hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

10833 Commits

Author SHA1 Message Date
Asger F
ae2a1c7399 JS: Change note 2023-08-23 13:39:56 +02:00
Asger F
d8462ad1b3 JS: Add a file size limit to extractor 2023-08-23 09:54:55 +02:00
Asger F
bc47646a79 JS: Move getMegabyteCountFromPrefixedEnv into a shared place 2023-08-23 09:54:55 +02:00
Asger F
dec6039469 JS: Follow immediate predecessors in path resolution 2023-08-23 09:53:51 +02:00
Max Schaefer
87364137df Use more sensible validator in example. 2023-08-21 15:14:01 +01:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Erik Krogh Kristensen
6a3b9e10eb Merge pull request #13914 from erik-krogh/escape-unicode 
ReDoS: escape unicode chars in the output for the ReDoS queries
 2023-08-15 11:21:21 +02:00
Henry Mercer
1213eba630 Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
erik-krogh
5ffce86768 change the defaults in the qhelp for missing-rate-limit to something more reasonable 2023-08-10 13:40:17 +02:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
erik-krogh
0bce42410a support arbitrary codepoints in NfaUtils.qll 2023-08-08 22:14:51 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Erik Krogh Kristensen
6631e838cf re-appearing -> reappearing 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2023-08-07 09:57:52 +02:00
Asger F
213cabccc0 JS: Test with file more extensions 2023-08-04 14:24:51 +02:00
Asger F
ea2ddf8905 JS: Do not parse the initial ! or = as part of the template expression 2023-08-04 14:24:38 +02:00
Kevin Stubbings
a36a555b7a Quick change 2023-08-04 00:59:28 -07:00
Kevin Stubbings
9f4389cbb5 Search for html.dot extension instead of dot 2023-08-04 00:55:51 -07:00
Asger F
5950865b55 Merge pull request #13755 from github/max-schaefer/js-server-crash-help 
JavaScript: Improve qhelp for js/server-crash.
 2023-08-03 10:04:08 +02:00
Asger F
c38cbe859d Merge pull request #13737 from asgerf/dynamic/fuzzy-models 
Dynamic: add Fuzzy token
 2023-08-03 09:58:24 +02:00
Max Schaefer
5124310f14 Update javascript/ql/src/Security/CWE-730/ServerCrash.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2023-08-01 17:03:05 +01:00
Jeongsoo Lee
1d5eb4a960 Update javascript/ql/lib/change-notes/2023-07-28-mad-log-injection.md 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-31 15:38:35 -07:00
Jeongsoo Lee
4529d8b75a Add support for log injection in MaD 2023-07-28 22:37:56 +00:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Max Schaefer
7823ff968c JavaScript: Improve query help for js/server-side-unvalidated-url-redirection. 2023-07-19 13:23:25 +01:00
Max Schaefer
9432fec612 JavaScript: Improve qhelp for js/server-crash. 
The examples now use `fs.access` instead of the deprecated `fs.exists`. I have also rewritten the async/await example, since as of Node.js v15 the default behaviour for uncaught exceptions has changed to terminating the process instead of logging a warning, making the previous advice incorrect.
 2023-07-17 14:44:23 +01:00
Asger F
d57276ca35 Merge pull request #13719 from asgerf/js/barrier-inout 
JS: Replace barrier edges with barrier nodes
 2023-07-13 16:36:52 +02:00
erik-krogh
1fe66232c6 suggestions based on review: add a popular library example for HTML-sanitization, and use the old text about ../ replacements 2023-07-13 14:28:11 +02:00
Erik Krogh Kristensen
9db970f055 apply suggestion from review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2023-07-13 14:17:33 +02:00
Asger F
f3fab587a9 JS: Add Fuzzy token in identifying access path 2023-07-13 14:01:06 +02:00
Asger F
7c9e1ad6ec JS: Fix accidental recursion in Vue model 
The API graph entry point depended on API::Node.

This was due to depending on the the TComponent newtype which has a branch that depends on API::Node
 2023-07-13 13:41:21 +02:00
Max Schaefer
b8eb2ef8d8 Merge branch 'main' into max-schaefer/improve-command-injection-qhelp 2023-07-13 12:11:15 +01:00
Max Schaefer
ae237247f2 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-07-13 12:10:57 +01:00
Rasmus Lerchedahl Petersen
02c41f3dcf JavaScript: Use shared library for serverless 2023-07-12 16:46:34 +02:00
Asger F
c7abd4c2af JS: Remove the unused edge-sanitizer hook in UnvalidatedDynamicMethodCall 2023-07-12 09:26:37 +02:00
Asger F
c8af28c2ca Merge pull request #13700 from asgerf/js/path-join-spread 
JS: Recognize 'fs/promises' alias and handle spread arguments in path.join()
 2023-07-11 15:31:13 +02:00
Asger F
1a395c5b34 JS: Use sanitizerOut in PrototypePollutingAssignment 2023-07-11 15:24:10 +02:00
Asger F
03bdebe3b3 JS: Update a test. 
The test had a bug on the line `src = src` so the new code is "more equivalent than usual"
 2023-07-11 15:24:09 +02:00
Asger F
b09ed4b0e3 JS: Update UnsafeJQueryPlugin 2023-07-11 15:01:33 +02:00
Asger F
a1d8a05bcb JS: Update ResourceExhaustion 2023-07-11 14:56:53 +02:00
Asger F
58a557b18e JS: Update InsecureRandomness 2023-07-11 14:56:43 +02:00
Asger F
e863e2376d JS: Use sanitizerIn in ExtenralAPIUsedWithUntrustedData 2023-07-11 14:50:29 +02:00
Asger F
094302a27b JS: Replace sanitizing prefix edge with node 2023-07-11 14:48:13 +02:00
Asger F
944a2ca825 JS: Replace ClearTextLogging::isSanitizerEdge with a node 2023-07-11 14:20:17 +02:00
Asger F
68584e549e JS: Replace isOptionallySanitizedEdge with a node 2023-07-11 12:57:33 +02:00
Asger F
3691b836cb JS: Add tests 2023-07-11 11:37:30 +02:00
Asger F
0841677b14 JS: Add isSanitizerX variants in TaintTracking 2023-07-11 11:14:37 +02:00
Asger F
d53beb3784 JS: Embed check for in/out barriers in edge barrier check 2023-07-11 11:04:28 +02:00