hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

2960 Commits

Author SHA1 Message Date
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server 
JS: Model React 'use' and 'use server'
 2025-06-25 09:13:56 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
Napalys Klicius
79a9d7def8 JS: removed execa parts from SystemCommandExecutors and moved it to Execa.qll 2025-06-24 12:41:22 +02:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Asger F
d428eaeef8 Merge pull request #19655 from GeekMasher/js-clientrests-axios 
JS: ClientRequests Axios Instance support
 2025-06-24 10:35:51 +02:00
Napalys Klicius
2218a981f6 Merge pull request #19854 from Napalys/js/sinon 
JS: Explicitly Mark `Sinon` Package as Non RegExp
 2025-06-24 10:24:13 +02:00
Napalys Klicius
8c345461f0 JS: add change note 2025-06-24 09:08:15 +02:00
Napalys Klicius
d8b5cb5862 JS: moved execa out of experimental 2025-06-24 09:07:43 +02:00
Napalys Klicius
33f42444d5 JS: add change note 2025-06-23 20:25:18 +02:00
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Asger F
ea0a80a06a JS: Un-deprecate Actions.qll for now as we have some internal queries that use it. 2025-06-23 16:38:04 +02:00
Asger F
cc1a28ac7e JS: Add parameters of server functions as remote flow sources 2025-06-23 16:03:39 +02:00
Asger F
980d0f46fa JS: Add model for react 'use' 2025-06-23 15:27:21 +02:00
Asger F
0d3bb89195 JS: Deprecate Actions.qll 2025-06-23 14:36:15 +02:00
Asger F
e323833bc3 JS: Fix qldoc coverage 2025-06-23 12:55:19 +02:00
Asger F
07f84a5add JS: Remove an unnecessary import 2025-06-23 12:55:18 +02:00
Asger F
ee9c4fa763 JS: Deprecate everything that depends on type extraction 2025-06-23 12:55:14 +02:00
Asger F
6d389c31c7 JS: Update an outdated QLDoc comment 2025-06-23 12:55:11 +02:00
Asger F
fcb6882f16 JS: Update API usage in MissingAwait 2025-06-23 12:55:09 +02:00
Asger F
e459884b69 JS: Update API usage in ViewComponentInput 2025-06-23 12:55:08 +02:00
Asger F
8b2a424fb0 JS: Update type usage use in Express model 2025-06-23 12:55:05 +02:00
Asger F
b71d09630a JS: Update type usage in Electron model 2025-06-23 12:55:03 +02:00
Asger F
ace8b09a36 JS: Update type usage in ClassValidator.qll 2025-06-23 12:55:01 +02:00
Asger F
9d4c38b5f1 JS: Update type usage in definitions.qll 2025-06-23 12:54:59 +02:00
Asger F
17a687b38f JS: Update type usage in Nest library model 2025-06-23 12:54:57 +02:00
Asger F
b82e84930c JS: Add public API 2025-06-23 12:54:56 +02:00
Asger F
2a0c7c8801 JS: Add classHasGlobalName into NameResolution 2025-06-23 12:54:55 +02:00
Asger F
de9dab9ba3 JS: Move some predicates into NameResolution 2025-06-23 12:54:53 +02:00
Asger F
93c891a987 Merge pull request #19822 from Fdawgs/patch-1 
JS: Update Fastify tld
 2025-06-23 12:49:42 +02:00
Taus
ac8b41a5da Merge pull request #19680 from github/tausbn/javascript-exclude-obviously-generated-files 
JavaScript: Don't extract obviously generated files
 2025-06-20 15:52:39 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
c1b2fd86b2 Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-06-20 14:29:51 +02:00
Frazer Smith
094b67f88c JS: Update Fastify tld 2025-06-19 16:22:46 +01:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
72528749f2 JS: add change note 2025-06-17 08:34:34 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
fc0c8a8f5a JS: update change note 2025-06-17 08:20:35 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
0d5f5104d1 Updated UriEncodingSanitizer comment 2025-06-16 13:08:16 +02:00
Napalys Klicius
798721bd71 JS: add change note 2025-06-16 13:08:14 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
eca69e1654 JS: remove serialize-javascript from JsonParsers.qll as it is not a parser 2025-06-16 12:59:36 +02:00
Napalys Klicius
fffbc0c0bc JS: add change note 2025-06-16 10:38:27 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Vasco-jofra
8c4dbca23c Improve data flow in the async library 2025-06-15 17:59:49 +02:00
Vasco-jofra
6920430073 Improve dependency injection through import function calls 2025-06-15 00:47:34 +02:00
Vasco-jofra
9019879d99 Improve useFactory inter file function detection 2025-06-15 00:32:26 +02:00
Vasco-jofra
477f32c7ff NestJS dependency injection support useValue provider 2025-06-15 00:21:38 +02:00
Vasco-jofra
2b143c86ac NestJS dependency Injection support useFactory provider 2025-06-15 00:09:07 +02:00
Vasco-jofra
baf0d3ef22 Model NestJS middlewares as sources 2025-06-14 23:27:49 +02:00