hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4992 Commits

Author SHA1 Message Date
Asger F
7670a2bd77 Merge pull request #20375 from asgerf/js/promise-try 
JS: Support Promise.try and Array.prototype.with
 2025-09-16 14:44:07 +02:00
Napalys Klicius
97a11de1e3 Merge pull request #20435 from Napalys/js/promisification_modeling 
JS: Promisification library modeling and enhance flow
 2025-09-16 14:07:53 +02:00
Asger F
429c4eac96 JS: Add support for Array.prototype.with 
Note: This was authored by Copilot
 2025-09-16 13:06:59 +02:00
Asger F
ee78b7dc96 JS: Add support for Promise.try 2025-09-16 13:06:57 +02:00
Asger F
45eff3dac8 Merge pull request #20399 from asgerf/js/default-interop2 
JS: Refactor handling of ambiguous default imports
 2025-09-16 13:02:22 +02:00
Asger F
78bfdfd931 Merge pull request #20390 from asgerf/post-update-consistency 
DataFlow: Permit local flow between post-update nodes
 2025-09-16 13:00:29 +02:00
Asger F
65102a073a Merge pull request #19770 from trailofbits/VF/async-package-improvements 
Improve data flow in the `async` package
 2025-09-16 08:55:52 +02:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Napalys Klicius
d6a14e63ba JS: Add test cases for promisification libraries. 2025-09-15 16:21:12 +02:00
Chris Smowton
4fb133a43d Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access 2025-09-12 14:32:07 +01:00
Asger F
ae4cf302f2 Remove failures from dataflow-consistency expectations 2025-09-11 14:49:58 +02:00
Asger F
7a2391f848 JS: Deprecate Portals and delete tests 
This is a super old attempt at model generation, from before MaD even existed. It's obsolete and just have to be removed.
 2025-09-11 11:05:36 +02:00
Asger F
d39263dcac Merge pull request #20317 from asgerf/js/xunit 
JS: Avoid overriding Expr predicates in xUnit.qll
 2025-09-10 13:41:21 +02:00
Asger F
d575d3c9e4 Merge pull request #20374 from asgerf/js/typescript-5.9 
JS: Support TypeScript 5.9 and support 'import defer' syntax
 2025-09-09 20:50:04 +02:00
Asger F
0752dbea9b Merge pull request #20360 from asgerf/js/remove-angularjs-string-special-case 
JS: Remove special treatment of strings in AngularJS code
 2025-09-08 22:48:23 +02:00
Napalys Klicius
8c34b7eaea Merge pull request #20146 from Napalys/js/move-cors-query-from-experimental 
JS: Move cors-misconfiguration query from experimental to Security
 2025-09-08 09:32:38 +02:00
Napalys Klicius
b2feaaceea Merge branch 'main' into js/move-cors-query-from-experimental 2025-09-05 12:11:09 +02:00
Asger F
bab2a79055 JS: Add parsing support in JS parser 2025-09-05 11:57:34 +02:00
Asger F
215602c963 JS: Preserve information about 'defer' keyword 2025-09-05 11:57:33 +02:00
Asger F
76ca1a576f JS: Add basic test for 'import defer' syntax in TypeScript 2025-09-05 11:57:31 +02:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Napalys Klicius
c4c8dbcf7d Merge remote-tracking branch 'origin/main' into js/move-cors-query-from-experimental 2025-09-04 15:24:44 +02:00
Napalys Klicius
d3d608fa33 Updated query description and added a sanitizer 2025-09-04 13:16:37 +00:00
Napalys Klicius
4dac80a998 Replace complex wrapper classes with MaD 2025-09-04 12:19:22 +00:00
Asger F
4926d278a2 JS: Update test output 2025-09-04 13:59:19 +02:00
Michael Nebel
8009ddebce Merge pull request #20329 from michaelnebel/javascript/ql4ql 
JS: Fix some Ql4Ql violations.
 2025-09-04 13:01:37 +02:00
Napalys Klicius
8fc81f4263 Merge branch 'main' into js/remote-property-injection-update 2025-09-03 14:02:19 +02:00
Michael Nebel
8b10ad49d7 JS: Fix some Ql4Ql violations. 2025-09-01 15:17:53 +02:00
Asger F
0d0eaa21a1 Merge pull request #20302 from asgerf/js/simpler-locations 
JS: Remove synthetic locations
 2025-09-01 09:46:13 +02:00
Asger F
57b4534d30 JS: Avoid overriding Expr predicates in xUnit.qll 2025-08-29 13:06:05 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Napalys Klicius
32606584ea JS: add enumeration taint flow to Remote Property Injection query 2025-08-27 10:23:03 +00:00
Napalys Klicius
c39c04cb86 JS: added new test case for remote prop injection via Object.keys 2025-08-27 10:20:57 +00:00
Napalys Klicius
10c10c7d30 JS: fixed typo in folder name 2025-08-27 10:17:39 +00:00
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
b2346183d6 Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model 
JS: Exclude environment variables from `js/regex-injection` query by default
 2025-08-18 09:32:15 +02:00
Tom Hvitved
eb3c054b0f JS: Generate legacy flow steps for all flow summaries 2025-08-06 09:38:49 +02:00
Napalys Klicius
ae4077db72 add taint flow for arg/command-line-args with custom argv option 2025-08-01 13:34:08 +02:00
Napalys Klicius
d6508f34b6 Add taint flow for Commander.js direct property access and action callbacks 2025-08-01 13:24:19 +02:00
Napalys Klicius
39170f327c Added couple more test cases for commander js 2025-08-01 13:14:39 +02:00
Napalys Klicius
6b4e34dd39 Added a step from parse to opts for commander js 2025-08-01 13:12:43 +02:00
Napalys Klicius
e980798ede Added step through yargs/yargs constructor and chained methods. 2025-08-01 12:01:30 +02:00
Napalys Klicius
e8eb9be3f6 Add command injection tests for CLI argument parsing libraries 2025-08-01 11:02:59 +02:00