hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

2558 Commits

Author SHA1 Message Date
Paul Hodgkinson
65dfd4c860 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-05-21 14:46:49 +01:00
aegilops
bda794fde7 Fixed wrong filenames in the InsecureHelmet tests 2024-05-21 14:34:58 +01:00
aegilops
8300aeb0a0 Tests for InsecureHelmet 2024-05-20 12:05:42 +01:00
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
Asger F
c408ab9e6a Merge branch 'main' into js/shared-dataflow 2024-05-02 19:43:34 +02:00
Asger F
a0b49b23f5 JS: Add UseServer and UseClient directives 2024-03-26 09:39:39 +01:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
erik-krogh
bf22f4a870 update expected output 2024-02-22 13:21:11 +01:00
Asger F
75a95ffcd1 Merge pull request #15602 from asgerf/js/block-logical-and-flow 
JS: Fix flow through &&
 2024-02-14 12:29:40 +01:00
Asger F
f5c437694c Update UselessConditional.expected 2024-02-13 18:31:24 +01:00
erik-krogh
94b7bda3dc exclude tagged template literals from js/superfluous-trailing-arguments 2024-02-06 09:36:30 +01:00
Sid Shankar
b1d7a635f5 Renames diagnostic query files and tests 
This commit renames the files relating to the diagnostic query that produces information on the number of files extracted. The files have been renamed from "SuccessfullExtractedFiles.*" to "ExtractedFiles.*". All related tests and test files have been renamed too.

The `@tags` and `@id` attributes of the queries have been left untouched, consistent with the `@tags` and `@id` for similar queries in other languages.
 2024-01-29 20:19:20 +00:00
erik-krogh
396da117bb remove an FP in overly-large-range for [@-Z] 2024-01-25 14:15:06 +01:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
Sid Shankar
2d71294f61 Merge pull request #15256 from sidshank/change/adjust-extracted-files-diagnostics 
Js/Py/Rb: Report any extracted file as successfully extracted
 2024-01-17 11:04:06 -05:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
Sid Shankar
59098be8c4 Merge branch 'main' into change/adjust-extracted-files-diagnostics 2024-01-16 21:51:41 -05:00
Sid Shankar
e30a0d1e83 JS: Report any extracted file as successfully extracted 2024-01-08 22:19:33 +00:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Rafael
1a05c2e704 Added Django test 2023-11-29 08:26:49 +01:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
erik-krogh
688afddaf2 Re-order expected test output of all JS tests 2023-10-31 16:38:22 +01:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
2c7291336d Move test files into right directory. 2023-10-26 12:16:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
Asger F
9b46c4596c JS: Update HeuristicSoruceCodeInjection test 2023-10-13 13:15:08 +02:00
Asger F
bab639f23c JS: Update ReflectedXssWithCustomSanitizer test 2023-10-13 13:15:08 +02:00
Asger F
c55300d4b0 JS: Port PolynomialReDoS 2023-10-13 13:15:06 +02:00
Asger F
b8847dbc5d JS: Port Xxe 2023-10-13 13:15:06 +02:00
Asger F
c2d170b4fd JS: Port XpathInjection 2023-10-13 13:15:06 +02:00
Asger F
03f8c0fc5e JS: Port XmlBomb 2023-10-13 13:15:06 +02:00
Asger F
83095535f9 JS: Port UnvalidatedDynamicMethodCall 2023-10-13 13:15:06 +02:00
Asger F
ba9edb4e54 JS: Port UnsafeShellCommandConstruction 2023-10-13 13:15:06 +02:00
Asger F
d08e4504ff JS: Port UnsafeJQueryPlugin 2023-10-13 13:15:06 +02:00
Asger F
6e3f4bd7d8 JS: Port UnsafeHtmlConstruction 2023-10-13 13:15:06 +02:00
Asger F
7f4d42ddcd JS: Port UnsafeDynamicMethodAccess 2023-10-13 13:15:06 +02:00
Asger F
758f42495c JS: Port UnsafeDeserialization 2023-10-13 13:15:05 +02:00
Asger F
32022ccbda JS: Port UnsafeCodeConstruction 2023-10-13 13:15:05 +02:00
Asger F
5af608c937 JS: Port TypeConfusionThroughParameterTampering 2023-10-13 13:15:05 +02:00
Asger F
25962a9ba6 JS: Port TemplateObjectInjection 2023-10-13 13:15:05 +02:00
Asger F
51624c02a2 JS: Port TaintedFormatString 2023-10-13 13:15:05 +02:00
Asger F
63343b1ba4 JS: Port StackTraceExposure 2023-10-13 13:15:05 +02:00
Asger F
d446444667 JS: Port ShellCommandInjectionFromEnvironment 2023-10-13 13:15:05 +02:00
Asger F
06835a800c JS: Port SecondOrderCommandInjection 2023-10-13 13:15:05 +02:00