hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

11808 Commits

Author SHA1 Message Date
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
fc0c8a8f5a JS: update change note 2025-06-17 08:20:35 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
b14b661cd1 JS: add change note 2025-06-16 14:12:39 +02:00
Napalys Klicius
0c31838aa5 JS: mass add missing quality related tags to relevant queries 2025-06-16 14:05:57 +02:00
Napalys Klicius
0d5f5104d1 Updated UriEncodingSanitizer comment 2025-06-16 13:08:16 +02:00
Napalys Klicius
798721bd71 JS: add change note 2025-06-16 13:08:14 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
eca69e1654 JS: remove serialize-javascript from JsonParsers.qll as it is not a parser 2025-06-16 12:59:36 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
fffbc0c0bc JS: add change note 2025-06-16 10:38:27 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Napalys Klicius
a96ea182c7 JS: add test cases for serialize-javascript with tainted object properties 2025-06-16 09:30:52 +02:00
Vasco-jofra
8c4dbca23c Improve data flow in the async library 2025-06-15 17:59:49 +02:00
Vasco-jofra
e2eca5bbff Update test.expected 2025-06-15 12:12:12 +02:00
Vasco-jofra
6920430073 Improve dependency injection through import function calls 2025-06-15 00:47:34 +02:00
Vasco-jofra
9019879d99 Improve useFactory inter file function detection 2025-06-15 00:32:26 +02:00
Vasco-jofra
477f32c7ff NestJS dependency injection support useValue provider 2025-06-15 00:21:38 +02:00
Vasco-jofra
2b143c86ac NestJS dependency Injection support useFactory provider 2025-06-15 00:09:07 +02:00
Vasco-jofra
baf0d3ef22 Model NestJS middlewares as sources 2025-06-14 23:27:49 +02:00
Vasco-jofra
26f3b40d35 Add lodash GroupBy as taint step 2025-06-14 00:13:03 +02:00
Vasco-jofra
ddf77a0b72 Remove unnecessary spaces 2025-06-13 15:37:27 +02:00
Vasco-jofra
4ea53773b9 Model the TypeORM Repository API 2025-06-13 15:35:46 +02:00
Napalys Klicius
0906d85b39 Merge pull request #19726 from Napalys/js/quality/string_interpolation 
JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.
 2025-06-13 13:36:53 +02:00
Napalys Klicius
28ae39694f Merge pull request #19741 from Napalys/js/quality/suspicious_method_names 
JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.
 2025-06-12 15:30:13 +02:00
Napalys Klicius
10d10286f7 JS: add change notes 2025-06-12 15:23:31 +02:00
Napalys Klicius
885e8369aa JS: add quality and reliability tags to loop-iteration-skipped-due-to-shifting 2025-06-12 15:18:26 +02:00
Napalys Klicius
66d66fe87d JS: fix false positives for splice with conditional index decrement 2025-06-12 14:51:10 +02:00
Napalys Klicius
7292a76ee4 JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting 2025-06-12 14:39:47 +02:00
Napalys Klicius
d7ad625de3 JS: restrict type tracking to strings of interest. 2025-06-12 14:28:00 +02:00
Napalys Klicius
da5cd251be Update javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-12 14:25:00 +02:00
Napalys Klicius
e6d26912e0 Update javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-12 13:10:27 +02:00
Napalys Klicius
7b91a57eb1 JS: add change note. 2025-06-12 12:19:39 +02:00
Napalys Klicius
75ee649362 JS: add change note 2025-06-12 12:14:14 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Napalys Klicius
c5a1421405 JS: promote suspicious-method-name-declaration to quality query. 2025-06-12 09:54:01 +02:00
Napalys Klicius
60e3b0c8e7 JS: Update qhelp and added more examples. 2025-06-12 09:53:56 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Napalys Klicius
92084dd74f JS: add js/template-syntax-in-string-literal to the Code Quality suite. 2025-06-11 11:48:05 +02:00
Napalys Klicius
6811cad687 Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class 
JS: Promote `js/regex/duplicate-in-character-class` to quality
 2025-06-11 11:05:07 +02:00
Asger F
e848aa747b JS: Clarifying comment on commonStep 2025-06-11 10:24:21 +02:00
Asger F
2aa5fa17f7 JS: Add comment and examples in FlowImpl doc 2025-06-11 10:21:24 +02:00
Asger F
72cc439125 JS: Normalize a few more extensions 2025-06-10 17:36:56 +02:00
Asger F
18f9133715 JS: Rename and clarify comment for trackFunctionType 2025-06-10 16:14:46 +02:00
Asger F
a6488cbad9 Update javascript/ql/lib/semmle/javascript/internal/NameResolution.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-06-10 16:06:42 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00