hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

2960 Commits

Author SHA1 Message Date
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00
Max Schaefer
abef8483bd Merge pull request #14600 from github/max-schaefer/express-rate-limit 
JavaScript: Add support for importing `express-rate-limit` using a named import.
 2023-10-26 15:15:22 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
aff848b038 Update javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-10-26 13:06:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
amammad
e3dbdc3887 add custom query builder and active record querybuilder support 2023-10-22 21:39:59 +02:00
Erik Krogh Kristensen
f562d5319f Merge pull request #14539 from flyboss/main 
fix typo ('Configration' to ‘Configuration’)
 2023-10-20 14:10:42 +02:00
flyboss
ee813c1e61 Update UnsafeHtmlConstructionQuery.qll 
add a deprecated alias in case anyone depends on the misspelled name.
 2023-10-20 17:57:23 +08:00
flyboss
86336565eb fix typo 2023-10-19 02:34:31 +00:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00
Arthur Baars
0e3369f93f Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
erik-krogh
69c3e62965 add change-note 2023-10-13 15:16:39 +02:00
Asger F
3c7c5377ec JS: Add content approximation 
This seems to fix a performance issue for RegExpInjection in angular
 2023-10-13 13:15:08 +02:00
Asger F
5775fe6d6e JS: Use TAnyType in FlowSummaryPrivate 2023-10-13 13:15:08 +02:00
Asger F
9faf300dd0 JS: Use type-pruning to restrict callback flow 2023-10-13 13:15:08 +02:00
Asger F
d3f5169e66 JS: Lower field-flow branch limit on Polynomial ReDoS 2023-10-13 13:15:08 +02:00
Asger F
51dec79401 JS: Lower access path limit to 2 2023-10-13 13:15:08 +02:00
Asger F
24bab27ffe JS: Add TODO for dynamic import step 2023-10-13 13:15:08 +02:00
Asger F
b5ad36686e JS: Block flow into window.location 2023-10-13 13:15:08 +02:00
Asger F
0d10aba67d Revert "JS: Add global post-update steps" 
This resulted in huge performance issues from too much global flow
 2023-10-13 13:15:07 +02:00
Asger F
50aace3fa3 JS: Add global post-update steps 2023-10-13 13:15:07 +02:00
Asger F
c55300d4b0 JS: Port PolynomialReDoS 2023-10-13 13:15:06 +02:00
Asger F
b8847dbc5d JS: Port Xxe 2023-10-13 13:15:06 +02:00
Asger F
c2d170b4fd JS: Port XpathInjection 2023-10-13 13:15:06 +02:00
Asger F
03f8c0fc5e JS: Port XmlBomb 2023-10-13 13:15:06 +02:00
Asger F
83095535f9 JS: Port UnvalidatedDynamicMethodCall 2023-10-13 13:15:06 +02:00
Asger F
ba9edb4e54 JS: Port UnsafeShellCommandConstruction 2023-10-13 13:15:06 +02:00
Asger F
d08e4504ff JS: Port UnsafeJQueryPlugin 2023-10-13 13:15:06 +02:00
Asger F
6e3f4bd7d8 JS: Port UnsafeHtmlConstruction 2023-10-13 13:15:06 +02:00
Asger F
7f4d42ddcd JS: Port UnsafeDynamicMethodAccess 2023-10-13 13:15:06 +02:00
Asger F
758f42495c JS: Port UnsafeDeserialization 2023-10-13 13:15:05 +02:00
Asger F
32022ccbda JS: Port UnsafeCodeConstruction 2023-10-13 13:15:05 +02:00
Asger F
5af608c937 JS: Port TypeConfusionThroughParameterTampering 2023-10-13 13:15:05 +02:00
Asger F
25962a9ba6 JS: Port TemplateObjectInjection 2023-10-13 13:15:05 +02:00
Asger F
51624c02a2 JS: Port TaintedFormatString 2023-10-13 13:15:05 +02:00
Asger F
63343b1ba4 JS: Port StackTraceExposure 2023-10-13 13:15:05 +02:00
Asger F
d446444667 JS: Port ShellCommandInjectionFromEnvironment 2023-10-13 13:15:05 +02:00
Asger F
06835a800c JS: Port SecondOrderCommandInjection 2023-10-13 13:15:05 +02:00
Asger F
4af7694309 JS: Port ResourceExhaustion 2023-10-13 13:15:05 +02:00
Asger F
b9bd0520e2 JS: Port RemotePropertyInjection 2023-10-13 13:15:05 +02:00
Asger F
dcc73a7f90 JS: Port RegExpInjection 2023-10-13 13:15:05 +02:00
Asger F
2400af4bc3 JS: Port PostMessageStar 2023-10-13 13:15:05 +02:00
Asger F
e1fae3d16d JS: Port InsufficientPasswordHash 2023-10-13 13:15:05 +02:00
Asger F
fd98b2546d JS: Port InsecureTemporaryFile 2023-10-13 13:15:05 +02:00
Asger F
cd1a1e25ae JS: Port InsecureRandomness 2023-10-13 13:15:05 +02:00
Asger F
99f63b1cfa JS: Port InsecureDownload 2023-10-13 13:15:05 +02:00