	17d139c87d	JS: Add qhelp	2022-06-27 16:14:30 +02:00
Erik Krogh Kristensen	34e7589844	sanitize non-strings from unsafe-html-construction	2022-06-27 13:53:44 +02:00
Asger F	c8b2be616f	JS: Bump extractor version string	2022-06-27 13:52:44 +02:00
Asger F	c082578688	JS: Always sniff file type of TypeScript files	2022-06-27 13:48:00 +02:00
Asger F	d92430b0e7	JS: Fix FP from char class	2022-06-27 09:08:37 +02:00
Asger F	9e4116618a	JS: Add CaseSensitiveMiddlewarePath query	2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen	28ac47689f	changes based on reviews	2022-06-24 13:11:46 +02:00
github-actions[bot]	d506f448ef	Post-release preparation for codeql-cli-2.10.0	2022-06-24 07:36:33 +00:00
Asger F	f5a19a1013	JS: Fix unused variable FP in template placeholders	2022-06-23 19:26:32 +02:00
Erik Krogh Kristensen	724721c5c8	fix typo	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	22871138c6	simplify the recursion between `TTrace` and `isReachableFromStartTuple` similar to the fix made by Shack in `ExponentialBackTracking.qll`	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	be37763125	improve performance of `process()` by pruning accept states early	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	bf20b7dfc5	add change note for the ReDoS renamings	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	14204be2f9	add missing qldoc	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3bea7df45d	add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	2e4c2df67e	move the JS ReDoS test to a more appropriate folder	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	13482fc97b	rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp"	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	6b0df9bdfb	refactor the concretize algorithm	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dbeae9aefb	make a parameterized module out of the RegexpMatching implementation	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	7fb3d81d2f	add further normalization of char classses	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3be4a86acd	make ReDoSPruning into a parameterized module	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dc06e9df02	move predicates that depend on isReDoSCandidate into a ReDoSPruning module	2022-06-23 14:36:24 +02:00
github-actions[bot]	a74051c658	Release preparation for version 2.10.0	2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen	3248f7b423	Merge pull request #9649 from RasmusWL/certificate-modeling Python/JS/Ruby: Ignore common words (like certain) as sensitive data source	2022-06-23 12:04:58 +02:00
Asger F	90c2b6e47f	JS: Downgrade ast_node_symbol relation	2022-06-23 10:17:28 +02:00
Erik Krogh Kristensen	08e4c8b195	Merge pull request #9634 from erik-krogh/jqueryParam JS: add all jquery plugin parameters as source to js/html-constructed-from-input	2022-06-23 08:57:20 +02:00
Nick Rolfe	d91e8a6309	JS: create downgrades pack	2022-06-22 17:31:49 +01:00
Rasmus Wriedt Larsen	876ba71d9b	Python/JS/Ruby: Add change-note	2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen	2ce4b7b9fc	SensitiveDataHeuristics: sync	2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen	e1c34c11ed	add all jquery plugin parameters as source to js/html-constructed-from-input	2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen	dde7e9e2e8	add test for jquery plugin parameters in js/html-constructed-from-input	2022-06-21 13:21:57 +02:00
Edoardo Pirovano	70dbd92e25	Bump minor version of all regularly released packs	2022-06-21 11:22:58 +01:00
Edoardo Pirovano	ad02b85efa	Merge branch `main` into `rc/3.6`	2022-06-21 11:15:25 +01:00
Asger F	b46ba896dd	Merge pull request #9616 from asgerf/js/without-prop-step-await JS: Add withoutPropStep and model raw 'await' step with it	2022-06-21 09:06:01 +02:00

... 60 61 62 63 64 ...

10776 Commits