codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Arthur Baars	15c54f6100	Merge pull request #8354 from aibaars/incomplete-url-string-sanitization Incomplete url string sanitization	2022-03-31 10:59:51 +02:00
Erik Krogh Kristensen	cf94c93b1a	Merge pull request #8481 from erik-krogh/schemeChain JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check	2022-03-25 11:13:10 +01:00
Erik Krogh Kristensen	47a9376e81	fix bad join in js/unreachable-method-overloads	2022-03-24 16:09:10 +01:00
Arthur Baars	65f8f56095	Merge branch 'main' into incomplete-url-string-sanitization	2022-03-24 11:27:30 +01:00
github-actions[bot]	a3e74efc21	Post-release preparation for codeql-cli-2.8.4	2022-03-21 19:36:47 +00:00
github-actions[bot]	dedc8c2254	Release preparation for version 2.8.4	2022-03-21 13:25:49 +00:00
CodeQL CI	b04c46f96d	Merge pull request #8478 from asgerf/js/store-load-flow-context-sensitivity-bug Approved by erik-krogh	2022-03-21 08:54:51 +00:00
Arthur Baars	bf888f0f0b	Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization Conflicts: config/identical-files.json javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll	2022-03-18 16:09:20 +01:00
Arthur Baars	4a27928728	Ruby/JS add missing ^ in qhelp	2022-03-18 14:00:10 +01:00
Arthur Baars	431b60506e	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-18 13:05:34 +01:00
Asger Feldthaus	26b7edccd4	JS: Change note	2022-03-18 11:59:36 +01:00
Erik Krogh Kristensen	235aa9c24e	recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check	2022-03-18 10:37:20 +01:00
Erik Krogh Kristensen	daed33f5af	JS: fix more instances of `ql/missing-parameter-qldoc`	2022-03-16 22:58:28 +01:00
Erik Krogh Kristensen	efba220b45	JS: fix most `ql/missing-parameter-qldoc` issues	2022-03-16 22:56:52 +01:00
Erik Krogh Kristensen	f083e87fa1	refactor the `js/xss` query to use three flowlabels and one configuration	2022-03-16 22:32:08 +01:00
Arthur Baars	ab93b3784b	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen	2442beaf9a	add missing severities to JS queries	2022-03-16 10:40:34 +01:00
Erik Krogh Kristensen	195ce9c58a	add some API-nodes to js/disabling-certificate-validation	2022-03-14 21:33:13 +01:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen	7d6700a943	Merge branch 'main' into depMore	2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen	54760081dc	add pointers to the qldoc of deprecated predicates	2022-03-14 10:10:38 +01:00
Erik Krogh Kristensen	4fc85a791d	deprecate DefiningIdentifier, it was not used in any query	2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen	9cf0a94e4d	use some Sanitizer classes that were unused in the query code	2022-03-13 23:54:53 +01:00
Arthur Baars	cf4b834536	Address comments	2022-03-11 14:25:34 +01:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
github-actions[bot]	3a5ebbb861	Post-release preparation for codeql-cli-2.8.3	2022-03-11 09:23:34 +00:00
github-actions[bot]	6b194bc55f	Release preparation for version 2.8.3	2022-03-10 19:43:58 +00:00
Arthur Baars	747c7f6b5e	JS/Ruby: share implementation of IncompleteUrlSubstringSanitization query	2022-03-09 12:11:14 +01:00
Erik Krogh Kristensen	4734f1916e	Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred QL: field only used in charPred	2022-03-08 11:25:57 +01:00
Arthur Baars	98f56f4d60	Js/Ruby: Share IncompleteHostnameRegExp.ql	2022-03-07 16:10:08 +01:00
Arthur Baars	9e8930c192	Ruby: IncompleteHostnameRegExp.ql	2022-03-07 16:10:08 +01:00
github-actions[bot]	980f822983	Post-release preparation for codeql-cli-2.8.2	2022-03-01 09:24:30 +00:00
github-actions[bot]	20fe22c8c8	Release preparation for version 2.8.2	2022-02-24 14:57:08 +00:00
CodeQL CI	62ee8fce3a	Merge pull request #8186 from asgerf/js/request-forgery-docs-followup Approved by esbena, hubwriter	2022-02-23 11:46:37 +00:00
Stephan Brandauer	a664e02d04	Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source JS: Functionality from untrusted sources query (CWE-830)	2022-02-23 12:45:31 +01:00
Stephan Brandauer	1ed71e15f3	apply docreview feedback	2022-02-23 11:21:22 +01:00
Asger Feldthaus	22ba43fff6	JS: Minor fixup in the client-side request forgery qhelp	2022-02-23 10:54:26 +01:00
Stephan Brandauer	c17d8b145a	Merge pull request #8054 from asgerf/js/split-request-forgery JS: split request forgery query into server-side and client-side variants	2022-02-23 10:27:16 +01:00
Erik Krogh Kristensen	73f2e89f3e	Merge pull request #8165 from erik-krogh/protoWrite JS: support more property writes in js/prototype-pollution-utility	2022-02-22 21:30:22 +01:00
Erik Krogh Kristensen	517e17d422	support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite	2022-02-22 13:23:34 +01:00
Stephan Brandauer	2278e7f6e6	CWE 830 polish error messages	2022-02-22 11:41:54 +01:00
Stephan Brandauer	82330391c3	CWE-830 add support for setting attributes via setAttribute method	2022-02-22 11:41:54 +01:00
Stephan Brandauer	d80cd1aeb5	CWE 830 test where both branches in a ternary are unsafe	2022-02-22 11:41:53 +01:00
Stephan Brandauer	2934aa1a3a	rewrite docs, improve error messages, etc	2022-02-22 11:41:53 +01:00
Stephan Brandauer	d2335b65d5	stylistic improvements after review	2022-02-22 11:41:53 +01:00
Stephan Brandauer	9aec4437e2	polish qhelp for CWE-830 and add test file	2022-02-22 11:41:53 +01:00
Stephan Brandauer	44d86569ac	remove illegal chars from comments	2022-02-22 11:41:53 +01:00
Stephan Brandauer	fd77e27ed9	replace taint tracking by type tracking and merge remaining queries for CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	8cafa6d562	improve error message in CWE-830	2022-02-22 11:41:53 +01:00
Stephan Brandauer	780fa97869	always require integrity checking for certain CDNs	2022-02-22 11:41:53 +01:00

... 18 19 20 21 22 ...

6144 Commits