hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

100 Commits

Author SHA1 Message Date
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Napalys Klicius
584b4f51aa JS: add false positive test cases for hostname regex detection 2025-06-23 20:25:10 +02:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
bb67a0e9b0 JS: Remove outdated comment 2025-02-28 13:29:23 +01:00
Asger F
0496de6c8f JS: Accept alerts in UselessCharacterEscape 2025-02-28 13:29:22 +01:00
Asger F
10a7294327 JS: Accept trivial test changes 
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.

In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
 2025-02-28 13:27:43 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
erik-krogh
17afab7d0f support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall() 2025-01-21 09:43:57 +01:00
erik-krogh
d5529e3a7e ensure an indexOf call is equivalent with itself. (getAUse() is used later to find matching indexOf calls) 2025-01-21 09:42:30 +01:00
erik-krogh
905d904543 add a few failing tests 2025-01-21 09:40:24 +01:00
Asger F
1964b347c7 Merge branch 'main' into js/test-suite 2025-01-16 13:19:07 +01:00
Asger F
bc34a045d3 JS: Triage discrepancies and update test 2025-01-10 14:18:31 +01:00
Asger F
18ab066e79 JS: Remove OK comments that don't provide further explanation 2025-01-10 14:18:30 +01:00
Asger F
c2b65b1f85 JS: Port IncompleteUrlSubstringSanitization test 2025-01-10 14:18:29 +01:00
Asger F
6b4be13a8e JS: Move annotations to the correct line 2025-01-10 14:18:28 +01:00
Asger F
95e20a045b JS: Port IncompleteUrlSchemeCheck test 2025-01-10 14:18:26 +01:00
Asger F
563471dd52 JS: Triage discrepancies and update test 2025-01-10 14:18:25 +01:00
Asger F
48f7a58d01 JS: Update IncompleteHostnameRegExp test to match reality 2025-01-10 14:18:24 +01:00
Asger F
a83508a828 JS: Port IncompleteHostNameRegExt test 2025-01-10 14:18:23 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Napalys
b239bfabf1 Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll 2024-11-05 09:22:26 +01:00
Napalys
ccee34d6d3 Added support for matchAll in CWE-020 including new test cases 2024-11-05 08:51:24 +01:00
Asger F
52ba91a7f8 JS: Updates to nodes/edges in tests 
Only changes to nodes/edges for various reasons, no actual result changes
 2024-10-29 08:32:13 +01:00
Asger F
12e316b99d JS: Update test output after merging in 'main' 
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
 2024-10-08 10:11:15 +02:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
erik-krogh
396da117bb remove an FP in overly-large-range for [@-Z] 2024-01-25 14:15:06 +01:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
Asger F
8e95a90d03 JS: Port UntrustedDataToExternalAPI 2023-10-13 13:15:04 +02:00
Asger F
9df9ca2916 JS: Update test and expectations for MissingRegExpAnchor 2023-05-26 14:07:34 +02:00
Asger F
62dca44ee5 Update UntrustedDataToExternalAPI.expected 2023-04-17 08:23:04 +02:00
erik-krogh
e7aef17d30 don't report every non-ascii range in js/overly-large-range 2022-09-13 20:43:52 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen
0a26e891a2 include startsWith/endsWith checks in js/missing-origin-check 2022-04-25 15:28:50 +02:00
Erik Krogh Kristensen
bca4d14129 rename files 2022-04-12 14:37:43 +02:00
Erik Krogh Kristensen
591fcda862 various improvements to the js/missing-origin-verification query 2022-04-12 14:20:41 +02:00
Erik Krogh Kristensen
e2badab251 update expected output after test reorganization 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
ec9c308d06 reorganize the tests in CWE-020 2022-04-12 10:39:28 +02:00
Erik Krogh Kristensen
cf94c93b1a Merge pull request #8481 from erik-krogh/schemeChain 
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
 2022-03-25 11:13:10 +01:00
Erik Krogh Kristensen
693c77f3df add test for string replacement chains of URL schemes 2022-03-18 11:05:59 +01:00
Arthur Baars
bb348116ab JavaScript: update expected output 2022-03-07 16:10:08 +01:00
Erik Krogh Kristensen
0023b885f5 update expected output 2021-11-15 13:50:12 +01:00
Erik Krogh Kristensen
9a11c13e11 update expected output 2021-11-11 11:56:30 +01:00
Erik Krogh Kristensen
12305aae42 extract regexp literals from string concatenations 2021-10-28 10:44:33 +02:00
Asger Feldthaus
5838e54a46 JS: Sharpen recognition of string 'match' calls 2021-06-16 09:27:02 +02:00