hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

2631 Commits

Author SHA1 Message Date
Asger F
789a7bdb48 JS: Disable for test with alerts in a JSON file 
JSON does not support comments so we can't use inline expectations
 2025-02-28 13:27:36 +01:00
Asger F
ac6547fd01 JS: Disable for comment-related alerts 2025-02-28 13:27:35 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
Asger F
7e5c24a8ec JS: Remove uses of old inline expectation test library 2025-02-28 13:27:26 +01:00
Asger F
ff36d1916f Merge pull request #18810 from asgerf/js/test-related-locations 
Test: Add support for RelatedLocation tag and use in a JS query
 2025-02-25 16:40:41 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Asger F
cd2c4d5e3a JS: Use post-processed inline test in MissingCsrfMiddleware 
This query flags the cookie-parsing middleware in order to consolidate huge numbers of alerts into a single alert, which is more manageable. But simply annotating the cookie-parsing middleware with 'Alert' isn't a very useful, we want to annotate which middlewares are vulnerable.
 2025-02-21 14:44:46 +01:00
Napalys
1227a7eedc Add Tanstack framework support and enhance data flow tracking for fetch responses 2025-02-21 13:24:00 +01:00
Napalys
05690c21ed Added a test for tanstack/react-query useQuery 2025-02-21 13:24:00 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Erik Krogh Kristensen
7fa41c438f Merge pull request #18794 from erik-krogh/v-flag 
JS: Add support for the regex V flag
 2025-02-17 13:56:48 +01:00
Asger F
d79f429978 JS: Update changes to nodes/edges/subpaths 
No changes in actual alerts
 2025-02-17 10:36:05 +01:00
erik-krogh
01d70a6d73 add test of the new v flag 2025-02-16 19:01:02 +01:00
Asger F
25314b61db JS: Update nodes/edges output 2025-02-14 10:26:21 +01:00
Asger F
654c6bfec7 Merge pull request #18735 from asgerf/inline-test-non-location 
Test: Support arbitrary locations in inline test post-processor
 2025-02-12 10:30:50 +01:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
56ff9351f2 JS: Update test output again 2025-02-11 12:59:11 +01:00
Asger F
5b0eb0f6cc JS: Move an Alert annotation to its correct line 2025-02-11 12:58:47 +01:00
Asger F
84c02d0863 JS: Enable test post-processing 2025-02-11 12:58:46 +01:00
Asger F
fb79ab1c8c JS: Update line numbers 2025-02-11 12:58:45 +01:00
Asger F
a1c3dca5de JS: Convert OK-style to $-style expectations in one test 2025-02-11 12:58:44 +01:00
Asger F
45242977a4 JS: Model query-string parsers that strip off ? or # 2025-02-11 10:41:23 +01:00
Asger F
b123a3c57a JS: Add test 2025-02-11 10:40:04 +01:00
Asger F
78a7f2670a JS: Update a JS test case 2025-02-03 11:31:03 +01:00
Asger F
f8694a34e5 Merge pull request #18397 from aegilops/angular-sources-sinks 
JavaScript CodeQL library updates: new Angular sink(s)
 2025-01-29 09:09:23 +01:00
erik-krogh
37a1727043 fix example in clear-text-logging qhelp to actually be bad 2025-01-27 11:31:28 +01:00
aegilops
76da479550 Updated tests 2025-01-24 16:52:11 +00:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
erik-krogh
17afab7d0f support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall() 2025-01-21 09:43:57 +01:00
erik-krogh
d5529e3a7e ensure an indexOf call is equivalent with itself. (getAUse() is used later to find matching indexOf calls) 2025-01-21 09:42:30 +01:00
erik-krogh
905d904543 add a few failing tests 2025-01-21 09:40:24 +01:00
Asger F
aa0b9559bf Merge pull request #18472 from asgerf/js/test-suite 
JS: Port three tests to use the new post processing-based inline test expectations
 2025-01-17 12:06:32 +01:00
Asger F
2c65946684 JS: Add setOtherInput example 2025-01-17 10:29:03 +01:00
Asger F
e983e26f68 JS: Add example with safe field 2025-01-17 10:28:07 +01:00
Asger F
859783c08b JS: Support [(ngModel)] 2025-01-17 10:26:57 +01:00
Asger F
d55c68c1f1 JS: Add test case with [(ngModel)] 2025-01-17 10:24:16 +01:00
Asger F
97f5559e64 JS: Recognise form input from NgForm 2025-01-17 10:22:20 +01:00
Asger F
1ec3a62242 JS: Add test with NgForm.value 2025-01-17 10:20:59 +01:00
Asger F
d4daa21318 JS: Add DOM event sources in Angular2 model 2025-01-17 10:20:22 +01:00
Asger F
b8ba50a9ac JS: Add Angular test case in XssThroughDom 2025-01-17 10:12:42 +01:00
Asger F
1964b347c7 Merge branch 'main' into js/test-suite 2025-01-16 13:19:07 +01:00
Asger F
bc34a045d3 JS: Triage discrepancies and update test 2025-01-10 14:18:31 +01:00
Asger F
18ab066e79 JS: Remove OK comments that don't provide further explanation 2025-01-10 14:18:30 +01:00
Asger F
c2b65b1f85 JS: Port IncompleteUrlSubstringSanitization test 2025-01-10 14:18:29 +01:00
Asger F
6b4be13a8e JS: Move annotations to the correct line 2025-01-10 14:18:28 +01:00
Asger F
95e20a045b JS: Port IncompleteUrlSchemeCheck test 2025-01-10 14:18:26 +01:00