hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

2704 Commits

Author SHA1 Message Date
Napalys
ff07ec8d8c Add flow summaries for TypedArray methods set and subarray 2025-04-07 18:06:40 +02:00
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00
Napalys
c4fa417680 Added change note 2025-04-07 12:11:33 +02:00
Napalys
6fb5376c5f Refactor ReceivedItemAsRemoteFlow to handle data from both client and server WebSocket sources 2025-04-07 11:44:40 +02:00
Napalys
6bcfd8c91d Updated getAServer with API graphs. 2025-04-04 12:31:29 +02:00
Napalys
c5860e92ec Updated WebSocketReceiveNode to match bind functions. 2025-04-04 12:28:53 +02:00
Napalys
49194b0340 Updated WebSocketReceiveNode with API graphs. 2025-04-04 12:26:52 +02:00
Napalys
0dbf951291 Updated ClientSocket and SendNode with API graphs. 2025-04-04 09:14:54 +02:00
Napalys
e16a20e69f Updated SocketClass to use API Graphs. 2025-04-04 08:47:27 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
db2720ea5b JS: Initial model of Response 2025-04-03 11:08:05 +02:00
Napalys
0e7bff0f81 Added change note. 2025-04-03 10:45:17 +02:00
Napalys
04a39eb735 Removed old mkdirp modeling and replaced it with MaD. 2025-04-03 10:45:16 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys Klicius
5c42c0ba4c Merge pull request #19196 from Napalys/js/rimraf 
JS: Modeling of `rimraf` functions
 2025-04-03 09:51:52 +02:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Napalys
390d9ffe66 Added change note 2025-04-02 12:50:53 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Asger F
46f88e7ce7 JS: Updates to DOM model 2025-04-02 10:14:03 +02:00
Asger F
887942e3e9 Merge pull request #19108 from asgerf/js/api-graph-spread-rest 
JS: Handle spread/rest in API graphs
 2025-04-01 17:48:36 +02:00
Asger F
4746cfddf2 JS: Add clarifying comment 2025-04-01 16:26:07 +02:00
Asger F
e1784bb10c JS: Fix handling of spread args on a bound function 2025-04-01 16:20:57 +02:00
github-actions[bot]
10205cb990 Post-release preparation for codeql-cli-2.21.0 2025-04-01 11:30:43 +00:00
github-actions[bot]
84f6564cc0 Release preparation for version 2.21.0 2025-03-31 17:35:15 +00:00
Arthur Baars
cd9ccef8b2 Javascript, add missing * to changenote 2025-03-31 18:45:01 +02:00
Asger F
149ec20758 JS: Add comment about internal edge 2025-03-31 15:39:09 +02:00
Asger F
f64bdccd6d Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-31 15:30:59 +02:00
Napalys Klicius
4572376e9a Merge pull request #19143 from Napalys/js/fs-extra-missing 
JS: Modeling of `fs-extra` functions
 2025-03-31 10:35:45 +02:00
Napalys Klicius
de8a3289e2 Merge pull request #19118 from Napalys/js/hana_db_client 
JS: support `hana` db client
 2025-03-31 10:35:11 +02:00
Napalys
d0e2aa8192 Added sources from hana db as MaD. 2025-03-28 14:55:17 +01:00
Napalys
f3af23e855 Refactored hana's DB client to use GuardedRouteHandler, improving precision. 2025-03-28 13:58:37 +01:00
Napalys Klicius
f7264d82d4 Merge branch 'main' into js/hana_db_client 2025-03-28 13:21:15 +01:00
Napalys
769fe75d82 Added change note. 2025-03-28 13:07:24 +01:00
Napalys
495af56ab5 Added NodeJSFileSystemVectorWrite class for vectored write. 2025-03-28 13:07:23 +01:00
Napalys
e63e170ac2 Added support for readv and readvSync functions in NodeJSFileSystemAccessRead class . 2025-03-28 13:07:20 +01:00
Anders Schack-Mulligen
5a986f5327 SSA: Remove empty predicates and dead code. 2025-03-28 12:00:38 +01:00
Anders Schack-Mulligen
d8e14a6b55 JS: Add ssaDefHasSource. 2025-03-28 11:57:29 +01:00
Anders Schack-Mulligen
0c74f21107 Merge pull request #19044 from aschackmull/ssa/useuse-trim 
Ssa: Trim the use-use relation to skip irrelevant nodes
 2025-03-28 11:55:34 +01:00
Asger F
7904db0f9a Merge pull request #19132 from asgerf/js/guarded-route-handler-token 
JS: Add GuardedRouteHandler access path component
 2025-03-28 10:47:10 +01:00
Asger F
951b48adfe Revert "JS: Add bogus model for testing" 
This reverts commit 2460874f47.
 2025-03-28 09:24:49 +01:00
Asger F
b834ffe246 JS: Fix a bad join order 2025-03-28 09:14:40 +01:00
Asger F
1ad471cb32 JS: Track through spread/rest params in API graphs 2025-03-28 09:14:36 +01:00
Napalys
e1bf054056 Added support for lutimes, opendir, and statfs functions from fs-extra. 2025-03-28 08:37:30 +01:00
Napalys
55c74b2bac Added support for emptydir functions from fs-extra. 2025-03-28 08:37:28 +01:00
Napalys
e386448f60 Added support for missing rm functions from fs-extra 2025-03-28 08:37:22 +01:00
Napalys
7a08f32e16 Added support for cp functions from fs-extra. 2025-03-28 08:36:26 +01:00
Asger F
2460874f47 JS: Add bogus model for testing 2025-03-27 20:13:27 +01:00
Napalys Klicius
32369dab7d Merge pull request #19124 from Napalys/js/hapi_upgrade 
JS: Support for newer version of `Hapi` - `@hapi/hapi`
 2025-03-27 16:42:51 +01:00
Asger F
ed50343cc2 Merge pull request #19077 from asgerf/js/jsdoc-name-tokens 
JS: Separate JSDoc qualified names into individual identifiers
 2025-03-27 14:22:11 +01:00
Asger F
13d2453a45 JS: Add GuardedRouteHandler access path component 2025-03-27 13:59:41 +01:00