codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	11be15aab1	inline field into the charpred	2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen	f71a64b99d	recognize when the js engine in gray-matter is set to something safe	2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen	22d285f777	add model for the gray-matter libary to js/code-injection	2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen	7cef4322e7	add model for chownr	2022-06-29 22:09:23 +02:00
Andrew Eisenberg	fbeecd6c08	Merge pull request #9744 from github/aeisenberg/move-contextual-queries	2022-06-29 11:44:33 -07:00
Andrew Eisenberg	a3f4d1bf66	Move contextual queries from src to lib With this change, users are now able to run View AST command in vscode within vscode workspaces that do not include the core libraries. The relevant core library only needs to be installed in the package cache.	2022-06-29 07:51:26 -07:00
Erik Krogh Kristensen	0e4954a68c	add navigation.navigate as an XSS / URL sink	2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen	b81251865f	Merge pull request #9716 from erik-krogh/htmlTypeSan JS: sanitize non-strings from html-constructed-from-input	2022-06-28 17:31:00 +02:00
Erik Krogh Kristensen	112caa3f5d	rewrite qldoc based on review	2022-06-28 13:23:44 +02:00
Asger F	c33690381e	JS: Add explicit 'this'	2022-06-28 10:21:44 +02:00
Erik Krogh Kristensen	a343ceaf8b	add suspicious-regexp-range query	2022-06-28 09:49:27 +02:00
Asger F	cc57cb8af5	Merge branch 'main' into post-release-prep/codeql-cli-2.10.0	2022-06-27 20:37:25 +02:00
Erik Krogh Kristensen	34e7589844	sanitize non-strings from unsafe-html-construction	2022-06-27 13:53:44 +02:00
Asger F	9e4116618a	JS: Add CaseSensitiveMiddlewarePath query	2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen	28ac47689f	changes based on reviews	2022-06-24 13:11:46 +02:00
github-actions[bot]	d506f448ef	Post-release preparation for codeql-cli-2.10.0	2022-06-24 07:36:33 +00:00
Erik Krogh Kristensen	724721c5c8	fix typo	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	22871138c6	simplify the recursion between `TTrace` and `isReachableFromStartTuple` similar to the fix made by Shack in `ExponentialBackTracking.qll`	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	be37763125	improve performance of `process()` by pruning accept states early	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	bf20b7dfc5	add change note for the ReDoS renamings	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	14204be2f9	add missing qldoc	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3bea7df45d	add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	13482fc97b	rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp"	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	6b0df9bdfb	refactor the concretize algorithm	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dbeae9aefb	make a parameterized module out of the RegexpMatching implementation	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	7fb3d81d2f	add further normalization of char classses	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3be4a86acd	make ReDoSPruning into a parameterized module	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dc06e9df02	move predicates that depend on isReDoSCandidate into a ReDoSPruning module	2022-06-23 14:36:24 +02:00
github-actions[bot]	a74051c658	Release preparation for version 2.10.0	2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen	3248f7b423	Merge pull request #9649 from RasmusWL/certificate-modeling Python/JS/Ruby: Ignore common words (like certain) as sensitive data source	2022-06-23 12:04:58 +02:00
Erik Krogh Kristensen	08e4c8b195	Merge pull request #9634 from erik-krogh/jqueryParam JS: add all jquery plugin parameters as source to js/html-constructed-from-input	2022-06-23 08:57:20 +02:00
Rasmus Wriedt Larsen	876ba71d9b	Python/JS/Ruby: Add change-note	2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen	2ce4b7b9fc	SensitiveDataHeuristics: sync	2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen	e1c34c11ed	add all jquery plugin parameters as source to js/html-constructed-from-input	2022-06-21 13:22:56 +02:00
Edoardo Pirovano	70dbd92e25	Bump minor version of all regularly released packs	2022-06-21 11:22:58 +01:00
Edoardo Pirovano	ad02b85efa	Merge branch `main` into `rc/3.6`	2022-06-21 11:15:25 +01:00
Asger F	b46ba896dd	Merge pull request #9616 from asgerf/js/without-prop-step-await JS: Add withoutPropStep and model raw 'await' step with it	2022-06-21 09:06:01 +02:00
Erik Krogh Kristensen	79696c6c5f	Merge pull request #9572 from erik-krogh/heuristicSteps JS: add heuristic taint-step for potentially unmodelled libraries	2022-06-21 09:00:58 +02:00
Asger F	a0d3a6b5b1	JS: Add withoutPropStep and model 'await' steps with it	2022-06-20 20:16:07 +02:00
Asger F	ed4c39bbb4	JS: Upgrade script	2022-06-17 14:40:22 +02:00
Asger F	5610f654e9	JS: Add PackageJson.getTypingsModule	2022-06-17 14:40:22 +02:00
Asger F	a3204f6d74	JS: Trim whitespace in dbscheme	2022-06-17 14:40:22 +02:00
Asger F	608de70568	JS: Associate symbols with external module decls	2022-06-17 14:40:22 +02:00
Erik Krogh Kristensen	ce323e215b	add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps	2022-06-15 20:27:49 +02:00
github-actions[bot]	1ed70d51d7	Post-release preparation for codeql-cli-2.9.4	2022-06-15 13:25:20 +00:00
github-actions[bot]	104ac05f49	Release preparation for version 2.9.4	2022-06-15 08:22:38 +00:00
Erik Krogh Kristensen	cb0a6936ad	add support for the "exports" property in a package.json	2022-06-14 13:31:47 +02:00
Erik Krogh Kristensen	92d1c84f05	bind the result in JsonValue::getBooleanValue	2022-06-14 13:22:09 +02:00
Alex Ford	8d195e3188	Merge pull request #9157 from alexrford/crypto-op-block-mode Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`	2022-06-13 21:32:36 +02:00
Asger F	db0ac7b3b3	JS: Fix cartesian product in TypeConfusionThroughParameterTampering	2022-06-01 11:37:23 +02:00

... 42 43 44 45 46 ...

2960 Commits