hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

2852 Commits

Author SHA1 Message Date
Arthur Baars
e33f3a6668 Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Erik Krogh Kristensen
e658177c31 Merge pull request #12975 from tyage/support-sub-modules 
JS: Support sub modules
 2023-05-23 09:24:43 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Erik Krogh Kristensen
653cd86c13 update qldoc 2023-05-22 20:48:21 +02:00
Arthur Baars
7978c65467 JS: add upgrade/downgrade scripts 2023-05-22 19:28:59 +02:00
erik-krogh
708a99528f initial implementation of TS 5.1 2023-05-22 10:11:32 +02:00
erik-krogh
cbd7601a41 implement isShellInterpreted on ExecActionsCall 2023-05-17 11:07:48 +02:00
erik-krogh
3293a55e8f require arguments to be shell interpreted to be flagged by indirect-command-injection 2023-05-17 11:07:45 +02:00
Jami Cogswell
003bb2f6f5 JS: add change note 2023-05-16 15:45:55 -04:00
Jami Cogswell
359f6ffd1e JS: update 'credentials[%]' sink kind to 'credentials-%' 2023-05-16 15:45:55 -04:00
Jami Cogswell
7880e9e92c JS: update 'command-line-injection' sink kind to 'command-injection' 2023-05-16 15:45:55 -04:00
Arthur Baars
2911a6cc30 JS: remove unused tables 2023-05-16 17:03:41 +02:00
Arthur Baars
fef0e1f1c8 JS: sync shared dbscheme fragments 2023-05-16 17:03:41 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
tyage
93af0d0c2f formatting 2023-05-13 17:37:31 +00:00
tyage
6f66c047d0 JS: ignoresub pkgs in node_modules directory 2023-05-13 09:12:28 +00:00
Kasper Svendsen
7dd9906e95 JS: Enable implicit this receiver warnings 2023-05-12 09:49:14 +02:00
Kasper Svendsen
189f8515c0 JS: Make implicit this receivers explicit 2023-05-12 09:49:14 +02:00
Kasper Svendsen
489a73c2c3 JS: Make implicit this receivers explicit 2023-05-11 11:50:56 +02:00
tyage
f6a8cd27ca Update javascript/ql/lib/semmle/javascript/NPM.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-05-10 19:36:49 +09:00
Asger F
f4b5f39c57 Merge pull request #13044 from cklin/javascript-locatable-tostring-join-ordering 
JS: Add pragma[only_bind_out] to Locatable::toString() calls
 2023-05-10 10:08:48 +02:00
Asger F
c376eeb133 Merge pull request #12978 from asgerf/js/github-actions-sources 
JS: Add sources and sinks related to GitHub Actions
 2023-05-10 09:55:24 +02:00
Asger F
b28254327a Update javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-05-10 08:16:31 +02:00
Kasper Svendsen
c7d72e0d34 JS: Prevent join order regression 2023-05-09 17:01:41 +02:00
Jaroslav Lobačevski
891a94c166 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 16:27:32 +02:00
Jaroslav Lobačevski
1ad23c5366 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 12:23:06 +02:00
Chuan-kai Lin
0984fc7cce JS: Add pragma[only_bind_out] to Locatable::toString() calls 2023-05-04 13:20:56 -07:00
Kasper Svendsen
65deb9d90a Merge pull request #13016 from kaspersv/kaspersv/js-explicit-this-receivers3 
JS: Make implicit this receivers explicit
 2023-05-04 09:15:01 +02:00
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Erik Krogh Kristensen
f29db40371 Merge pull request #13011 from kaspersv/kaspersv/explicit-this-receivers-shared2 
JS, Python, Ruby: Make implicit this receivers explicit
 2023-05-03 15:34:59 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen
aca2ace843 JS, Python, Ruby: Make implicit this receivers explicit 2023-05-03 13:51:51 +02:00
Kasper Svendsen
efdaffedee JS: Make implicit this receivers explicit 2023-05-03 10:49:46 +02:00
Asger F
b9ad4177f9 JS: List safe environment variables in IndirectCommandInjection 2023-05-03 10:48:14 +02:00
Asger F
4c6711d007 JS: Clarify the difference between context and input sources 2023-05-03 10:30:04 +02:00
tyage
22f5b7a18b JS: check scoped package and normal package 2023-05-03 13:19:59 +09:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
tyage
be9c8d28b5 JS: drop string comparison 2023-05-02 12:41:03 +09:00
Asger F
5eaaa7e074 JS: Add qldoc 2023-05-01 11:42:55 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
2c89f9747b Merge pull request #12949 from asgerf/js/angular-native 
JS: Add a few more DOM element sources
 2023-05-01 11:08:45 +02:00
Asger F
0497e60ce2 JS: Model actions/exec 2023-05-01 11:05:59 +02:00
Asger F
cb9b01cbb7 JS: Port new sources based on comment from JarLob 2023-05-01 11:04:54 +02:00
Asger F
3d208c0a62 JS: Port Actions sources based on PR from R3x 2023-05-01 10:48:43 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
tyage
f52c845663 Fix comment. 2023-04-30 19:52:11 +09:00
tyage
80d401fba8 JS: change note 2023-04-30 18:26:46 +09:00
tyage
c0cf0b430e JS: support submodules 2023-04-30 18:07:52 +09:00