hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

2102 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
82750638c6 JS: Verify models even if package is not used in database 2022-03-15 10:51:44 +01:00
Asger Feldthaus
a19f06ffc0 JS: Port checks to JS 2022-03-15 10:35:49 +01:00
Asger Feldthaus
97ca1155c3 JS: Sync ApiGraphModels.qll and test 2022-03-15 09:29:34 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
Erik Krogh Kristensen
689f3c0478 update some references to deprecated module names 2022-03-14 13:28:34 +01:00
Erik Krogh Kristensen
7d6700a943 Merge branch 'main' into depMore 2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen
6d66ea4253 also deprecate the definitionReaches predicate, it was only used in a test 2022-03-14 10:14:15 +01:00
Erik Krogh Kristensen
5e52a71091 remove test .qll files that weren't imported 2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
4f8f7cd57d JS: update expected output of test 2022-03-11 11:18:14 +01:00
Erik Krogh Kristensen
25690759fd JS: update expected test output 2022-03-11 11:17:41 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Erik Krogh Kristensen
c48a5a1294 JS: update tests to not use deleted deprecations 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
4734f1916e Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred 
QL: field only used in charPred
 2022-03-08 11:25:57 +01:00
Erik Krogh Kristensen
4c58f9781b add support for TypeScript 4.6 2022-03-01 09:56:21 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Esben Sparre Andreasen
1d437dd722 Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials 
JS: Sharpen hardcoded credentials
 2022-02-21 10:02:58 +01:00
Asger Feldthaus
2c2a82a070 Shared: allow spaces between arguments in a token 2022-02-21 08:21:53 +01:00
Asger Feldthaus
c189df2341 Revert "JS: Add support for " of " syntax to help during transition" 
This reverts commit 9bf522b3048c3b11f7e6d734ed797a613614a095.
 2022-02-21 08:21:51 +01:00
Asger Feldthaus
53935db6c6 JS: Add support for " of " syntax to help during transition 2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8 JS: Move ".."-parsing trick into AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Esben Sparre Andreasen
f08a140505 update tests for password patterns 2022-02-16 13:22:19 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
Erik Krogh Kristensen
36e02ae9ac Merge pull request #7912 from erik-krogh/moarApi 
JS: convert more type-trackers to API-graphs
 2022-02-11 10:32:45 +01:00
CodeQL CI
9ebbd9efa1 Merge pull request #7591 from asgerf/js/mysql-sinks 
Approved by esbena
 2022-02-10 12:50:36 +00:00
Erik Krogh Kristensen
12d31d750a convert more type-trackers to API-graphs 2022-02-10 09:54:52 +01:00
Erik Krogh Kristensen
896d2bad0e update expected output now that JSON.stringify() is seen as a sanitizer 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
b8f1fb3954 JS: fix ql/field-only-used-in-charpred within JavaScript 2022-01-20 09:41:13 +01:00
Asger Feldthaus
79f799066a JS: Update test output 2022-01-17 16:27:57 +01:00
Stephan Brandauer
09a28c428c base implementation of Spanner model on models-as-data 2022-01-12 17:07:16 +01:00
Stephan Brandauer
132e0bf4b7 add database accesses as additional (heuristic) remote flow sources 2022-01-11 11:38:41 +01:00
Asger Feldthaus
d33200ea83 JS: Add test for WithArity 2022-01-05 14:35:02 +01:00
Asger Feldthaus
772681d249 JS: Initial support for models as data 2022-01-05 14:34:52 +01:00
CodeQL CI
de4b655ddb Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation 
Approved by erik-krogh
 2021-12-17 14:07:57 +00:00
CodeQL CI
39ec7132af Merge pull request #7049 from asgerf/js/routing-trees 
Approved by erik-krogh
 2021-12-17 12:26:38 +00:00
Asger Feldthaus
e2c6dd7d56 JS: Recognize {{& ... }} as an XSS sink 2021-12-17 10:31:50 +01:00
Asger Feldthaus
61cc84ba69 JS: Recognize leading/trailing ~ and & in mustache-tags 2021-12-17 10:31:50 +01:00
CodeQL CI
f274f06d9b Merge pull request #7409 from asgerf/js/track-functions-with-methods 
Approved by erik-krogh
 2021-12-16 09:01:42 +00:00
Asger Feldthaus
53b3581ed0 JS: Add test to stress flow through properties 2021-12-15 17:16:56 +01:00
Asger Feldthaus
995e33158f JS: Add test for res.locals flow to template 2021-12-15 16:00:19 +01:00
Asger Feldthaus
04bdba85ea JS: Shift line numbers in test expectations 2021-12-15 16:00:19 +01:00
Erik Krogh Kristensen
de4458346f Merge pull request #7344 from SZFsir/main 
JS: Improve inter-procedural type inference for FunctionExpr
 2021-12-13 21:58:53 +01:00
Asger Feldthaus
b336c29283 JS: Track functions with methods 2021-12-10 09:38:29 +01:00
Asger Feldthaus
4ef2a5f4f1 JS: Add test 2021-12-10 09:38:29 +01:00
JrXnm
1a1a7413c2 JS: Improv inter-procedural type inference for FunctionExpr 2021-12-10 01:09:49 +08:00
Asger Feldthaus
3dd5d4d7b4 JS: Instantiate for Express and add tests 2021-12-07 10:43:03 +01:00
Erik Krogh Kristensen
fdcc144a98 add test for import assertions 2021-11-29 13:51:28 +01:00
Erik Krogh Kristensen
591aeff906 add TypeScript test for new private field syntax 2021-11-29 13:51:28 +01:00
Erik Krogh Kristensen
19bbe6d276 add JavaScript support for new private fields syntax 2021-11-29 13:51:25 +01:00