hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

11852 Commits

Author SHA1 Message Date
Asger F
22b56a4a40 JS: More implied receiver steps 2024-03-26 10:23:08 +01:00
Asger F
f2939bd05b JS: Add test case 2024-03-26 10:23:08 +01:00
Asger F
f8641dd82d JS: Fix use of deprecated alias 2024-03-26 09:39:39 +01:00
Asger F
a0b49b23f5 JS: Add UseServer and UseClient directives 2024-03-26 09:39:39 +01:00
Asger F
1d22e65851 JS: Move Directive subclasses into Directive module 2024-03-26 09:39:37 +01:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Rasmus Wriedt Larsen
0515b12305 JS: Add example of bad NodeJS detection 
Notice the TRAP lines

```
is_module(#20001)
is_es2015_module(#20001)
```
 2024-03-25 11:36:21 +01:00
Erik Krogh Kristensen
45ce988943 Merge pull request #16002 from erik-krogh/tarBlank 
JS: change the precision of the `js/unsafe-external-link` query to `low`
 2024-03-22 17:12:58 +01:00
Erik Krogh Kristensen
7d968184fd improve the change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2024-03-22 13:58:34 +01:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
erik-krogh
54a1c25276 change the precision of the js/unsafe-external-link query to low 2024-03-21 10:32:15 +01:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Tom Hvitved
61ef9e2e5c JS: Switch to shared XML.qll implementation 2024-03-19 13:17:50 +01:00
Rasmus Wriedt Larsen
d78efdb67b Merge pull request #15883 from RasmusWL/js-cg-tests 
JS: show test changes after #15823
 2024-03-19 09:58:20 +01:00
Tom Hvitved
5ab1047b14 Merge pull request #15882 from hvitved/js/dataflow-node-get-location 
JS: Add `DataFlow::Node.getLocation`
 2024-03-19 09:21:00 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
Rasmus Wriedt Larsen
c82f5dad56 JS: show test changes after #15823 2024-03-18 13:09:37 +01:00
Rasmus Wriedt Larsen
28c3d35e9b Merge commit '7c35309732dd2aa4dc0b4e2949922272ad448854' into js-cg-tests 2024-03-18 13:08:46 +01:00
Rasmus Wriedt Larsen
f9309cec0b JS: Add tests before #15823 changes 2024-03-18 13:08:39 +01:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Asger F
711a08b0d4 JS: Add TODO about switching to the shared library 2024-03-15 09:26:19 +01:00
Asger F
eff5f3b7d6 JS: Remove duplicate dependency from qlpack.yml 2024-03-13 20:43:44 +01:00
Tom Hvitved
54fa8181da Address review comment 2024-03-13 20:03:01 +01:00
Erik Krogh Kristensen
bd121b98ae Merge pull request #15893 from erik-krogh/more-filter-taint 
JS: allow more flow through .filter()
 2024-03-13 16:19:28 +01:00
Asger F
8ecdb5cefe Update VariableCapture.qll 2024-03-13 15:24:20 +01:00
Asger F
82abd867a0 JS: Update uses of AccessPathSyntax 
This doesn't yet migrate to the FlowSummaryImpl.qll in a qlpack, just trying to make things compile first
 2024-03-13 15:17:58 +01:00
Asger F
e5bc8db2f0 JS: Fix conflicting default for visbleImplInCallContext 2024-03-13 15:17:08 +01:00
Asger F
bb1f729a3f Update VariableCapture.qll 2024-03-13 15:16:37 +01:00
Asger F
97567f412e JS: Update VariableCapture.qll after changes to API 2024-03-13 14:53:00 +01:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Erik Krogh Kristensen
53502a8662 Merge pull request #15510 from yoff/ts-54 
JS: Add support for TS 5.4
 2024-03-13 14:22:24 +01:00
Tom Hvitved
16cef92106 JS: Add DataFlow::Node.getLocation 2024-03-13 13:06:16 +01:00
Asger F
c5a02dae2b Merge pull request #15768 from asgerf/js/amd-pseudo-deps 
JS: Do not treat AMD pseudo-dependencies as imports
 2024-03-13 12:49:17 +01:00
Asger F
fa8933eb41 JS: Reduce duplication in UnsafeDynamicMethodAccessQuery 2024-03-13 12:30:05 +01:00
Asger F
ea4bc9cdbb JS: Comment about manually applying taint steps 2024-03-13 12:30:05 +01:00
erik-krogh
129286aa1c allow more flow through .filter() 2024-03-13 12:03:00 +01:00
Asger F
406b080ce3 JS: Add comment about allowImplicitRead in PostMessageStar 2024-03-13 11:30:52 +01:00
Asger F
0a2050bc42 JS: Deduplicate predicate in HostHeaderPoisoningQuery 2024-03-13 11:27:18 +01:00
Asger F
11983faccf JS: Remove out-commented code 2024-03-13 11:26:56 +01:00
Asger F
b31f20a64e JS: Explain why ObjetWrapperFlowLabel is deprecated 2024-03-13 11:08:25 +01:00
Asger F
e0aae53ac7 JS: Remove unnecessary BarrierGuardLegacy class 2024-03-13 11:05:23 +01:00
Asger F
fce2be0af3 JS: Use BarrierGuardLegacy in TaintedPath 2024-03-13 11:02:09 +01:00
Asger F
e640154048 JS: Be backwards compatible with AdditionalBarrierGuardNode 
I've confirmed that the 'legacyBarrier' predicate does not occur in the DIL
 2024-03-13 10:54:02 +01:00
Asger F
14e75be510 JS: Expand comments and synthetic node name in ForOfLoops 2024-03-13 09:27:00 +01:00
Asger F
e66f27cfe3 JS: Move hasWildcardReplaceRegExp to a shared place 2024-03-13 09:19:26 +01:00
Asger F
4043bc13ab JS: Explicit mark comment as a TODO 2024-03-13 09:19:03 +01:00
Asger F
858c79e395 JS: Add plain taint step through Promise.all() 2024-03-13 08:57:42 +01:00