hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

4900 Commits

Author SHA1 Message Date
Asger F
d428eaeef8 Merge pull request #19655 from GeekMasher/js-clientrests-axios 
JS: ClientRequests Axios Instance support
 2025-06-24 10:35:51 +02:00
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Napalys Klicius
584b4f51aa JS: add false positive test cases for hostname regex detection 2025-06-23 20:25:10 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
bca536c5b6 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-20 11:30:20 +02:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
53cae4fa97 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-19 10:21:52 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Napalys Klicius
a96ea182c7 JS: add test cases for serialize-javascript with tainted object properties 2025-06-16 09:30:52 +02:00
Napalys Klicius
0906d85b39 Merge pull request #19726 from Napalys/js/quality/string_interpolation 
JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.
 2025-06-13 13:36:53 +02:00
Napalys Klicius
28ae39694f Merge pull request #19741 from Napalys/js/quality/suspicious_method_names 
JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.
 2025-06-12 15:30:13 +02:00
Napalys Klicius
66d66fe87d JS: fix false positives for splice with conditional index decrement 2025-06-12 14:51:10 +02:00
Napalys Klicius
7292a76ee4 JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting 2025-06-12 14:39:47 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Napalys Klicius
6811cad687 Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class 
JS: Promote `js/regex/duplicate-in-character-class` to quality
 2025-06-11 11:05:07 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00
Napalys Klicius
a0db250dc3 Update javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-10 12:50:07 +02:00
Napalys Klicius
42a880bf58 Improved test coverage for js/regex/duplicate-in-character-class 2025-06-10 11:07:22 +02:00
Napalys Klicius
c97da2eda5 Exclude expressions that are part of a conditional expression 2025-06-10 10:56:11 +02:00
Napalys Klicius
b7f7092ab3 Added test cases for better test coverage 2025-06-10 09:37:40 +02:00
Asger F
42f762a140 JS: Update test output now that 'satisfies' is a SourceNode 2025-06-09 16:22:30 +02:00
Mathew Payne
9d23677024 Merge branch 'main' into js-clientrests-axios 2025-06-09 14:18:54 +01:00
Asger F
691fdb106e JS: Nicer jump-to-def for function declarations 2025-06-04 22:17:42 +02:00
Asger F
57fad7e6c9 JS: Add SatisfiesExpr 2025-06-04 22:17:40 +02:00
Asger F
79101fd121 JS: Add test with type casts 2025-06-04 22:17:39 +02:00
GeekMasher
79a72fc15b fix(js): Update tests 2025-06-03 16:37:36 +01:00
GeekMasher
6a1cfb6aef feat(js): Add Axios Instance support and add tests 2025-06-03 15:55:23 +01:00
Napalys Klicius
aac56e089a JavaScript: Fix false positive on Flow type annotations in ExprHasNoEffect 2025-06-03 15:26:22 +02:00
Napalys Klicius
46b5ded862 JS: Enhance void context propagation 2025-06-03 15:20:55 +02:00
Napalys Klicius
bf48b59874 JS: Removed exclusion of FunctionExpr from compound statements. 2025-06-03 15:12:26 +02:00
Napalys Klicius
8521c53a40 Renamed test directory to match the query name 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 14:12:12 +02:00
Napalys Klicius
d1869941c2 Renamed UnhandledStreamPipe.ql to a better fitting name and ID 
As a side effect of merge `security-and-quality` does not contain anymore related new query.

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 13:57:10 +02:00
Napalys Klicius
f6e7059589 Merge branch 'main' into js/quality/stream_pipe 2025-06-03 13:48:41 +02:00
Napalys Klicius
bca1bc7153 JS: Enhance isDomProperty to check for getAPropertyRead on DOM nodes 2025-06-02 14:56:45 +02:00
Napalys Klicius
9b2ef8be10 JS: add test for DOM access where expression appears to have no side effects 2025-06-02 14:54:46 +02:00
Napalys Klicius
298ef9ab12 Now able to track error handler registration via instance properties 2025-06-02 11:01:41 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Napalys Klicius
19cc3e335f JS: Add test case for RequestForgery with url wrapped via package URL 2025-05-30 18:26:47 +02:00
Napalys Klicius
f843cc02f6 Fix false positives in stream pipe analysis by improving error handler tracking via property access. 2025-05-30 18:08:04 +02:00
Napalys Klicius
5bb29b6e33 Now flags only .pipe calls which have an error somewhere down the stream, but not on the source stream. 2025-05-28 17:17:43 +02:00
Napalys Klicius
5214cc0407 Excluded ngrx, datorama, angular, react and langchain from stream pipe query. 2025-05-27 09:45:37 +02:00