hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

2871 Commits

Author SHA1 Message Date
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
0d5f5104d1 Updated UriEncodingSanitizer comment 2025-06-16 13:08:16 +02:00
Napalys Klicius
798721bd71 JS: add change note 2025-06-16 13:08:14 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
eca69e1654 JS: remove serialize-javascript from JsonParsers.qll as it is not a parser 2025-06-16 12:59:36 +02:00
Napalys Klicius
fffbc0c0bc JS: add change note 2025-06-16 10:38:27 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Vasco-jofra
6920430073 Improve dependency injection through import function calls 2025-06-15 00:47:34 +02:00
Vasco-jofra
9019879d99 Improve useFactory inter file function detection 2025-06-15 00:32:26 +02:00
Vasco-jofra
477f32c7ff NestJS dependency injection support useValue provider 2025-06-15 00:21:38 +02:00
Vasco-jofra
2b143c86ac NestJS dependency Injection support useFactory provider 2025-06-15 00:09:07 +02:00
Vasco-jofra
baf0d3ef22 Model NestJS middlewares as sources 2025-06-14 23:27:49 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Asger F
e848aa747b JS: Clarifying comment on commonStep 2025-06-11 10:24:21 +02:00
Asger F
2aa5fa17f7 JS: Add comment and examples in FlowImpl doc 2025-06-11 10:21:24 +02:00
Asger F
72cc439125 JS: Normalize a few more extensions 2025-06-10 17:36:56 +02:00
Asger F
18f9133715 JS: Rename and clarify comment for trackFunctionType 2025-06-10 16:14:46 +02:00
Asger F
a6488cbad9 Update javascript/ql/lib/semmle/javascript/internal/NameResolution.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-06-10 16:06:42 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00
Napalys Klicius
e46581163a Update javascript/ql/lib/Expressions/ExprHasNoEffect.qll 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-10 13:23:31 +02:00
Napalys Klicius
496d8d44eb Update javascript/ql/lib/Expressions/ExprHasNoEffect.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-10 13:19:48 +02:00
Napalys Klicius
e6f071ce46 Update javascript/ql/lib/Expressions/ExprHasNoEffect.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-10 13:18:48 +02:00
Napalys Klicius
c97da2eda5 Exclude expressions that are part of a conditional expression 2025-06-10 10:56:11 +02:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Taus
b8772bc736 JavaScript: Add change note 2025-06-05 15:06:40 +00:00
GeekMasher
302097ec85 docs(js): Add AxiosInstanceRequest docs 2025-06-05 09:52:25 +01:00
Asger F
691fdb106e JS: Nicer jump-to-def for function declarations 2025-06-04 22:17:42 +02:00
Asger F
57fad7e6c9 JS: Add SatisfiesExpr 2025-06-04 22:17:40 +02:00
Asger F
853ba49212 Update javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-06-04 10:17:25 +02:00
GeekMasher
3b64bd48ab style(js): Update Formatting 2025-06-03 15:59:32 +01:00
GeekMasher
2eb5f10850 feat(js): Add Axios instance support change notes 2025-06-03 15:58:49 +01:00
GeekMasher
6a1cfb6aef feat(js): Add Axios Instance support and add tests 2025-06-03 15:55:23 +01:00
Napalys Klicius
aac56e089a JavaScript: Fix false positive on Flow type annotations in ExprHasNoEffect 2025-06-03 15:26:22 +02:00
Napalys Klicius
46b5ded862 JS: Enhance void context propagation 2025-06-03 15:20:55 +02:00
Napalys Klicius
bf48b59874 JS: Removed exclusion of FunctionExpr from compound statements. 2025-06-03 15:12:26 +02:00
Asger F
9ea4410592 Merge pull request #19587 from asgerf/js/angular2-client-side 
JS: Mark AngularJS $location as client-side remote flow source
 2025-06-03 13:40:01 +02:00
Napalys Klicius
bca1bc7153 JS: Enhance isDomProperty to check for getAPropertyRead on DOM nodes 2025-06-02 14:56:45 +02:00
Napalys Klicius
c981c4fe30 Update javascript/ql/lib/change-notes/2025-05-30-url-package-taint-step.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 13:34:47 +02:00
Napalys Klicius
0b6a747737 Added change note 2025-05-30 18:33:59 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Asger F
076e4a49d5 JS: Mark AngularJS $location as client-side remote flow source 2025-05-27 09:47:43 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Asger F
9bcc62002d JS: Fix regression from global declare vars 2025-05-20 13:20:35 +02:00
Asger F
bba872a3a4 JS: Make jump-to-def behave nicer 2025-05-20 13:20:28 +02:00
Asger F
b8dc1b3125 JS: Remove redundant casts 2025-05-20 13:20:27 +02:00
Asger F
fbafd6fff1 JS: Update to avoid deprecations after import resolution change 2025-05-20 13:20:26 +02:00