hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

10835 Commits

Author SHA1 Message Date
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Cornelius Riemenschneider
97fd2033f1 Take our node, not the one that comes first on the PATH. 2023-11-09 22:00:00 +01:00
Cornelius Riemenschneider
b4ec13235d Address review. 2023-11-09 09:40:29 +01:00
Cornelius Riemenschneider
6b37d2009b Merge branch 'main' into criemen/js-bazel 2023-11-08 16:11:47 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Erik Krogh Kristensen
f643fd7d74 Merge pull request #14716 from erik-krogh/invalid-main 
JS: catch when the main: path is invalid on Windows
 2023-11-08 08:33:58 +01:00
Geoffrey White
b63294764b Merge pull request #14705 from geoffw0/qhelplink 
Fix a dead ReDoS link in docs
 2023-11-07 17:40:19 +00:00
erik-krogh
ae577d1e44 catch when the main: path is invalid on Windows 2023-11-07 17:42:21 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
0652afced3 update tests, updated qldoc and examples, upgrade all libraries to path-problem, update jsonwebtoken source and sinks 2023-11-07 08:25:25 +01:00
Jorge
b08d57a85f Add {{! to TEMPLATE_EXPR_OPENING_TAG 2023-11-06 20:40:00 +00:00
Cornelius Riemenschneider
be02512dfe Add a build system for the junit tests. 
This is a bit more complicated than our usual setup, as we both need to
unzip the typescript parser wrapper, and make node accessible on the path.
 2023-11-06 17:58:28 +01:00
amammad
36f0a78450 fix typeorm test.ts according to Review 2023-11-06 16:23:35 +01:00
amammad
d7f1e19d40 fix sqlite.js test according to Review 2023-11-06 15:22:36 +01:00
amammad
cc5dd3180a fix better-sqlite3 tests according to Review 2023-11-06 15:18:55 +01:00
amammad
c858e4974d fix Sqlite and BetterSqlite3 issues according to Review 2023-11-06 14:57:40 +01:00
Cornelius Riemenschneider
52fcc5f435 Export test data directories. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
63854e36b4 Use the TestPaths helper to lookup files. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
a773532d07 Refactor JS test suite to be more in line with other Java projects. 
Therefore, we move the test suite out of the `src` directory.
 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
6c7ea86a12 Introduce a bazel-based build for the entire JS pack. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
465eb00228 More fine-grained dependency on internal extractors. 2023-11-06 13:44:28 +01:00
Arthur Baars
01e7d57dba Add changenote 2023-11-06 13:38:33 +01:00
Arthur Baars
7f4bcdfa64 Rename test files 2023-11-06 13:38:33 +01:00
Arthur Baars
eecf32db4d Add tests for deprecated 'assert' syntax 2023-11-06 13:38:33 +01:00
Arthur Baars
4192d09e5c Add tests for deprecated 'assert' syntax 2023-11-06 13:38:33 +01:00
Arthur Baars
b4d89f7554 Replace 'assert' with 'with' in QL test files 2023-11-06 13:38:33 +01:00
Arthur Baars
3d45944649 Rename 'assertions' to 'attributes' in JS extractor 2023-11-06 13:38:32 +01:00
Arthur Baars
bd62ec294e Support TS 5.3 import attributes (previously import assertions) 2023-11-06 13:38:32 +01:00
Arthur Baars
1067dd9dd3 Auto-format 2023-11-06 13:38:32 +01:00
Arthur Baars
ec075f8fbe Upgrade typescript to 5.3.1-rc 2023-11-06 13:38:24 +01:00
erik-krogh
abcb5a7a95 remove the remaining yarn files 2023-11-05 19:24:59 +01:00
amammad
01fb29e8dc remove my Hardcoded secret key query in favor of CWE-798:HardcodedCredentials 2023-11-02 16:29:36 +01:00
amammad
a9c8bc082f delete CWE-321 2023-11-02 16:27:31 +01:00
amammad
faa483a282 move to CWE-347, update comments of tests 2023-11-02 16:24:58 +01:00
amammad
e1d42fad2c move new secret key sinks to existing CredentialsNode class, 
add new additional global taint and dataflow steps
update tests of CWE-798
add a new sanitizer for `semmle.javascript.security.dataflow.HardcodedCredentialsQuery`
 2023-11-02 16:09:01 +01:00
amammad
9da815a5c0 move to new CWE-321 directory, make saparate query files for each JWT pkg, create a path query for jsonwebtoken package which is not work correctly 2023-11-02 14:13:52 +01:00
erik-krogh
688afddaf2 Re-order expected test output of all JS tests 2023-10-31 16:38:22 +01:00
Arthur Baars
5cc94e1105 Express.js: add req.path as remote input source 2023-10-31 12:44:26 +01:00
Arthur Baars
21b7a51d0a Add test case for req.path 2023-10-31 12:44:25 +01:00
Arthur Baars
1479509d93 Re-order expected test ouput 2023-10-31 12:44:25 +01:00
Chris Smowton
79e1aa0498 Merge pull request #14634 from github/post-release-prep/codeql-cli-2.15.2 
Post-release preparation for codeql-cli-2.15.2
 2023-10-31 10:24:53 +00:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
erik-krogh
cf958f0828 lower the severity of js/identity-replacement to medium 2023-10-27 13:54:17 +02:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00
erik-krogh
302199a74a fix TypeExprKinds crashing on a ThisExpression 2023-10-26 16:33:54 +02:00