hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

2960 Commits

Author SHA1 Message Date
Asger F
dba76a0e4d JS: Rerun patch query after bugfix 2025-01-23 10:31:32 +01:00
Asger F
4161f455b8 Revert "Add view-component-input for testing" 
This reverts commit 6954039a6d106e3611a0892972a979fd45310d1a.
 2025-01-22 10:45:52 +01:00
Asger F
e5c0390972 Add view-component-input for testing 2025-01-22 10:45:50 +01:00
Asger F
d647c7b14d JS: Replace 'instanceof ClientSideRemoteFlowSource' 2025-01-22 10:45:49 +01:00
Asger F
3061d51b20 JS: Add ThreatModelSource#isCilentSideSource() 2025-01-22 10:45:48 +01:00
Asger F
327bdc0b02 JS: Use TypeScript types to restrict ViewComponentInputs in general 2025-01-22 10:45:47 +01:00
Asger F
b015c88c79 JS: Add view-component-input threat model 2025-01-22 10:45:46 +01:00
github-actions[bot]
fbb7f0a0c6 Post-release preparation for codeql-cli-2.20.2 2025-01-20 21:11:14 +00:00
github-actions[bot]
a0512a50f2 Release preparation for version 2.20.2 2025-01-20 21:11:12 +00:00
Asger F
683ebcaf16 Revert "JS: Add dummy extension with an empty diff" 
This reverts commit 6e9b95d4e85f4829e788400575570bdb65eda6f6.
 2025-01-20 11:20:35 +01:00
Asger F
a948915bb0 JS: Add dummy extension with an empty diff 2025-01-20 11:20:33 +01:00
Asger F
7c29ea9dda JS: Update ExternalAPIUsedwithUntrustedData 2025-01-20 11:20:32 +01:00
Asger F
ecbd7983ba JS: Update DifferentKindsComparisonBypassQuery.qll 2025-01-20 11:20:31 +01:00
Asger F
29da1fb6c8 JS: Update ConditionalBypassQuery.qll 2025-01-20 11:20:30 +01:00
Asger F
fd763a0883 JS: Auto-patch diff informed queries 2025-01-20 11:20:27 +01:00
Asger F
859783c08b JS: Support [(ngModel)] 2025-01-17 10:26:57 +01:00
Asger F
97f5559e64 JS: Recognise form input from NgForm 2025-01-17 10:22:20 +01:00
Asger F
d4daa21318 JS: Add DOM event sources in Angular2 model 2025-01-17 10:20:22 +01:00
Asger F
6f46a34873 JS: Refactor domEventSource() into a Range class 2025-01-17 10:12:40 +01:00
Asger F
bd2febcf00 JS: Implementing new signature members in StepInputSig 2025-01-16 13:38:08 +01:00
Asger F
6cd9752289 Merge pull request #18467 from github/js/shared-dataflow-branch 
JS: Migrate to shared data flow library (targeting main!) 🚀
 2025-01-16 11:28:57 +01:00
Geoffrey White
90faab456d Merge pull request #18473 from geoffw0/sensitive2 
Improve shared sensitive data library handling of snake_case variable names
 2025-01-15 18:02:33 +00:00
Geoffrey White
5ef5b04aac Add change notes. 2025-01-10 11:16:53 +00:00
Geoffrey White
f8659c0a4e Sync identical files. 2025-01-10 10:26:13 +00:00
Paul Hodgkinson
1ada51130f Merge branch 'main' into angular-sources-sinks 2025-01-09 18:03:04 +00:00
aegilops
e7881a8c7f Fix typo 2025-01-09 17:11:06 +00:00
aegilops
62599b2a12 Formatted 2025-01-09 17:02:37 +00:00
aegilops
98b4c35844 Set doc string on getElementNode predicate 2025-01-09 17:00:01 +00:00
Asger F
9c4d378a1d JS: Remove TODO comment 
It is not subsumed by the other case, both cases are needed
 2025-01-09 10:17:16 +01:00
Asger F
3f2882e1c6 JS: Remove an obsolete comment 
The RHS of an assignment actually has a post-update node now
 2025-01-09 09:59:23 +01:00
Asger F
b2d62a080b JS: Move a test failure explanation into the test suite 
We have an issue for fixing the underlying problem
 2025-01-09 09:57:44 +01:00
Asger F
d9da9444fa JS: Rephrase TODO 
This is useful info, but not something that can be fixed locally in this query, so a TODO comment isn't helping
 2025-01-09 09:45:39 +01:00
Asger F
3def8ecdee JS: Remove unimportant TODO 2025-01-09 09:43:03 +01:00
Asger F
388dd871e1 JS: Remove TODO tracked by an issue. 
This requires changes to the shared data flow library, not something we should track with a TODO in the JS codebase
 2025-01-09 09:41:40 +01:00
Asger F
8b060c4294 JS: Remove TODO about evaluating legacy steps 
There is an issue for tracking this. It's not a small fix.
 2025-01-09 09:40:29 +01:00
Asger F
a8f93cac05 JS: Remove obsolete comment 
The test case actually has the correct result now
 2025-01-09 09:39:32 +01:00
Asger F
dd37c474d8 JS: Remove mention of results from comments 2025-01-09 09:39:30 +01:00
Asger F
fb54a3bde8 JS: Remove obsolete TODO comment 2025-01-09 09:39:29 +01:00
Asger F
b29ee2acde JS: Remove references to localFieldStep 
These are tracked in https://github.com/github/codeql-javascript-team/issues/456
 2025-01-09 09:39:27 +01:00
Asger F
7766f97232 JS: Remove obsolete TODO 2025-01-09 09:39:26 +01:00
Asger F
8ac08db5c2 JS: Remove TODOs about WithArrayElement not being a taint step 
This isn't going to become a taint step, the workaround is the permanent solution
 2025-01-09 09:39:23 +01:00
Asger F
3cc1525985 JS: Remove obsolete TODOs 2025-01-09 09:19:30 +01:00
Asger F
1997e0a7b6 Merge pull request #18427 from asgerf/jss/change-note 
JS: Add migration guide and change note
 2025-01-09 09:13:16 +01:00
aegilops
4b57d5feb2 Added XSS sink for innerHTML/outerHTML using new Angular attribute def 2025-01-08 16:36:46 +00:00
aegilops
2dc9e7bab7 Moved def from AngularJSCore to Angular2 2025-01-08 16:36:10 +00:00
Asger F
b6b93dcead Merge pull request #18392 from asgerf/jss/deprecate-modules 
JS: Deprecate some .qll files
 2025-01-08 11:10:28 +01:00
Asger F
062391334e JS: Remove notes about changing API in the future 2025-01-08 09:15:13 +01:00
Asger F
df9b95575e JS: Add deprecation qldoc to Configuration classes 2025-01-08 09:15:12 +01:00
Asger F
e7d267e5d2 JS: Add migration guide and change note 2025-01-08 09:12:38 +01:00
Asger F
36f0d2f63e JS: Move VarAccessBarrier outside the deprecated Configuration.qll file 2025-01-08 08:56:53 +01:00