hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

9958 Commits

Author SHA1 Message Date
github-actions[bot]
2d64a618e6 Release preparation for version 2.20.7 2025-03-17 12:15:54 +00:00
github-actions[bot]
58f355ae5a Post-release preparation for codeql-cli-2.20.6 2025-03-03 18:18:15 +00:00
Chuan-kai Lin
17acb31f65 JS: Fix changelog formatting 2025-03-03 09:19:01 -08:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Asger F
ff36d1916f Merge pull request #18810 from asgerf/js/test-related-locations 
Test: Add support for RelatedLocation tag and use in a JS query
 2025-02-25 16:40:41 +01:00
Asger F
baa7e35589 Merge pull request #18834 from Napalys/js/tanstack 
JS: Support 'response' threat model and @tanstack/react-query
 2025-02-25 16:16:06 +01:00
Napalys
3360829a58 Updated change note with response threat model info. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 15:22:14 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Anders Schack-Mulligen
b2a595596b JS: Remove irrelevant comment. 2025-02-25 11:33:16 +01:00
Anders Schack-Mulligen
449150e6b5 JS: Accept fixed FP flow. 2025-02-25 10:42:21 +01:00
Anders Schack-Mulligen
57c4fd6f25 JS: Combine phi reads and ssa input nodes into SynthReadNode class. 2025-02-25 09:23:53 +01:00
Anders Schack-Mulligen
1af753cd0c JS: Use shared barrier guard for falsy check. 2025-02-24 13:00:06 +01:00
Anders Schack-Mulligen
09b2aeb53a SSA: Replace use-use step implementation in data-flow integration. 2025-02-24 10:58:14 +01:00
Anders Schack-Mulligen
4e515bc2f5 JS: Remove reference to isInputInto 2025-02-21 14:48:24 +01:00
Asger F
cd2c4d5e3a JS: Use post-processed inline test in MissingCsrfMiddleware 
This query flags the cookie-parsing middleware in order to consolidate huge numbers of alerts into a single alert, which is more manageable. But simply annotating the cookie-parsing middleware with 'Alert' isn't a very useful, we want to annotate which middlewares are vulnerable.
 2025-02-21 14:44:46 +01:00
Napalys
3587ba593a Add change note and added tanstack to supported framework list 2025-02-21 13:47:48 +01:00
Napalys
ab0241c1de Added missing doc strings for Tanstack queries 2025-02-21 13:32:49 +01:00
Napalys
1227a7eedc Add Tanstack framework support and enhance data flow tracking for fetch responses 2025-02-21 13:24:00 +01:00
Napalys
05690c21ed Added a test for tanstack/react-query useQuery 2025-02-21 13:24:00 +01:00
Asger F
a1b7096125 Merge pull request #18783 from asgerf/js/downward-calls 
JS: Resolve calls downward in class hierarchy
 2025-02-20 09:01:58 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00
Asger F
ad4522c781 JS: Make 'typeStrongerThan' transitive 2025-02-18 16:04:48 +01:00
Asger F
e40ee821c2 JS: Update a qldoc comment 2025-02-18 16:02:47 +01:00
Asger F
24e7aad6ba JS: Overriden -> Overridden 2025-02-18 09:51:13 +01:00
Asger F
82a4b17218 JS: Change note 2025-02-18 09:43:08 +01:00
Asger F
e610683377 JS: Linter fix 2025-02-18 09:25:23 +01:00
Asger F
c958702830 JS: Accept some unproblematic consistency warnings 2025-02-17 20:30:07 +01:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Asger F
a54f0a74f1 JS: Target post-update node instead of getALocalSource 
getAPropertyWrite() contains getALocalSource() under the the hood. Don't rely on that to find the successor of a mutation.
 2025-02-17 15:00:02 +01:00
Asger F
6e074c301f JS: Port lodash callback steps to flow summaries 
Not all of lodash, just the callbacks we already modeled plus a few easy ones
 2025-02-17 14:54:45 +01:00
Erik Krogh Kristensen
7fa41c438f Merge pull request #18794 from erik-krogh/v-flag 
JS: Add support for the regex V flag
 2025-02-17 13:56:48 +01:00
Asger F
4e325d9f1c JS: Convert some exception steps to legacy 2025-02-17 11:53:50 +01:00
Asger F
08b9d934c0 JS: Add a negative test 2025-02-17 11:37:44 +01:00
Asger F
352924fb8c JS: Handle a few other stringification contexts 2025-02-17 11:36:28 +01:00
Asger F
33ab7db98a JS: Handle Array.prototype.toString calls 2025-02-17 11:25:03 +01:00
Asger F
a74b203c86 JS: Add test with implicit array stringification 2025-02-17 11:21:46 +01:00
Asger F
d87534c7d0 JS: Model Array#toString 2025-02-17 11:13:36 +01:00
Asger F
e8d1703224 JS: Add test for flow through Buffer.concat 
This flow was lost since the existing model of concat() boxes its return value in ArrayElement. There is no explicit model of Buffer.concat.
 2025-02-17 11:12:51 +01:00
Asger F
d79f429978 JS: Update changes to nodes/edges/subpaths 
No changes in actual alerts
 2025-02-17 10:36:05 +01:00
Asger F
0ca9b2285b Merge pull request #18740 from asgerf/js/more-precise-diff-informed 
JS: Provide more precise related locations
 2025-02-17 10:27:15 +01:00
Asger F
b8f48aa711 JS: Change note 2025-02-17 10:24:57 +01:00
Asger F
97eb09fef8 JS: Accept updated test output 2025-02-17 10:19:49 +01:00
erik-krogh
6ebffd59f6 add change-note 2025-02-16 19:23:44 +01:00
erik-krogh
01d70a6d73 add test of the new v flag 2025-02-16 19:01:02 +01:00
Napalys
3ec038e7b6 JS: Added predicate to check if v flag is used on regular expression 2025-02-16 18:31:08 +01:00