hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

2232 Commits

Author SHA1 Message Date
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
b2346183d6 Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model 
JS: Exclude environment variables from `js/regex-injection` query by default
 2025-08-18 09:32:15 +02:00
Tom Hvitved
874f951727 Merge pull request #20172 from hvitved/shared/concepts-final-aliases 
Shared: Use `final` aliases in `ConcentsShared.qll`
 2025-08-11 10:14:55 +02:00
Tom Hvitved
eb3c054b0f JS: Generate legacy flow steps for all flow summaries 2025-08-06 09:38:49 +02:00
Tom Hvitved
11dcd90435 Shared: Use final aliases in ConcentsShared.qll 2025-08-05 14:53:52 +02:00
Napalys Klicius
ae4077db72 add taint flow for arg/command-line-args with custom argv option 2025-08-01 13:34:08 +02:00
Napalys Klicius
d6508f34b6 Add taint flow for Commander.js direct property access and action callbacks 2025-08-01 13:24:19 +02:00
Napalys Klicius
6b4e34dd39 Added a step from parse to opts for commander js 2025-08-01 13:12:43 +02:00
Napalys Klicius
e980798ede Added step through yargs/yargs constructor and chained methods. 2025-08-01 12:01:30 +02:00
Napalys Klicius
5f538209c9 Exlucde environmental variables from default detection in regexp injection 2025-07-31 12:09:30 +02:00
Anders Schack-Mulligen
3b8234ecec SSA: Update data flow integration and BarrierGuard interface to use GuardValue. 2025-07-28 11:29:12 +02:00
Jeroen Ketema
1990438376 JS: Fix import 
The import should not have been private, because we want users to still be
able to import this file and have access to the crypto algorithms.
 2025-07-16 14:41:50 +02:00
Jeroen Ketema
cbde11ddc9 Properly share ConceptsShared.qll 2025-07-14 16:30:45 +02:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
8b828cecf1 Use shared SensitiveDataHeuristics 2025-07-14 11:38:47 +02:00
Asger F
98319ce2ad Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2025-07-03 08:44:33 +02:00
Asger F
d85838477e JS: Update Nest model 
An external contribution added more uses of the now-deprecated getType()
predicate while this PR was open.
 2025-07-02 14:11:31 +02:00
Asger F
47a90c8b32 Merge branch 'main' into js/no-type-extraction 2025-07-02 13:18:05 +02:00
Asger F
7c38c48fd7 Merge pull request #19769 from trailofbits/VF/Nest-improvements 
Improve NestJS sources and dependency injection
 2025-06-30 10:42:18 +02:00
Asger F
c8b2674206 JS: Add support for index expressions 2025-06-25 14:31:22 +02:00
Asger F
b1d4776b17 JS: Handle name resolution through dynamic imports 2025-06-25 14:31:20 +02:00
Asger F
92dd5bd1f4 JS: Add deprecation comment to qldoc 2025-06-25 14:31:14 +02:00
Napalys Klicius
3d9e2f5438 Merge pull request #19858 from Napalys/js/execa 
JS: moved `execa` out of experimental
 2025-06-25 10:34:52 +02:00
Asger F
d39b68cd41 Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries 
JS: Remove legacy actions queries
 2025-06-25 09:18:33 +02:00
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server 
JS: Model React 'use' and 'use server'
 2025-06-25 09:13:56 +02:00
Napalys Klicius
79a9d7def8 JS: removed execa parts from SystemCommandExecutors and moved it to Execa.qll 2025-06-24 12:41:22 +02:00
Asger F
d428eaeef8 Merge pull request #19655 from GeekMasher/js-clientrests-axios 
JS: ClientRequests Axios Instance support
 2025-06-24 10:35:51 +02:00
Napalys Klicius
2218a981f6 Merge pull request #19854 from Napalys/js/sinon 
JS: Explicitly Mark `Sinon` Package as Non RegExp
 2025-06-24 10:24:13 +02:00
Napalys Klicius
d8b5cb5862 JS: moved execa out of experimental 2025-06-24 09:07:43 +02:00
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Asger F
ea0a80a06a JS: Un-deprecate Actions.qll for now as we have some internal queries that use it. 2025-06-23 16:38:04 +02:00
Asger F
cc1a28ac7e JS: Add parameters of server functions as remote flow sources 2025-06-23 16:03:39 +02:00
Asger F
0d3bb89195 JS: Deprecate Actions.qll 2025-06-23 14:36:15 +02:00
Asger F
e323833bc3 JS: Fix qldoc coverage 2025-06-23 12:55:19 +02:00
Asger F
07f84a5add JS: Remove an unnecessary import 2025-06-23 12:55:18 +02:00
Asger F
ee9c4fa763 JS: Deprecate everything that depends on type extraction 2025-06-23 12:55:14 +02:00
Asger F
6d389c31c7 JS: Update an outdated QLDoc comment 2025-06-23 12:55:11 +02:00
Asger F
fcb6882f16 JS: Update API usage in MissingAwait 2025-06-23 12:55:09 +02:00
Asger F
e459884b69 JS: Update API usage in ViewComponentInput 2025-06-23 12:55:08 +02:00
Asger F
8b2a424fb0 JS: Update type usage use in Express model 2025-06-23 12:55:05 +02:00
Asger F
b71d09630a JS: Update type usage in Electron model 2025-06-23 12:55:03 +02:00
Asger F
ace8b09a36 JS: Update type usage in ClassValidator.qll 2025-06-23 12:55:01 +02:00
Asger F
17a687b38f JS: Update type usage in Nest library model 2025-06-23 12:54:57 +02:00
Asger F
b82e84930c JS: Add public API 2025-06-23 12:54:56 +02:00
Asger F
2a0c7c8801 JS: Add classHasGlobalName into NameResolution 2025-06-23 12:54:55 +02:00
Asger F
de9dab9ba3 JS: Move some predicates into NameResolution 2025-06-23 12:54:53 +02:00
Asger F
93c891a987 Merge pull request #19822 from Fdawgs/patch-1 
JS: Update Fastify tld
 2025-06-23 12:49:42 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00