hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

4844 Commits

Author SHA1 Message Date
Asger F
97eb09fef8 JS: Accept updated test output 2025-02-17 10:19:49 +01:00
erik-krogh
01d70a6d73 add test of the new v flag 2025-02-16 19:01:02 +01:00
Asger F
ab5fc9f4d7 JS: Implement viableImplInCallContext 2025-02-14 13:25:19 +01:00
Asger F
ff7bc7c25e JS: Track types of classes in data flow 2025-02-14 12:44:45 +01:00
Asger F
d3c4b5d493 JS: Add test with spurious flow due to up-down calls 2025-02-14 12:42:02 +01:00
Asger F
b8b2b9a470 JS: Resolve calls downward in the class hierarchy 2025-02-14 11:17:19 +01:00
Asger F
aff458d948 JS: Also add tests for upward calls and overriding 2025-02-14 11:17:17 +01:00
Asger F
9321d69034 JS: Add CG test showing lack of calls down to subclasses 2025-02-14 11:17:15 +01:00
Asger F
4043765008 JS: Avoid ambiguity in an inline CG annotation 2025-02-14 11:17:14 +01:00
Asger F
a61d42edc3 JS: Make inline CG tests report call target if NONE was given 
Previously it would only report a spurious callee if the target function was named. Now, if specifying 'calls:NONE' if will report any callee as spurious.
 2025-02-14 11:17:13 +01:00
Asger F
25314b61db JS: Update nodes/edges output 2025-02-14 10:26:21 +01:00
Asger F
26dcbf7a2a JS: Migrate URLSearchParams model to flow summaries 2025-02-13 11:51:33 +01:00
Asger F
f531f4479b JS: Add test for URL and URLSearchParams 2025-02-13 11:51:32 +01:00
Asger F
654c6bfec7 Merge pull request #18735 from asgerf/inline-test-non-location 
Test: Support arbitrary locations in inline test post-processor
 2025-02-12 10:30:50 +01:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
56ff9351f2 JS: Update test output again 2025-02-11 12:59:11 +01:00
Asger F
5b0eb0f6cc JS: Move an Alert annotation to its correct line 2025-02-11 12:58:47 +01:00
Asger F
84c02d0863 JS: Enable test post-processing 2025-02-11 12:58:46 +01:00
Asger F
fb79ab1c8c JS: Update line numbers 2025-02-11 12:58:45 +01:00
Asger F
a1c3dca5de JS: Convert OK-style to $-style expectations in one test 2025-02-11 12:58:44 +01:00
Asger F
45242977a4 JS: Model query-string parsers that strip off ? or # 2025-02-11 10:41:23 +01:00
Asger F
b123a3c57a JS: Add test 2025-02-11 10:40:04 +01:00
Asger F
f0afd6aa5f Merge branch 'main' into js/hoist-in-block 2025-02-04 14:01:57 +01:00
Asger F
80824cfdc7 JS: Benign test output changes 2025-02-04 12:12:41 +01:00
Asger F
5e109ff457 JS: Update test output 2025-02-04 10:45:37 +01:00
Asger F
be082578d4 JS: Hoist function decls in a block to the top of the block 2025-02-03 15:21:08 +01:00
Asger F
29879297ee JS: Add test showing missed call to later-defined function in block 2025-02-03 14:56:11 +01:00
Asger F
78a7f2670a JS: Update a JS test case 2025-02-03 11:31:03 +01:00
Asger F
a0af4c9a84 Merge pull request #18622 from asgerf/js/typescript-tsconfig-names 
JS: Treat more file patterns as tsconfig-like files
 2025-01-31 09:42:50 +01:00
Asger F
16f7373712 JS: Model dependency injection in Nest 2025-01-29 13:49:46 +01:00
Asger F
b07c5c6ee0 JS: Add test 2025-01-29 13:49:43 +01:00
Asger F
6d04425790 JS: Add test 2025-01-29 11:14:21 +01:00
Asger F
f8694a34e5 Merge pull request #18397 from aegilops/angular-sources-sinks 
JavaScript CodeQL library updates: new Angular sink(s)
 2025-01-29 09:09:23 +01:00
Erik Krogh Kristensen
87ad09bcdf Merge pull request #18595 from erik-krogh/erik-krogh/clear-text-example 
JS: fix example in clear-text-logging qhelp to actually be bad
 2025-01-27 11:45:50 +01:00
erik-krogh
37a1727043 fix example in clear-text-logging qhelp to actually be bad 2025-01-27 11:31:28 +01:00
aegilops
5a191d42bd Merge branch 'angular-sources-sinks' of https://github.com/aegilops/codeql into angular-sources-sinks 2025-01-24 16:52:19 +00:00
aegilops
76da479550 Updated tests 2025-01-24 16:52:11 +00:00
Paul Hodgkinson
f033f179f7 Merge branch 'main' into angular-sources-sinks 2025-01-24 15:46:48 +00:00
Asger F
1b7977bf90 Merge pull request #18466 from asgerf/js/view-component-inputs 
JS: Add view-component-input threat model
 2025-01-24 10:59:25 +01:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
Erik Krogh Kristensen
4bd4937e65 Merge pull request #18547 from erik-krogh/suffixCheck 
JS: Fix FPs with js/incorrect-suffix-check
 2025-01-22 21:13:27 +01:00
Asger F
b015c88c79 JS: Add view-component-input threat model 2025-01-22 10:45:46 +01:00
Asger F
dd55460d7f JS: Update test output 2025-01-21 14:03:30 +01:00
Asger F
f3b52adde6 JS: Add test showing DB-CHECK failure 2025-01-21 14:02:17 +01:00
erik-krogh
17afab7d0f support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall() 2025-01-21 09:43:57 +01:00
erik-krogh
d5529e3a7e ensure an indexOf call is equivalent with itself. (getAUse() is used later to find matching indexOf calls) 2025-01-21 09:42:30 +01:00
erik-krogh
905d904543 add a few failing tests 2025-01-21 09:40:24 +01:00
Asger F
aa0b9559bf Merge pull request #18472 from asgerf/js/test-suite 
JS: Port three tests to use the new post processing-based inline test expectations
 2025-01-17 12:06:32 +01:00
Asger F
2c65946684 JS: Add setOtherInput example 2025-01-17 10:29:03 +01:00
Asger F
e983e26f68 JS: Add example with safe field 2025-01-17 10:28:07 +01:00