11702 Commits

Author	SHA1	Message	Date
Napalys Klicius	b14b661cd1	JS: add change note	2025-06-16 14:12:39 +02:00
Napalys Klicius	0c31838aa5	JS: mass add missing quality related tags to relevant queries	2025-06-16 14:05:57 +02:00
Napalys Klicius	0d5f5104d1	Updated UriEncodingSanitizer comment	2025-06-16 13:08:16 +02:00
Napalys Klicius	798721bd71	JS: add change note	2025-06-16 13:08:14 +02:00
Napalys Klicius	bdbc49c63f	JS: Removed encodeURI from request forgery sanitizer list	2025-06-16 13:08:11 +02:00
Napalys Klicius	eca69e1654	JS: remove serialize-javascript from JsonParsers.qll as it is not a parser	2025-06-16 12:59:36 +02:00
Napalys Klicius	deb715a517	JS: Add test case with encodeURI for request forgery	2025-06-16 10:49:29 +02:00
Napalys Klicius	fffbc0c0bc	JS: add change note	2025-06-16 10:38:27 +02:00
Napalys Klicius	5a107ec33b	JS: track taint through serialize-javascript calls with object arguments	2025-06-16 10:38:20 +02:00
Napalys Klicius	a96ea182c7	JS: add test cases for serialize-javascript with tainted object properties	2025-06-16 09:30:52 +02:00
Vasco-jofra	e2eca5bbff	Update test.expected	2025-06-15 12:12:12 +02:00
Vasco-jofra	6920430073	Improve dependency injection through import function calls	2025-06-15 00:47:34 +02:00
Vasco-jofra	9019879d99	Improve useFactory inter file function detection	2025-06-15 00:32:26 +02:00
Vasco-jofra	477f32c7ff	NestJS dependency injection support useValue provider	2025-06-15 00:21:38 +02:00
Vasco-jofra	2b143c86ac	NestJS dependency Injection support useFactory provider	2025-06-15 00:09:07 +02:00
Vasco-jofra	baf0d3ef22	Model NestJS middlewares as sources	2025-06-14 23:27:49 +02:00
Vasco-jofra	ddf77a0b72	Remove unnecessary spaces	2025-06-13 15:37:27 +02:00
Vasco-jofra	4ea53773b9	Model the TypeORM Repository API	2025-06-13 15:35:46 +02:00
Napalys Klicius	0906d85b39	Merge pull request #19726 from Napalys/js/quality/string_interpolation ... JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.	2025-06-13 13:36:53 +02:00
Napalys Klicius	28ae39694f	Merge pull request #19741 from Napalys/js/quality/suspicious_method_names ... JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.	2025-06-12 15:30:13 +02:00
Napalys Klicius	10d10286f7	JS: add change notes	2025-06-12 15:23:31 +02:00
Napalys Klicius	885e8369aa	JS: add quality and reliability tags to loop-iteration-skipped-due-to-shifting	2025-06-12 15:18:26 +02:00
Napalys Klicius	66d66fe87d	JS: fix false positives for splice with conditional index decrement	2025-06-12 14:51:10 +02:00
Napalys Klicius	7292a76ee4	JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting	2025-06-12 14:39:47 +02:00
Napalys Klicius	d7ad625de3	JS: restrict type tracking to strings of interest.	2025-06-12 14:28:00 +02:00
Napalys Klicius	da5cd251be	Update javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql ... Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>	2025-06-12 14:25:00 +02:00
Napalys Klicius	e6d26912e0	Update javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.qhelp ... Co-authored-by: Asger F <asgerf@github.com>	2025-06-12 13:10:27 +02:00
Napalys Klicius	7b91a57eb1	JS: add change note.	2025-06-12 12:19:39 +02:00
Napalys Klicius	75ee649362	JS: add change note	2025-06-12 12:14:14 +02:00
Napalys Klicius	923aff2439	JS: Fixed false positive on manual string interpolation.	2025-06-12 11:35:33 +02:00
Napalys Klicius	bafe7e66ad	JS: Fix template literal detection in string concatination	2025-06-12 11:18:20 +02:00
Napalys Klicius	861e4ee11e	JS: Added test cases including manual interpolation and string concatination.	2025-06-12 11:15:36 +02:00
Napalys Klicius	c5a1421405	JS: promote suspicious-method-name-declaration to quality query.	2025-06-12 09:54:01 +02:00
Napalys Klicius	60e3b0c8e7	JS: Update qhelp and added more examples.	2025-06-12 09:53:56 +02:00
Napalys Klicius	41f4236b86	JS: expanded suspicious-method-name-declaration test suite	2025-06-12 09:29:30 +02:00
Asger F	423ffc78db	Merge pull request #19078 from asgerf/js/name-resolution ... JS: QL-side type/name resolution for TypeScript and JSDoc	2025-06-11 14:17:11 +02:00
Napalys Klicius	92084dd74f	JS: add js/template-syntax-in-string-literal to the Code Quality suite.	2025-06-11 11:48:05 +02:00
Napalys Klicius	6811cad687	Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class ... JS: Promote `js/regex/duplicate-in-character-class` to quality	2025-06-11 11:05:07 +02:00
Asger F	e848aa747b	JS: Clarifying comment on commonStep	2025-06-11 10:24:21 +02:00
Asger F	2aa5fa17f7	JS: Add comment and examples in FlowImpl doc	2025-06-11 10:21:24 +02:00
Asger F	72cc439125	JS: Normalize a few more extensions	2025-06-10 17:36:56 +02:00
Asger F	18f9133715	JS: Rename and clarify comment for trackFunctionType	2025-06-10 16:14:46 +02:00
Asger F	a6488cbad9	Update javascript/ql/lib/semmle/javascript/internal/NameResolution.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2025-06-10 16:06:42 +02:00
Napalys Klicius	51b83dbce5	Merge pull request #19579 from Napalys/js/dom_property_access ... JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions	2025-06-10 15:17:13 +02:00
Taus	e3d9d92f25	JavaScript: Fix duplicate comment	2025-06-10 12:59:03 +00:00
Taus	f08c2fa387	JavaScript: Move tsconfig files into extractor.tsconfig package ... Also make the indentation in `CompilerOptions.java` more consistent.	2025-06-10 12:58:48 +00:00
Napalys Klicius	d968dd0fa1	Removed <strong> usage and updated r?e[m|x] example	2025-06-10 13:34:24 +02:00
Napalys Klicius	65b1275a19	Update javascript/ql/src/RegExp/DuplicateCharacterInCharacterClass.qhelp ... Co-authored-by: Asger F <asgerf@github.com>	2025-06-10 13:26:08 +02:00
Napalys Klicius	e46581163a	Update javascript/ql/lib/Expressions/ExprHasNoEffect.qll ... Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>	2025-06-10 13:23:31 +02:00
Napalys Klicius	496d8d44eb	Update javascript/ql/lib/Expressions/ExprHasNoEffect.qll ... Co-authored-by: Asger F <asgerf@github.com>	2025-06-10 13:19:48 +02:00