codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
github-actions[bot]	098dfb4242	Release preparation for version 2.14.3	2023-08-18 14:48:15 +00:00
Henry Mercer	1213eba630	Merge branch 'main' into post-release-prep/codeql-cli-2.14.2	2023-08-11 13:54:55 +01:00
erik-krogh	5ffce86768	change the defaults in the qhelp for missing-rate-limit to something more reasonable	2023-08-10 13:40:17 +02:00
github-actions[bot]	432c21d4fb	Post-release preparation for codeql-cli-2.14.2	2023-08-09 18:45:18 +00:00
github-actions[bot]	79c90fa36a	Release preparation for version 2.14.2	2023-08-07 18:08:52 +00:00
Erik Krogh Kristensen	6631e838cf	re-appearing -> reappearing Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>	2023-08-07 09:57:52 +02:00
Asger F	5950865b55	Merge pull request #13755 from github/max-schaefer/js-server-crash-help JavaScript: Improve qhelp for js/server-crash.	2023-08-03 10:04:08 +02:00
Max Schaefer	5124310f14	Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp Co-authored-by: Asger F <asgerf@github.com>	2023-08-01 17:03:05 +01:00
github-actions[bot]	f91b7a9342	Post-release preparation for codeql-cli-2.14.1	2023-07-21 16:16:25 +00:00
github-actions[bot]	c936a920b0	Release preparation for version 2.14.1	2023-07-20 16:32:27 +00:00
Max Schaefer	7823ff968c	JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.	2023-07-19 13:23:25 +01:00
Max Schaefer	9432fec612	JavaScript: Improve qhelp for js/server-crash. The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.	2023-07-17 14:44:23 +01:00
Asger F	d57276ca35	Merge pull request #13719 from asgerf/js/barrier-inout JS: Replace barrier edges with barrier nodes	2023-07-13 16:36:52 +02:00
erik-krogh	1fe66232c6	suggestions based on review: add a popular library example for HTML-sanitization, and use the old text about ../ replacements	2023-07-13 14:28:11 +02:00
Erik Krogh Kristensen	9db970f055	apply suggestion from review Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2023-07-13 14:17:33 +02:00
Max Schaefer	b8eb2ef8d8	Merge branch 'main' into max-schaefer/improve-command-injection-qhelp	2023-07-13 12:11:15 +01:00
Max Schaefer	ae237247f2	Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2023-07-13 12:10:57 +01:00
Asger F	c8af28c2ca	Merge pull request #13700 from asgerf/js/path-join-spread JS: Recognize 'fs/promises' alias and handle spread arguments in path.join()	2023-07-11 15:31:13 +02:00
Asger F	094302a27b	JS: Replace sanitizing prefix edge with node	2023-07-11 14:48:13 +02:00
Max Schaefer	63c45a0da3	Add another example of when and how to use shell-quote.	2023-07-10 14:02:17 +01:00
Asger F	8234b8f175	JS: Change note	2023-07-10 13:19:44 +02:00
github-actions[bot]	13cf054a9d	Post-release preparation for codeql-cli-2.14.0	2023-07-07 14:55:41 +00:00
github-actions[bot]	6484ee106e	Release preparation for version 2.14.0	2023-07-07 08:22:14 +00:00
Dave Bartolomeo	9631e9f2f1	Bump minor version numbers post-GHES	2023-07-06 10:10:01 -04:00
Dave Bartolomeo	2bb9adfbf1	Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10	2023-07-06 10:00:46 -04:00
Max Schaefer	1d3e3440f2	Add example of manual sanitisation.	2023-07-06 12:54:30 +01:00
Max Schaefer	240e0799b0	Fix spurious character in code example.	2023-07-06 12:54:03 +01:00
Max Schaefer	83a854c3ff	Update javascript/ql/src/Security/CWE-078/IndirectCommandInjection.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:47:06 +01:00
Max Schaefer	6fb41adc61	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:02:44 +01:00
Max Schaefer	f89992eb16	Address more review feedback.	2023-07-05 12:02:11 +01:00
Max Schaefer	921d8de8dc	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-05 11:19:30 +01:00
Max Schaefer	5fb6b5810f	Clarify that splitting arguments on space is not safe.	2023-07-04 15:58:37 +01:00
Max Schaefer	74af0b1f05	Improve command-injection example and provide a fixed version.	2023-07-04 15:58:37 +01:00
Erik Krogh Kristensen	8676516cb9	recursively -> repeatedly Co-authored-by: Asger F <asgerf@github.com>	2023-07-03 13:17:13 +02:00
erik-krogh	3e2b8124c9	apply suggestions from review	2023-07-03 10:03:45 +02:00
erik-krogh	bea4162736	delete multi-char note from the `incomplete-sanitization` qhelp	2023-07-03 09:10:54 +02:00
erik-krogh	a60478ba8a	write qhelp for js/incomplete-multi-character-sanitization	2023-07-03 09:07:13 +02:00
amammad	816799c4ba	upgrade query to detect redash CVE too	2023-06-30 22:14:50 +10:00
github-actions[bot]	668aaa2dc8	Post-release preparation for codeql-cli-2.13.5	2023-06-30 08:51:48 +00:00
github-actions[bot]	9d7987f822	Release preparation for version 2.13.5	2023-06-29 09:26:18 +00:00
amammad	516fdf627a	update stream pipe	2023-06-28 00:09:39 +10:00
amammad	c7a7594821	merge all ql files into one	2023-06-27 01:56:23 +10:00
amammad	8a80a734d8	fix an accident :)	2023-06-26 20:20:00 +10:00
amammad	3bd45a8536	fix query identifier	2023-06-26 03:01:19 +10:00
amammad	effb8024a4	fix yargs bug	2023-06-25 23:30:24 +10:00
amammad	c16a2827d7	fix format warnings/errors	2023-06-25 23:24:12 +10:00
amammad	307187f6c1	V1	2023-06-23 06:06:37 +10:00
Henry Mercer	5afdaf8fe1	Merge pull request #13525 from github/rc/3.10 Merge `rc/3.10` back to `main`	2023-06-21 17:13:36 +01:00
Adrien Pessu	e332a4348d	Update javascript/ql/src/Security/CWE-798/HardcodedCredentials.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-21 12:55:33 +01:00
Adrien Pessu	4d1bbe36a9	Merge branch 'main' into main	2023-06-21 09:11:57 +01:00

... 8 9 10 11 12 ...

6144 Commits