hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

2955 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
dd5da79e46 recognize setters and getters of a class as exported 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-13 10:04:02 +02:00
erik-krogh
dd5db2e6d7 add to isSanitizerGuard 2022-09-13 07:27:51 +02:00
erik-krogh
3eb7675292 rename to DenyListInclusionGuard 2022-09-13 07:27:31 +02:00
erik-krogh
a567c132c1 fix all ql/unmentioned-guard 2022-09-12 22:42:46 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
erik-krogh
98243118b2 recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment 2022-09-12 13:41:07 +02:00
erik-krogh
afcb767f8d Merge branch 'main' into js-followMsg 2022-09-12 13:21:16 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
Erik Krogh Kristensen
cb95e8f263 Merge pull request #10351 from erik-krogh/moreMains 
JS: find a main module in more cases
 2022-09-12 11:01:17 +02:00
erik-krogh
5010f89683 move resolveMainPath into a separate helper predicate 2022-09-09 14:26:07 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
erik-krogh
aee72357b8 find a main module in more cases 2022-09-08 20:21:31 +02:00
erik-krogh
a21a4275f3 add taint-step in js/insecure-randomness for selecting a random element 2022-09-08 15:00:00 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
Erik Krogh Kristensen
57bf92a70c Merge pull request #10347 from erik-krogh/mermaid 
JS: add a markdown step through the `mermaid` library
 2022-09-08 12:41:58 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Erik Krogh Kristensen
9534f31eac Merge pull request #10343 from erik-krogh/spreadFunction 
JS: recognize calls to `Function` when spread arguments are used
 2022-09-08 09:25:10 +02:00
erik-krogh
0407198dd2 add a markdown step through the mermaid library 2022-09-08 09:23:45 +02:00
Asger F
ada72b865f Merge pull request #10332 from asgerf/js/type-confusion-bugfix 
JS: bugfixes in TypeThroughThroughParameterTampering
 2022-09-08 09:02:16 +02:00
erik-krogh
6447234428 recognize calls to Function where spread arguments are used 2022-09-07 22:55:51 +02:00
Asger F
d31b59e61d JS: Call super in isBarrier() override 2022-09-07 13:40:30 +02:00
Asger F
e3c84eefc1 JS: Correctly recognize Array.isArray calls 2022-09-07 13:39:52 +02:00
Asger F
e8864d072d JS: Remove stray module DF export 2022-09-06 15:06:33 +02:00
Asger F
95c60858d4 Export as DataFlow instead of DF 2022-09-06 15:02:48 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00
Asger F
f07e0592d0 JS: Drive-by fix for accidental recursion 2022-09-06 09:30:02 +02:00
Asger F
2cbba65617 JS: Sync with JS 
fixup JS
 2022-09-06 09:30:02 +02:00
Erik Krogh Kristensen
4e14177614 fix typo in change-note 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
54eb0414cb rename an upper-cased acronym 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
90bc8a5038 run the explicit-this patch on javascript/ 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
b398f968e2 expand change-note to mention classes that have a changed basetype 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
e64f96c1ce rewrite the change-note to emphasise that the change is potentially breaking 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
26f5643f3e update the deprecation notice of RouteExpr such that it points to public APIs 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
e387ebaedd add domNode.innerHTML += sink as a DOM sink 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
74a79f8622 simplify int check 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
73a936104a fix typo in qldoc 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
833480d5c5 add change note 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
5b61db9fd3 refactor miscellaneous expression uses to dataflow nodes 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
6697dd1396 rewrite some expression based predicates in TaintTracking.qll 2022-09-05 16:11:55 +02:00
Erik Krogh Kristensen
b4968eb645 refactor the SensitiveExpr to be a dataflow node 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
0c4f08c841 refactor the CredentialsExpr to be a dataflow node 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
c5b1588096 update the SQL/NoSQL models to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
4d0534352e refactor a use of MethodCallExpr in ClientSideUrlRedirectCustomizations.qll 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
e0e8085b95 update the cryptoLibraries to use dataflow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
aa9261f1b1 convert the AngularJS model to use DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
9bea110d24 convert the DOM model to use DataFlow nodes 2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
2f429e7d29 convert some leftovers to use dataflow nodes 2022-09-05 16:11:54 +02:00