hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

2686 Commits

Author SHA1 Message Date
Tom Hvitved
dc432c7774 Sync shared files 2022-09-30 14:56:56 +02:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Henti Smith
476960e699 Merge pull request #10625 from github/henti/ql_jobrunson 
Added job.getRunsOn
 2022-09-30 10:19:14 +01:00
Henti Smith
074fac8f2f Ran autoformatter on Actions.qll 2022-09-30 09:24:12 +01:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
Henti Smith
700eaf5e41 Added JobRunson 2022-09-29 14:19:02 +01:00
tyage
b95566b02a make json stringify tainted with arg's property 2022-09-29 17:46:09 +09:00
Asger F
24f2a3cdff Sync ApiGraphModels.qll 2022-09-28 12:17:44 +02:00
Dave Bartolomeo
3bd456e52d Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
erik-krogh
dcdff7a995 Merge branch 'main' into aliasFlow 2022-09-22 16:01:31 +02:00
erik-krogh
5fb44e9dd8 simplify and improve the example for getLaterBaseAccess 2022-09-22 15:57:54 +02:00
Erik Krogh Kristensen
fedf8fc575 correct the qldoc 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-22 15:49:29 +02:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Erik Krogh Kristensen
0720fa75df Merge pull request #10286 from erik-krogh/js-followMsg 
JS: change alert messages of path queries to use the same template
 2022-09-20 16:12:45 +02:00
Asger F
2fc5961b10 JS: Restrict where sub path edges are computed 2022-09-20 11:40:17 +02:00
Asger F
2c3d1de2c7 JS: Add change note 2022-09-20 11:40:17 +02:00
Asger F
baa559e696 JS: Fix a hole in the sequelize-typescript typings 2022-09-20 11:40:17 +02:00
Asger F
47f1d62569 JS: Add generated typings to SQL models 2022-09-20 11:40:16 +02:00
erik-krogh
58851aefd6 don't mention classes that don't exist in TaintTracking.qll 2022-09-19 13:37:06 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
erik-krogh
843fce4bcd expand localFieldStep to use access-paths, and build access-paths in more cases 2022-09-13 21:43:06 +02:00
erik-krogh
e7aef17d30 don't report every non-ascii range in js/overly-large-range 2022-09-13 20:43:52 +02:00
Erik Krogh Kristensen
46751e515c Merge pull request #10388 from erik-krogh/exportNew 
JS: recognize returning an instance of a class as exporting that class
 2022-09-13 13:45:16 +02:00
Erik Krogh Kristensen
2739b9cfd8 Merge pull request #10390 from erik-krogh/unmentionedGuard 
QL: add unmentioned guard class query
 2022-09-13 11:04:13 +02:00
Erik Krogh Kristensen
86417cec34 Merge pull request #10381 from erik-krogh/protoList 
JS: recognize a list of bad strings as a sanitizer for `js/prototype-polluting-assignment`
 2022-09-13 11:00:29 +02:00
Erik Krogh Kristensen
dd5da79e46 recognize setters and getters of a class as exported 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-13 10:04:02 +02:00
erik-krogh
dd5db2e6d7 add to isSanitizerGuard 2022-09-13 07:27:51 +02:00
erik-krogh
3eb7675292 rename to DenyListInclusionGuard 2022-09-13 07:27:31 +02:00
erik-krogh
a567c132c1 fix all ql/unmentioned-guard 2022-09-12 22:42:46 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
erik-krogh
98243118b2 recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment 2022-09-12 13:41:07 +02:00
erik-krogh
afcb767f8d Merge branch 'main' into js-followMsg 2022-09-12 13:21:16 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
Erik Krogh Kristensen
cb95e8f263 Merge pull request #10351 from erik-krogh/moreMains 
JS: find a main module in more cases
 2022-09-12 11:01:17 +02:00
erik-krogh
5010f89683 move resolveMainPath into a separate helper predicate 2022-09-09 14:26:07 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
erik-krogh
aee72357b8 find a main module in more cases 2022-09-08 20:21:31 +02:00
erik-krogh
a21a4275f3 add taint-step in js/insecure-randomness for selecting a random element 2022-09-08 15:00:00 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
Erik Krogh Kristensen
57bf92a70c Merge pull request #10347 from erik-krogh/mermaid 
JS: add a markdown step through the `mermaid` library
 2022-09-08 12:41:58 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00