hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

11858 Commits

Author SHA1 Message Date
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00
CodeQL CI
9dd20f113d Merge pull request #8603 from github/max-schaefer/better-amd-modelling 
Approved by asgerf, erik-krogh
 2022-05-31 03:10:32 -07:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Erik Krogh Kristensen
6cfd790cda Merge pull request #9356 from erik-krogh/getRouting 
JS: rewrite js/sensitive-get-query to use routing trees
 2022-05-31 11:08:54 +02:00
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Erik Krogh Kristensen
95fae8155e fix wrong comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-31 08:38:03 +02:00
Erik Krogh Kristensen
6a6a63e1aa Merge pull request #9354 from erik-krogh/jsStages 
JS: collapse a few small stages
 2022-05-30 20:31:54 +02:00
Asger F
c188aa87c7 Merge branch 'main' into js/madman-prep 2022-05-30 15:03:14 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Erik Krogh Kristensen
b700972e6f fix bad join in XmlParers::getAResult 2022-05-30 12:37:51 +02:00
Max Schaefer
820dfac48c Manually write out a transitive closure. 2022-05-30 12:37:50 +02:00
Max Schaefer
ea70aaff57 Improve detection of UMD modules. 
We previously required the `define` to appear directly as an expression statement, but there are common patterns where this is not the case.
 2022-05-30 12:37:50 +02:00
Max Schaefer
47e425a184 Improve inVoidContext to take conditional expressions into account. 2022-05-30 12:37:50 +02:00
Erik Krogh Kristensen
adb40f9360 Merge pull request #9289 from erik-krogh/es2022 
JS: Support the remaining of the finished ES2022 proposals
 2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
ab28b0a690 Merge pull request #9348 from erik-krogh/polyRegSyntax 
JS: use syntactically correct JS in poly-redos example
 2022-05-30 12:26:04 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Erik Krogh Kristensen
63e637503d rewrite js/sensitive-get-query to use routing trees 2022-05-30 11:55:09 +02:00
Asger F
cc42f2f824 Merge pull request #8606 from asgerf/js/api-graph-api 
JS/Python/Ruby: Document how API graphs should be interpreted
 2022-05-30 10:49:14 +02:00
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Asger F
7e76e9a23b Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-27 15:55:42 +02:00
Asger F
468a4df215 Update javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-27 15:55:25 +02:00
Erik Krogh Kristensen
8c12a7289f collapse a few small stages 2022-05-27 13:19:06 +02:00
Tom Bolton
5830db786e Merge pull request #9285 from github/codeql-ci/js-atm-new-release 
JS: Bump version numbers of ML-powered packs after 0.3.0 release
 2022-05-27 11:39:45 +01:00
Erik Krogh Kristensen
fef87db739 use syntactically correct JS in poly-redos example 2022-05-27 10:08:30 +02:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Erik Krogh Kristensen
361b2aa6bb Merge pull request #9325 from erik-krogh/CWE-940 
JS: add CWE-940 to js/missing-origin-check
 2022-05-25 16:41:40 +02:00
Asger F
a60caced98 JS: Update TRAP output 2022-05-25 15:59:58 +02:00
Asger F
5964be4463 Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-25 15:53:24 +02:00
Asger F
893f4ab8fb Merge pull request #9288 from asgerf/js/resource-exhaustion-no-buffer.from 
JS: Remove Buffer.from sink from js/resource-exhaustion
 2022-05-25 15:51:54 +02:00
Erik Krogh Kristensen
ed907f6f63 add CWE-940 to js/missing-origin-check 2022-05-25 14:15:48 +02:00
Erik Krogh Kristensen
efa895e912 update expected output 2022-05-25 10:33:39 +00:00
Erik Krogh Kristensen
f38d1f9a4e merge main into ts47 2022-05-25 10:13:25 +00:00
Erik Krogh Kristensen
009ba4c280 update query id to the updated id 2022-05-25 10:55:33 +02:00
Asger F
877a9d8bcc JS: Fix FP in js/type-confusion-through-parameter-tampering 2022-05-25 09:53:46 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Erik Krogh Kristensen
2da001ebd7 bump TypeScript version to stable release 2022-05-24 22:55:59 +02:00
tombolton
91fa17a05e simplify imports in counting queries 2022-05-24 15:02:26 +01:00
tombolton
7e32614c25 refactor counting code into a library 2022-05-24 15:02:26 +01:00
tombolton
33964383d7 add individual per-security-query counting queries 2022-05-24 15:02:26 +01:00
Asger F
ced1d21405 JS: Add getters for DeclarationSpace members 2022-05-24 14:30:36 +02:00
Asger F
039a7ba828 JS: Handle .d.mts files when generating module bindings 2022-05-24 14:30:36 +02:00
Asger Feldthaus
a5f2c949d3 JS: Add UnionOrIntersectionTypeExpr 2022-05-24 14:30:36 +02:00
Asger F
ec55c84abf JS: Whitespace fixes in ASTExtractor 2022-05-24 14:30:36 +02:00
Asger F
d7e3e9e5db JS: Fix extraction of identifiers in EXPORT_BASE context 
This is needed to ensure that the base of the RHS of an ImportEqualsDeclaration is bound to a namespace. That is, B below should be bound to a namespace:

import A = B.C.D;
 2022-05-24 14:30:36 +02:00
Asger F
665fa2af59 JS: Add test for export base scope 2022-05-24 14:30:36 +02:00
Asger F
c8bb0e2117 JS: Treat d.ts as a single extension in Folder.getJavaScriptFile 2022-05-24 14:30:36 +02:00