hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

11285 Commits

Author SHA1 Message Date
Asger F
427e329363 JS: Bump extractor version string 2025-02-03 15:21:41 +01:00
Asger F
7eebe468ee JS: Update TRAP output 
This seems to have reordered the TRAP lines but without semantic change.
 2025-02-03 15:21:09 +01:00
Asger F
be082578d4 JS: Hoist function decls in a block to the top of the block 2025-02-03 15:21:08 +01:00
Asger F
29879297ee JS: Add test showing missed call to later-defined function in block 2025-02-03 14:56:11 +01:00
Asger F
2d36a5d478 JS: Use JSX syntax in first attempt when extension is .jsx 2025-02-03 13:17:15 +01:00
Asger F
78a7f2670a JS: Update a JS test case 2025-02-03 11:31:03 +01:00
Asger F
a0af4c9a84 Merge pull request #18622 from asgerf/js/typescript-tsconfig-names 
JS: Treat more file patterns as tsconfig-like files
 2025-01-31 09:42:50 +01:00
Asger F
2e65fe9597 JS: Change note 2025-01-30 20:46:30 +01:00
Asger F
d23c198072 JS: Change note 2025-01-30 20:41:20 +01:00
Asger F
16f7373712 JS: Model dependency injection in Nest 2025-01-29 13:49:46 +01:00
Asger F
89ad737b2a JS: Add internal extension points sources of class objects/instances 2025-01-29 13:49:44 +01:00
Asger F
b07c5c6ee0 JS: Add test 2025-01-29 13:49:43 +01:00
Asger F
6d04425790 JS: Add test 2025-01-29 11:14:21 +01:00
Asger F
d66d1a79d6 JS: Also update legacy entry point used by qltest 2025-01-29 11:14:10 +01:00
Asger F
8182190120 JS: Remove trailing whitespace 2025-01-29 10:53:26 +01:00
Asger F
bf80f0798b JS: Treat more file patterns as as tsconfig.json-like 2025-01-29 10:53:18 +01:00
Asger F
f8694a34e5 Merge pull request #18397 from aegilops/angular-sources-sinks 
JavaScript CodeQL library updates: new Angular sink(s)
 2025-01-29 09:09:23 +01:00
Erik Krogh Kristensen
87ad09bcdf Merge pull request #18595 from erik-krogh/erik-krogh/clear-text-example 
JS: fix example in clear-text-logging qhelp to actually be bad
 2025-01-27 11:45:50 +01:00
erik-krogh
37a1727043 fix example in clear-text-logging qhelp to actually be bad 2025-01-27 11:31:28 +01:00
aegilops
5a191d42bd Merge branch 'angular-sources-sinks' of https://github.com/aegilops/codeql into angular-sources-sinks 2025-01-24 16:52:19 +00:00
aegilops
76da479550 Updated tests 2025-01-24 16:52:11 +00:00
Paul Hodgkinson
f033f179f7 Merge branch 'main' into angular-sources-sinks 2025-01-24 15:46:48 +00:00
aegilops
d248551e88 Updated expected test result files using HEAD version of codeql 2025-01-24 15:46:09 +00:00
Asger F
1b7977bf90 Merge pull request #18466 from asgerf/js/view-component-inputs 
JS: Add view-component-input threat model
 2025-01-24 10:59:25 +01:00
Asger F
60f9160822 Merge pull request #18574 from asgerf/js/diff-informed2 
JS: fix and improve diff-informed queries
 2025-01-24 10:58:22 +01:00
aegilops
c9a775d737 Merge branch 'angular-sources-sinks' of https://github.com/aegilops/codeql into angular-sources-sinks 2025-01-23 17:07:02 +00:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
Paul Hodgkinson
eacc322d4f Update Angular Renderer2 XSS sink details in change note 2025-01-23 16:39:18 +00:00
Asger F
6423033db6 JS: Resolve inserted TODOs 2025-01-23 13:02:52 +01:00
Asger F
102b187c35 JS: Ignore experimental queries for now 2025-01-23 12:53:18 +01:00
Asger F
dba76a0e4d JS: Rerun patch query after bugfix 2025-01-23 10:31:32 +01:00
Erik Krogh Kristensen
4bd4937e65 Merge pull request #18547 from erik-krogh/suffixCheck 
JS: Fix FPs with js/incorrect-suffix-check
 2025-01-22 21:13:27 +01:00
Asger F
051fa66af1 JS: Add change note 2025-01-22 11:49:48 +01:00
Asger F
4161f455b8 Revert "Add view-component-input for testing" 
This reverts commit 6954039a6d106e3611a0892972a979fd45310d1a.
 2025-01-22 10:45:52 +01:00
Asger F
e5c0390972 Add view-component-input for testing 2025-01-22 10:45:50 +01:00
Asger F
d647c7b14d JS: Replace 'instanceof ClientSideRemoteFlowSource' 2025-01-22 10:45:49 +01:00
Asger F
3061d51b20 JS: Add ThreatModelSource#isCilentSideSource() 2025-01-22 10:45:48 +01:00
Asger F
327bdc0b02 JS: Use TypeScript types to restrict ViewComponentInputs in general 2025-01-22 10:45:47 +01:00
Asger F
b015c88c79 JS: Add view-component-input threat model 2025-01-22 10:45:46 +01:00
erik-krogh
04bbd5919a add change-note 2025-01-22 10:16:11 +01:00
Asger F
01f7d45e2d JS: Add meta query for reporting threat model sources 2025-01-22 09:51:32 +01:00
Asger F
30d192a1db JS: Move getName() to a shared location 2025-01-22 09:51:32 +01:00
Asger F
0b9187d76c JS: Add change note 2025-01-21 14:17:35 +01:00
Asger F
a9d21e70c2 JS: Bump extractor version string 2025-01-21 14:04:12 +01:00
Asger F
dd55460d7f JS: Update test output 2025-01-21 14:03:30 +01:00
Asger F
784d07c95b JS: Ensure embedded TypeScript is extracted even when not associated with a tsconfig 2025-01-21 14:02:32 +01:00
Asger F
f3b52adde6 JS: Add test showing DB-CHECK failure 2025-01-21 14:02:17 +01:00
erik-krogh
2f1bd75ee9 remove redundant cast 2025-01-21 09:51:14 +01:00
erik-krogh
17afab7d0f support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall() 2025-01-21 09:43:57 +01:00
erik-krogh
d5529e3a7e ensure an indexOf call is equivalent with itself. (getAUse() is used later to find matching indexOf calls) 2025-01-21 09:42:30 +01:00