codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Asger F	7e3f89842d	JS: Provide more precise related locations	2025-02-11 14:12:03 +01:00
Asger F	102b187c35	JS: Ignore experimental queries for now	2025-01-23 12:53:18 +01:00
Asger F	dba76a0e4d	JS: Rerun patch query after bugfix	2025-01-23 10:31:32 +01:00
Asger F	fd763a0883	JS: Auto-patch diff informed queries	2025-01-20 11:20:27 +01:00
Asger F	079294e55f	JS: Mass rename to node1,state1,node2,state2 naming convention	2024-12-16 15:35:46 +01:00
Asger F	ebe596f227	JS: Migrate CorsPermissiveConfiguration	2024-12-16 15:35:39 +01:00
Asger F	d83ddfabaa	JS: Migrate an experimental CodeInjection query	2024-12-16 15:35:38 +01:00
Asger F	a398599bfb	JS: Rename an experimental query Having the same name as a standard query is just confusing	2024-12-16 15:35:36 +01:00
Asger F	b3461989b1	JS: Remove use of SanitizerGuardNode in experimental SSRF query Makes a quick effort attempt to restore the original behaviour, though it is not exactly the same due to lack of recursion.	2024-12-03 14:30:36 +01:00
Asger F	a574ff1669	JS: Remove use of MakeLegacyBarrierGuard in experimental SSRF	2024-12-03 14:30:28 +01:00
Asger F	75ab4856b8	Remove unsupported features from PoI	2024-12-03 14:30:25 +01:00
Asger F	834d35bc42	JS: Port experimental DecompressionBombs to ConfigSig	2024-12-03 14:30:21 +01:00
Asger F	871bc3b84a	JS: Port experimental CorsPermissiveConfiguration to ConfigSig The tests show a new (source, sink) pair for an already-flagged sink. Not sure why it was not flagged originally since the data flow path seems valid, given the steps provided by our models.	2024-12-03 14:30:20 +01:00
Asger F	f5a6485ef2	JS: Port experimental decodeJwtWithoutVerificationLocalSource	2024-12-03 14:30:19 +01:00
Asger F	72e522631d	JS: Port experimental jwtDecodeWithoutVerification to ConfigSig	2024-12-03 14:30:18 +01:00
Asger F	7e162f5451	JS: Port experimental EnvValueInjection to ConfigSig	2024-12-03 14:30:17 +01:00
Asger F	4f839070a0	JS: Port experimental EnvValueAndKeyInjection to ConfigSig	2024-12-03 14:30:16 +01:00
Asger F	8887ca1722	JS: Port an experimental CodeInjection variant to ConfigSig	2024-12-03 14:30:15 +01:00
Asger F	d52bc971b8	Merge branch 'main' into js/shared-dataflow-merge-main	2024-11-20 14:05:03 +01:00
Rasmus Wriedt Larsen	dc8e645594	JS: Convert remaining queries to use ActiveThreatModelSourceAsSource	2024-11-01 10:47:10 +01:00
Asger F	df64388d79	Merge branch 'main' into js/shared-dataflow-merge-main	2024-08-02 13:18:38 +02:00
Maiky	d0cf2a978c	Merge branch 'main' into maikypedia/javascript-cors	2024-06-27 20:24:42 +02:00
Asger F	ecf418b8f6	Merge branch 'main' into js/shared-dataflow	2024-06-25 11:48:41 +02:00
Erik Krogh Kristensen	db768960f4	Merge pull request #15060 from am0o0/amammad-js-envinjection JS: Env Injection query	2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen	555d7e5958	Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import JS: Dynamic import as code injection sink	2024-06-20 21:19:57 +02:00
am0o0	4e1f7a930d	fix invalid js file sample in qlhelp	2024-06-14 13:47:01 +02:00
am0o0	bb03a9faba	format the query file	2024-06-13 14:54:29 +02:00
am0o0	84b9d4d1ac	fix qlhelp errors	2024-06-13 14:32:41 +02:00
Maiky	8ba7ac678d	Update javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-06-12 19:38:13 +02:00
Maiky	4be5cf4e78	Update javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-06-12 19:38:02 +02:00
am0o0	9db334d02f	update select statement, update test cases	2024-06-07 21:26:20 +02:00
am0o0	5e0a78c4c7	make predicate for env key and value nodes, use propertyRead/Write instead of API nodes to find env key and value assignments, fix a bug thanks to @erik-krogh	2024-06-07 21:15:30 +02:00
am0o0	b9e3b3310e	update the remote flow based query thanks to @erik-krogh, update tests and separate the local and remote query tests	2024-06-07 06:01:49 +02:00
Am	af016f9416	Merge branch 'github:main' into amammad-js-JWT	2024-06-06 15:33:26 +03:30
am0o0	8258e377dd	use PascalCase for URLConstructorLabel	2024-06-06 14:00:56 +02:00
am0o0	d27a378008	change query-id to avoid duplicate ids	2024-06-06 13:59:58 +02:00
Am	e3e59e02e5	Merge branch 'github:main' into amammad-js-CodeInjection_dynamic_import	2024-06-04 16:22:06 +04:00
maikypedia	e96c3a36ad	Move `Apollo` to experimental	2024-05-27 12:24:48 +02:00
am0o0	1fc481ce81	v2: it is basically the first stable version :))	2024-05-25 20:43:36 +02:00
am0o0	14daf58767	update tests, add test cases for query with local sources	2024-05-25 18:17:56 +02:00
am0o0	b397f57357	change queries id according to new naming	2024-05-25 13:53:33 +02:00
am0o0	300c82a8ff	use Verification instead of validation in files name	2024-05-25 13:52:32 +02:00
am0o0	76beffb04a	change dir name	2024-05-25 13:49:34 +02:00
am0o0	f1533f40b6	change query files name	2024-05-25 13:49:01 +02:00
am0o0	d2d945c66d	merge all JWT pkgs into one	2024-05-25 13:47:43 +02:00
am0o0	4af4040bd6	change duplicate query IDs	2024-05-25 13:29:16 +02:00
am0o0	f905ac10c4	add jsonWebToken library file to remove duplicate predicate declrations	2024-05-25 13:28:13 +02:00
am0o0	c470c078dc	move to experimental	2024-05-21 22:42:16 +02:00
erik-krogh	c166cb406a	Merge branch 'main' into amammad-js-CodeInjection_execa	2024-05-21 08:48:12 +02:00
Asger F	5e7d1d5c2c	Merge branch 'main' into js/shared-dataflow-merged	2024-03-13 14:27:16 +01:00

1 2 3 4 5 ...

349 Commits