hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

11583 Commits

Author SHA1 Message Date
Asger F
5064cd5d94 JS: Exclude externs from CallGraph meta-query 2025-05-20 13:19:48 +02:00
Asger F
317e61d370 JS: Update UnresolvableImports to handle nested packages 2025-05-19 12:53:19 +02:00
Asger F
1e8a49f311 JS: More efficient nested package naming 2025-05-19 12:53:18 +02:00
Michael Nebel
dabeddb62d Add change-notes. 2025-05-19 09:26:49 +02:00
Michael Nebel
530025b7ae Update integration tests expected output. 2025-05-19 09:26:47 +02:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Napalys Klicius
f6a8909bfe Merge pull request #19356 from Napalys/js/merge_classes 
JS: Merge `ES6Class` to `FunctionStyleClass`
 2025-05-16 10:31:33 +02:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Asger F
169ae19015 Merge pull request #19391 from asgerf/js/typescript-path-resolution 
JS: Overhaul import resolution
 2025-05-13 15:46:38 +02:00
Asger F
aea676df3c Merge pull request #19445 from asgerf/js/summaries-with-fallback 
JS: Generate flow summaries from summaryModels; only generate steps as a fallback
 2025-05-13 14:49:38 +02:00
Napalys Klicius
d1e769ba54 Merge pull request #19422 from Napalys/js/shelljs 
JS: Modeling of `ShellJS` functions
 2025-05-02 14:18:44 +02:00
Napalys Klicius
30694c11d6 Removed code duplication 2025-05-02 13:44:07 +02:00
Asger F
b8be1bcee8 JS: Avoid duplication with constructor body 2025-05-02 13:44:03 +02:00
Napalys Klicius
871e93d9fe Update javascript/ql/lib/semmle/javascript/frameworks/ShellJS.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-05-02 13:39:46 +02:00
Asger F
1f308ee47a JS: Explain use of monotonicAggregates 2025-05-02 13:22:27 +02:00
Asger F
5c9218fe5a JS: Add comment about 'path' heuristic 2025-05-02 13:22:25 +02:00
Asger F
f3e0cfd947 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-05-02 12:41:29 +02:00
Asger F
16fc8c3d9e JS: Benign test updates 2025-05-02 11:09:19 +02:00
Tamás Vajk
cb1c3736fe Merge pull request #19413 from tamasvajk/quality/query-suite-selector 
Add code quality suite selector and use that in the code quality suites
 2025-05-02 08:18:48 +02:00
Napalys Klicius
c430a36b4c Refactored merge StandardClassNode into ClassNode 2025-05-01 19:12:12 +02:00
Asger F
a44bdf3be2 JS: Generate summaries from summaryModel, and only generate steps as a fallback 2025-05-01 15:22:47 +02:00
Asger F
ca5f8b0c1d JS: Move some code into ModelsAsData.qll 2025-05-01 15:17:07 +02:00
Owen Mansel-Chan
e0549483fd Merge pull request #19429 from owen-mc/fix-cwe-tags-missing-leading-zero 
Fix cwe tags to include leading zero
 2025-05-01 14:09:54 +01:00
Owen Mansel-Chan
0863c87572 Add change notes 2025-05-01 10:33:24 +01:00
Napalys Klicius
68a9dd9f9e Address comments 2025-05-01 11:19:41 +02:00
Napalys Klicius
c7d764f666 Brought back FunctionStyleClass marked as deprecated 2025-05-01 11:16:04 +02:00
Napalys Klicius
d4b5ef6a66 Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource 2025-05-01 11:14:15 +02:00
Napalys Klicius
33d8ffa83e Added test cases for shelljs.env 2025-05-01 11:11:29 +02:00
Napalys Klicius
602500e280 Added change note 2025-05-01 11:09:56 +02:00
Napalys Klicius
40d176a770 Added model for shelljs.env 2025-05-01 11:09:47 +02:00
Napalys Klicius
9bab59363c Fix class instance method detection in constructor receiver 2025-05-01 09:14:39 +02:00
Napalys Klicius
7430d0e5e0 Added failing test with method as field 2025-05-01 09:14:37 +02:00
Napalys Klicius
c0917434eb Removed code duplication 2025-05-01 09:14:36 +02:00
Napalys Klicius
fc7520e9e7 Added change note 2025-05-01 09:14:34 +02:00
Napalys Klicius
7fec3aec95 Renamed FunctionStyleClass class to StandardClassNode 2025-04-30 18:51:46 +02:00
Napalys Klicius
e9ee7134ef Refactor prototype reference retrieval in ClassNode and update expected test output 2025-04-30 18:51:39 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Napalys Klicius
9624a413e4 Added change note 2025-04-30 14:57:00 +02:00
Napalys Klicius
71f1b82a56 Added support for fastify.all 2025-04-30 14:54:09 +02:00
Napalys Klicius
6d61766366 Added test case for fastify.all 2025-04-30 14:50:35 +02:00
Asger F
8ebbfb198e Merge pull request #19412 from asgerf/js/promise-all 
JS: Better type-tracking through Promise.all()
 2025-04-30 14:19:12 +02:00
Napalys Klicius
18cea2d6a5 Added support for shelljs.cmd and async-shelljs.asyncExec 2025-04-30 13:37:02 +02:00
Napalys Klicius
25d04f1cdd Added support for shelljs.which 2025-04-30 13:35:17 +02:00
Napalys Klicius
f6fae7ad60 Added test cases for cmd, which and asyncExec 2025-04-30 13:33:31 +02:00
Asger F
da5d799152 JS: Change note 2025-04-30 11:59:47 +02:00
Napalys Klicius
6de38b1827 Merge pull request #19300 from Napalys/js/fastify 
JS: Added support for `fastify.addHook`
 2025-04-29 18:32:25 +02:00
Tamas Vajk
d56c5225f6 Use code-quality-selectors in JS suite 2025-04-29 16:23:08 +02:00
Asger F
b0f73f1cbd JS: Update test output now that we import .d.ts files more liberally 2025-04-29 16:06:39 +02:00
Asger F
70a5ec5607 JS: Add package.json files in tests relying on node_modules 
We don't extract node_modules folders by default so these tests aren't
that relevant anymore, and we no longer follow node_modules resolution
rules directly.

Instead, these imports are resolved based on the monorepo support which
simply requires a package.json file to exist. There is not a good enough
reason to support node_modules directly, so we're accepting some
minor regression in these tests.
 2025-04-29 16:06:38 +02:00