hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

10833 Commits

Author SHA1 Message Date
Max Schaefer
aff848b038 Update javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-10-26 13:06:52 +01:00
Max Schaefer
2c7291336d Move test files into right directory. 2023-10-26 12:16:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
Cornelius Riemenschneider
790615fbc2 Merge pull request #14552 from github/criemen/bazel-js 
Javascript extractor: Bazel-based build
 2023-10-24 19:36:39 +02:00
Cornelius Riemenschneider
42c343e820 Address review 2023-10-24 16:03:35 +02:00
amammad
e3dbdc3887 add custom query builder and active record querybuilder support 2023-10-22 21:39:59 +02:00
Cornelius Riemenschneider
9ba32a0440 Add bazel-based build for the Javascript extractor. 2023-10-20 16:23:50 +02:00
Cornelius Riemenschneider
de85f2bbf8 Fix errorprone violations. 2023-10-20 16:23:35 +02:00
Erik Krogh Kristensen
f562d5319f Merge pull request #14539 from flyboss/main 
fix typo ('Configration' to ‘Configuration’)
 2023-10-20 14:10:42 +02:00
flyboss
ee813c1e61 Update UnsafeHtmlConstructionQuery.qll 
add a deprecated alias in case anyone depends on the misspelled name.
 2023-10-20 17:57:23 +08:00
amammad
ee4d87bd96 remove hardcoded JWT secret-key query 2023-10-19 11:57:53 +02:00
amammad
8e0f52cebc remove noverification query 2023-10-19 11:57:06 +02:00
flyboss
86336565eb fix typo 2023-10-19 02:34:31 +00:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
amammad
7891e64d3e add sanitizers to hardcoded query 2023-10-17 10:37:27 +02:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00
Maiky
acac534ed0 Forgot .js 2023-10-16 19:29:57 +02:00
Maiky
07ad596f77 Add coverage for express 2023-10-16 16:48:32 +02:00
Arthur Baars
0e3369f93f Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
erik-krogh
69c3e62965 add change-note 2023-10-13 15:16:39 +02:00
Asger F
a02ab2ad88 JS: Port heuristic versions of standard queries 2023-10-13 13:15:08 +02:00
Asger F
3c7c5377ec JS: Add content approximation 
This seems to fix a performance issue for RegExpInjection in angular
 2023-10-13 13:15:08 +02:00
Asger F
5775fe6d6e JS: Use TAnyType in FlowSummaryPrivate 2023-10-13 13:15:08 +02:00
Asger F
9faf300dd0 JS: Use type-pruning to restrict callback flow 2023-10-13 13:15:08 +02:00
Asger F
e738b5d125 JS: Expand callback test case 
Type-based pruning is confused by the different tests being interleaved, so we additionally want to have a test that is independent from the other parts of this test.
 2023-10-13 13:15:08 +02:00
Asger F
d3f5169e66 JS: Lower field-flow branch limit on Polynomial ReDoS 2023-10-13 13:15:08 +02:00
Asger F
51dec79401 JS: Lower access path limit to 2 2023-10-13 13:15:08 +02:00
Asger F
24bab27ffe JS: Add TODO for dynamic import step 2023-10-13 13:15:08 +02:00
Asger F
7c5eb89491 JS: Add tests for captured 'this' (genuine FN) 2023-10-13 13:15:08 +02:00
Asger F
98c79e7674 JS: Update test output showing lack of global flow (geniune FN) 2023-10-13 13:15:08 +02:00
Asger F
9b46c4596c JS: Update HeuristicSoruceCodeInjection test 2023-10-13 13:15:08 +02:00
Asger F
bab639f23c JS: Update ReflectedXssWithCustomSanitizer test 2023-10-13 13:15:08 +02:00
Asger F
85e8998067 JS: Update ImportEquals test 2023-10-13 13:15:08 +02:00
Asger F
2eff07f476 JS: Update TaintTracking test 2023-10-13 13:15:08 +02:00
Asger F
b5ad36686e JS: Block flow into window.location 2023-10-13 13:15:08 +02:00
Asger F
75c915b2a3 JS: Update Spife test 2023-10-13 13:15:07 +02:00
Asger F
c2f66c0f93 JS: Update Restify2 test 2023-10-13 13:15:07 +02:00
Asger F
b304fb4337 JS: Reorder result sets in ReactJS test output 2023-10-13 13:15:07 +02:00
Asger F
32eddd3c07 JS: Update ReactJS test output 2023-10-13 13:15:07 +02:00
Asger F
b8a0afbb9f JS: Make overriding ConsistencyChecking.getATestFile() optional 2023-10-13 13:15:07 +02:00
Asger F
6c9f4a10ac JS: Port TaintBarriers test 2023-10-13 13:15:07 +02:00
Asger F
e5946bf43b JS: Port HeuristicSource test 2023-10-13 13:15:07 +02:00
Asger F
771519bbc5 JS: Port Routing test 2023-10-13 13:15:07 +02:00
Asger F
2364bd84e0 JS: Fix whitespace in a test (trivial change) 2023-10-13 13:15:07 +02:00
Asger F
98d1bb3826 JS: Reorder result sets in a test (trivial change) 2023-10-13 13:15:07 +02:00
Asger F
81bd292a16 JS: Port Promises test 
Result changes are benign
 2023-10-13 13:15:07 +02:00
Asger F
dd8a24c6c0 JS: Port LabelledBarrierGuards test 2023-10-13 13:15:07 +02:00
Asger F
458f0a077c JS: Port InterProceduralFlow test 
All the new results are benign
 2023-10-13 13:15:07 +02:00
Asger F
0d10aba67d Revert "JS: Add global post-update steps" 
This resulted in huge performance issues from too much global flow
 2023-10-13 13:15:07 +02:00
Asger F
50aace3fa3 JS: Add global post-update steps 2023-10-13 13:15:07 +02:00