hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

97 Commits

Author SHA1 Message Date
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Asger F
3247babfa5 Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements 
Improve TypeORM model
 2025-06-30 10:40:38 +02:00
Napalys Klicius
3d9e2f5438 Merge pull request #19858 from Napalys/js/execa 
JS: moved `execa` out of experimental
 2025-06-25 10:34:52 +02:00
Napalys Klicius
d05de1ba4e JS: moved execa test cases outside experimental 2025-06-24 09:08:13 +02:00
Asger F
3a00e8d1c5 JS: Remove js/actions/pull-request-target 
Superseded by actions/untrusted-checkout/{medium,high,critical}
 2025-06-23 14:37:21 +02:00
Vasco-jofra
ddf77a0b72 Remove unnecessary spaces 2025-06-13 15:37:27 +02:00
Vasco-jofra
4ea53773b9 Model the TypeORM Repository API 2025-06-13 15:35:46 +02:00
Asger F
75ab4856b8 Remove unsupported features from PoI 2024-12-03 14:30:25 +01:00
Asger F
871bc3b84a JS: Port experimental CorsPermissiveConfiguration to ConfigSig 
The tests show a new (source, sink) pair for an already-flagged sink.

Not sure why it was not flagged originally since the data flow path seems valid, given the steps provided by our models.
 2024-12-03 14:30:20 +01:00
Asger F
f5a6485ef2 JS: Port experimental decodeJwtWithoutVerificationLocalSource 2024-12-03 14:30:19 +01:00
Asger F
72e522631d JS: Port experimental jwtDecodeWithoutVerification to ConfigSig 2024-12-03 14:30:18 +01:00
Asger F
7e162f5451 JS: Port experimental EnvValueInjection to ConfigSig 2024-12-03 14:30:17 +01:00
Asger F
4f839070a0 JS: Port experimental EnvValueAndKeyInjection to ConfigSig 2024-12-03 14:30:16 +01:00
Asger F
8887ca1722 JS: Port an experimental CodeInjection variant to ConfigSig 2024-12-03 14:30:15 +01:00
Asger F
1832e93766 JS: Port FormParsers test to ConfigSig 2024-12-03 14:30:14 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Napalys Klicius
1eabb6cbdd Update javascript/ql/test/experimental/Security/CWE-918/check-regex.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-11 15:40:22 +01:00
Napalys
514375dbf9 Fixes false positives from commit 42600c93ff 2024-11-07 13:00:54 +01:00
Napalys
42600c93ff Added tests which shows false positive SSRF via matchAll 2024-11-07 11:40:20 +01:00
Napalys
449cee91c8 Fixes false positives from commit 445552d3b53ec9592e8e3892cb337d1004b6a432 2024-11-07 10:33:13 +01:00
Napalys
4106663d89 Added tests for regex sanitization to identify false positives matchAll 2024-11-07 10:27:58 +01:00
Asger F
df64388d79 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-02 13:18:38 +02:00
Maiky
d0cf2a978c Merge branch 'main' into maikypedia/javascript-cors 2024-06-27 20:24:42 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
ecf418b8f6 Merge branch 'main' into js/shared-dataflow 2024-06-25 11:48:41 +02:00
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
am0o0
f0a467e80b update tests 2024-06-13 14:52:22 +02:00
am0o0
9db334d02f update select statement, update test cases 2024-06-07 21:26:20 +02:00
am0o0
2c9340331d update test cases expected results 2024-06-07 21:16:31 +02:00
am0o0
5e0a78c4c7 make predicate for env key and value nodes, use propertyRead/Write instead of API nodes to find env key and value assignments, fix a bug thanks to @erik-krogh 2024-06-07 21:15:30 +02:00
am0o0
1033bf9c4c remove unused imports from javascript test cases 2024-06-07 06:04:12 +02:00
am0o0
b9e3b3310e update the remote flow based query thanks to @erik-krogh, update tests and separate the local and remote query tests 2024-06-07 06:01:49 +02:00
am0o0
12df7dee17 Merge branch 'amammad-js-JWT' of https://github.com/amammad/codeql into amammad-js-JWT 2024-06-06 14:04:46 +02:00
Am
af016f9416 Merge branch 'github:main' into amammad-js-JWT 2024-06-06 15:33:26 +03:30
Am
e3e59e02e5 Merge branch 'github:main' into amammad-js-CodeInjection_dynamic_import 2024-06-04 16:22:06 +04:00
am0o0
2b929c4d2d remove old expected test file 2024-05-25 20:45:34 +02:00
am0o0
1fc481ce81 v2: it is basically the first stable version :)) 2024-05-25 20:43:36 +02:00
am0o0
ea05b297a3 update expected test files 2024-05-25 19:40:37 +02:00
am0o0
14daf58767 update tests, add test cases for query with local sources 2024-05-25 18:17:56 +02:00
am0o0
8fde8c2db4 change test dir name 2024-05-25 13:54:31 +02:00
am0o0
0895f7d971 update qlref files 2024-05-21 22:48:17 +02:00
am0o0
c470c078dc move to experimental 2024-05-21 22:42:16 +02:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
amammad
102f09aa23 extend tests 2023-12-10 20:33:00 +01:00
amammad
18d0b28024 v1 2023-12-10 20:27:21 +01:00
amammad
1547cd0546 added inline tests, move to experimental dir 2023-12-05 18:59:46 +01:00