codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Asger F	4964d811a5	JS: Add interface for isBarrier in/out	2023-07-11 11:04:28 +02:00
Max Schaefer	63c45a0da3	Add another example of when and how to use shell-quote.	2023-07-10 14:02:17 +01:00
Asger F	8234b8f175	JS: Change note	2023-07-10 13:19:44 +02:00
Asger F	27085b1fd0	JS: Fix whitespace	2023-07-10 12:07:13 +02:00
Asger F	fe90146a16	JS: Add test for path.join with spread argument	2023-07-10 12:07:07 +02:00
Asger F	06bc0f6957	JS: Add test for fs/promises	2023-07-10 12:05:03 +02:00
github-actions[bot]	13cf054a9d	Post-release preparation for codeql-cli-2.14.0	2023-07-07 14:55:41 +00:00
Asger F	965ca169e5	JS: Recognise fs/promises	2023-07-07 14:14:49 +02:00
Asger F	d49359a95c	JS: Add step through spread arg to path.join()	2023-07-07 14:10:50 +02:00
github-actions[bot]	6484ee106e	Release preparation for version 2.14.0	2023-07-07 08:22:14 +00:00
Dave Bartolomeo	9631e9f2f1	Bump minor version numbers post-GHES	2023-07-06 10:10:01 -04:00
Dave Bartolomeo	2bb9adfbf1	Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10	2023-07-06 10:00:46 -04:00
Erik Krogh Kristensen	b2a60bf3d1	Merge pull request #13642 from erik-krogh/san-script JS/RB: Fix FP in incomplete-multi-character-sanitization	2023-07-06 15:38:39 +02:00
Max Schaefer	1d3e3440f2	Add example of manual sanitisation.	2023-07-06 12:54:30 +01:00
Max Schaefer	240e0799b0	Fix spurious character in code example.	2023-07-06 12:54:03 +01:00
Max Schaefer	83a854c3ff	Update javascript/ql/src/Security/CWE-078/IndirectCommandInjection.qhelp Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:47:06 +01:00
Max Schaefer	6fb41adc61	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-06 12:02:44 +01:00
Max Schaefer	f89992eb16	Address more review feedback.	2023-07-05 12:02:11 +01:00
Max Schaefer	921d8de8dc	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-07-05 11:19:30 +01:00
Max Schaefer	5fb6b5810f	Clarify that splitting arguments on space is not safe.	2023-07-04 15:58:37 +01:00
Max Schaefer	74af0b1f05	Improve command-injection example and provide a fixed version.	2023-07-04 15:58:37 +01:00
Chuan-kai Lin	6912f7ed3a	Merge pull request #13638 from cklin/remove-pragma-assume-small-delta Remove pragma[assume_small_delta]	2023-07-03 07:00:36 -07:00
Erik Krogh Kristensen	8676516cb9	recursively -> repeatedly Co-authored-by: Asger F <asgerf@github.com>	2023-07-03 13:17:13 +02:00
Asger F	4c9501eba5	Merge pull request #13529 from jorgectf/seclab/webix-modeling JS: Add models for `webix`	2023-07-03 12:03:18 +02:00
erik-krogh	3e2b8124c9	apply suggestions from review	2023-07-03 10:03:45 +02:00
erik-krogh	bea4162736	delete multi-char note from the `incomplete-sanitization` qhelp	2023-07-03 09:10:54 +02:00
erik-krogh	a60478ba8a	write qhelp for js/incomplete-multi-character-sanitization	2023-07-03 09:07:13 +02:00
erik-krogh	f9eee906cf	fix FP by requiring that the regular expression mention on of the chars important in the prefix	2023-07-01 20:30:09 +02:00
erik-krogh	bd400be6ec	add FP for incomplete-multi-char-sanitization	2023-07-01 20:28:31 +02:00
Chuan-kai Lin	ce464a7d69	Remove pragma[assume_small_delta]	2023-06-30 11:09:29 -07:00
amammad	6f34c3225b	Merge branch 'github:main' into amammad-python-WebAppsConstatntSecretKeys	2023-06-30 22:36:45 +10:00
amammad	816799c4ba	upgrade query to detect redash CVE too	2023-06-30 22:14:50 +10:00
github-actions[bot]	668aaa2dc8	Post-release preparation for codeql-cli-2.13.5	2023-06-30 08:51:48 +00:00
jorgectf	f1f3d8e18a	Add `dot.js`support Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>	2023-06-29 19:17:37 +02:00
Jorge	e210b0d0a7	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2023-06-29 16:06:34 +02:00
github-actions[bot]	9d7987f822	Release preparation for version 2.13.5	2023-06-29 09:26:18 +00:00
jorgectf	2ac334bf15	Adapt `Webix` modeling to support HTML use-cases	2023-06-28 15:26:30 +02:00
amammad	516fdf627a	update stream pipe	2023-06-28 00:09:39 +10:00
Kasper Svendsen	ab5e241310	Javascript: Enable implicit this warnings for remaining packs	2023-06-27 11:56:29 +02:00
amammad	c7a7594821	merge all ql files into one	2023-06-27 01:56:23 +10:00
jorgectf	1e663b8889	Update `HeuristicSourceCodeInjection.expected`	2023-06-26 13:32:20 +02:00
jorgectf	bb67a9000e	Fix `WebixTemplateSink`	2023-06-26 13:32:00 +02:00
Jorge	5bd044211e	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2023-06-26 13:27:23 +02:00
amammad	8a80a734d8	fix an accident :)	2023-06-26 20:20:00 +10:00
Rasmus Wriedt Larsen	0121263e03	Merge branch 'main' into python/enable-summaries-from-models	2023-06-26 11:34:12 +02:00
amammad	3bd45a8536	fix query identifier	2023-06-26 03:01:19 +10:00
amammad	effb8024a4	fix yargs bug	2023-06-25 23:30:24 +10:00
amammad	c16a2827d7	fix format warnings/errors	2023-06-25 23:24:12 +10:00
Jorge	08b9a5e2b2	Add missing `;`	2023-06-23 23:10:06 +02:00
Jorge	3c980db93a	Format `webix.js`	2023-06-23 18:08:01 +02:00

... 33 34 35 36 37 ...

10833 Commits