hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

2636 Commits

Author SHA1 Message Date
Asger F
1c2fdc8df9 JS: Ignore more webpack modules 2023-04-19 10:29:14 +02:00
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Arthur Baars
e5d89b969a Merge pull request #12780 from aibaars/shared-yaml-lib 
JS: extract YAML library to a shared pack
 2023-04-18 11:09:53 +02:00
Kasper Svendsen
9d34d090ab Merge pull request #12843 from kaspersv/kaspersv/prevent-bad-js-join-order 
Prevent JS join order regression
 2023-04-18 09:09:43 +02:00
github-actions[bot]
648f0e19ec Post-release preparation for codeql-cli-2.13.0 2023-04-17 15:39:24 +00:00
Kasper Svendsen
ad82433a88 Prevent JS join order regression 2023-04-17 13:24:19 +02:00
Arthur Baars
34d3040ce2 Add change note 2023-04-17 12:59:14 +02:00
Asger F
13b1e97caa JS: Fix the ExtendCall restriction 2023-04-17 12:30:08 +02:00
Asger F
2f4a181a7d JS: revert path sanitizers in proto pollution query 2023-04-17 12:21:00 +02:00
Asger F
b728f71b4b JS: Move 'this' sanitizer to customizations 2023-04-17 12:11:18 +02:00
Asger F
c250ba7f27 JS: Undo sanitization of path.normalize() 2023-04-17 08:23:04 +02:00
Asger F
0d598c437d JS: Fix observed FPs in UnsafeJQueryPlugin 2023-04-17 08:20:18 +02:00
Asger F
b321151a28 JS: Restrict ExtendCall flow in proto pollution query 2023-04-17 08:20:18 +02:00
Asger F
efb582b661 JS: Drive-by fix to newly gained FPs 2023-04-17 08:20:18 +02:00
Asger F
869c6d27fe JS: Add implied receiver steps 2023-04-17 08:20:18 +02:00
Asger F
74dbc71535 JS: Change Extend steps to PreCallGraphStep 2023-04-17 08:20:18 +02:00
github-actions[bot]
075d063370 Release preparation for version 2.13.0 2023-04-14 13:31:30 +00:00
jarlob
e9dee3a185 Move actions/github-script out of Actions.qll 2023-04-14 14:26:23 +02:00
Erik Krogh Kristensen
cece307c60 Merge pull request #12802 from erik-krogh/history-xss 
JS: add browser history as XSS sink
 2023-04-14 13:35:19 +02:00
jarlob
599ec5a3b4 Add comment 2023-04-14 10:52:11 +02:00
jarlob
ac1c20673d Encapsulate github-script 2023-04-14 10:23:49 +02:00
jarlob
d80c541da6 Encapsulate composite actions 2023-04-14 10:06:35 +02:00
smiddy007
ec97cdc8a0 Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS library. 2023-04-13 23:16:20 -04:00
jarlob
79218a3946 Use YamlMapping for modeling Env 2023-04-14 00:56:51 +02:00
jarlob
dd52ef85cd Rename Env 2023-04-13 23:41:31 +02:00
jarlob
76834cbe53 Rename GlobalEnv 2023-04-13 23:13:56 +02:00
jarlob
8234ea33f0 More details in the changes file. 2023-04-13 23:05:32 +02:00
jarlob
6790318769 Added the composite word 2023-04-13 22:58:32 +02:00
Jaroslav Lobačevski
8f1bccbb4d Apply suggestions from code review (comments) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-04-13 22:55:53 +02:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Arthur Baars
ead8108aed Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-04-13 11:11:55 +02:00
Asger F
b819f55203 Merge pull request #12792 from asgerf/js/redux-model-perf 
JS: add getForwardingFunction and use to sharpen useSelector model
 2023-04-12 14:09:59 +02:00
erik-krogh
b1957623c1 add browser history as XSS sink 2023-04-12 13:38:18 +02:00
Arthur Baars
83cd55cb29 Js/Yaml: add getFile() predicate 2023-04-11 16:01:44 +01:00
erik-krogh
3c4bd5b6a7 forward toString() etc. predicates from YamlNode to Locatable 2023-04-11 15:37:01 +02:00
erik-krogh
b5e90483f5 improve the ESLint model to avoid overriding Yaml classes 2023-04-11 15:36:18 +02:00
Asger F
aef0fa3c8a JS: Expand QLDoc 2023-04-11 14:16:36 +02:00
Asger F
2c65a49d7c JS: Add getForwardingFunction() to API graphs 2023-04-11 14:00:30 +02:00
Asger F
4ce03d4dc4 JS: Restrict useSelector steps to local callbacks 2023-04-11 13:33:46 +02:00
Asger F
3cc931306f JS: Add test for selector nodes with multiple access paths 2023-04-11 13:33:27 +02:00
tyage
40d475863d Add change note 2023-04-08 18:36:50 +09:00
tyage
7f9b8557ac Add Next.js router push as XSS sink 2023-04-08 18:18:34 +09:00
jarlob
3745cccedd Fix warnings 2023-04-06 23:02:08 +02:00
jarlob
af83d8af41 Add comment 2023-04-06 22:59:09 +02:00
jarlob
9c7eecf547 Add support for composite actions 2023-04-06 22:53:59 +02:00
jarlob
0a878d4db9 Support yAml extensions 2023-04-06 19:07:38 +02:00
Arthur Baars
4fca4b668c JS: use shared YAML library 2023-04-06 15:11:35 +02:00
jarlob
40b7910473 Fix QLDoc warnings 2023-04-05 10:14:54 +02:00
jarlob
5c5b9f99a8 Add simple taint tracking for env variables 2023-04-05 10:03:46 +02:00