hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

11884 Commits

Author SHA1 Message Date
github-actions[bot]
6342da9503 Release preparation for version 2.23.4 2025-11-07 17:37:29 +00:00
Michael B. Gale
6ce8f07290 Revert "Release preparation for version 2.23.4" 2025-11-07 17:28:28 +00:00
Asger F
6790684767 Merge pull request #20752 from asgerf/actions/dont-fail-if-no-js 
Actions: don't fail if no JS/TS code was found
 2025-11-04 12:19:54 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Asger F
c583b480af JS: Add pragma[nomagic] just to be safe 
The DIL is unchanged
 2025-10-30 15:31:51 +01:00
Asger F
1f7671cf5e JS: Ensure integration test contains one valid file 2025-10-30 15:31:51 +01:00
Asger F
0acfacefbf JS: Recursively delete source archive so emptiness detection works 2025-10-30 15:31:51 +01:00
Asger F
a5819a14be JS: Fix bad join order in getNextToken() 2025-10-30 15:31:51 +01:00
Asger F
39f74d808b JS: Add compileForOverlayEval 2025-10-30 15:31:51 +01:00
Nora Dimitrijević
a0975e7e19 Constrain location overrides to actual sources/sinks 2025-10-28 09:42:20 +01:00
Nora Dimitrijević
bb80d83276 JS/SSRF 
javascript/ql/src/experimental/Security/CWE-918/SSRF.ql
 2025-10-28 09:40:19 +01:00
Nora Dimitrijević
bcdbe0b50a JS/PolynomialReDoSQuery 
javascript/ql/src/Performance/PolynomialReDoS.ql
 2025-10-28 09:40:16 +01:00
Nora Dimitrijević
94343254e3 JS/ShellCommandInjectionFromEnvironmentQuery 
javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
 2025-10-28 09:40:14 +01:00
Nora Dimitrijević
71cf042607 JS/IndirectCommandInjectionQuery 
javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
 2025-10-28 09:40:11 +01:00
Nora Dimitrijević
2a30ea923a JS/CommandInjectionQuery 
javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql

javascript/ql/src/Security/CWE-078/CommandInjection.ql
 2025-10-28 09:40:09 +01:00
Asger F
8d49f26f3d Merge pull request #20397 from asgerf/js/build-artifact-leak-fp 
JS: Fix FP in js/build-artifact-leak when keys come from an array of constants
 2025-10-28 06:40:13 +01:00
Tom Hvitved
eb9df008b0 JS: Remove two invalid QHelp links 2025-10-24 08:45:12 +02:00
Asger F
d7cf5ef645 Merge pull request #20647 from asgerf/js/type-resolution-cache 
JS: Avoid magic and improve a join in type resolution
 2025-10-20 11:50:23 +02:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
Asger F
c6577c8590 JS: Avoid magic and improve a join in type resolution 2025-10-15 11:54:28 +02:00
Napalys Klicius
45e8164f14 JS: remove quality tag from SyntaxError query 2025-10-15 09:07:11 +02:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Asger F
10c9b747a5 Merge pull request #20586 from asgerf/js/api-graphs-block-this 
JS: Restrict receiver-flow in API graphs
 2025-10-08 08:41:56 +02:00
Asger F
587ad5c600 JS: Refine criteria so that explicit this-passing is not affected 2025-10-06 11:43:18 +02:00
Asger F
4d33190241 JS: Restrict this-argument passing in API graphs 2025-10-06 11:42:36 +02:00
Asger F
84c788a027 JS: Add API graph test for explicit 'this' passing 2025-10-06 11:40:40 +02:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Florin Coada
ba520c60d2 Update 2.1.0.md 2025-09-26 10:11:03 +01:00
Florin Coada
09833e2541 Update CHANGELOG for query promotion and acknowledgment 
Promote 'Permissive CORS configuration' query to default suite and acknowledge contributor.
 2025-09-26 10:09:30 +01:00
Florin Coada
2f96e32ec9 Update 2.1.0.md 2025-09-26 10:08:31 +01:00
Simon Friis Vindum
26aa938acc Merge pull request #20452 from paldepind/rust/mad-source-parameter 
Rust, shared: Support `Parameter` in source MaD models
 2025-09-24 09:37:25 +02:00
Asger F
2e8091f0fb Merge pull request #20419 from asgerf/js/express-json-send 
JS: Model Express json and jsonp methods
 2025-09-24 09:25:32 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Napalys Klicius
3a6a537986 JS: Add change note 2025-09-19 14:47:58 +02:00
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Napalys Klicius
d88bc8e408 JS: Add test case for GraphQLObjectType 2025-09-19 14:23:40 +02:00
Napalys Klicius
4f8166a661 Merge pull request #20450 from Napalys/js/graph-ql-ench 
JS: Improve graphql flow
 2025-09-17 16:32:01 +02:00
Ian Lynagh
c653d939d9 Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1 
Post-release preparation for codeql-cli-2.23.1
 2025-09-17 13:00:14 +01:00
Michael Nebel
6d330891db Merge pull request #20395 from michaelnebel/javascript/code-quality-extended 
JS: Add most `medium` precision queries to the `code-quality-extended` suite.
 2025-09-17 13:47:02 +02:00
Napalys Klicius
7affcf40c2 JS: Add variableValues to the previous summaryModel to enchance the flow. 2025-09-17 12:24:14 +02:00
Napalys Klicius
6c18b4de40 JS: Add test case for graph ql variableValues injection 2025-09-17 12:21:21 +02:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Napalys Klicius
6d461d6b50 JS: Add change note 2025-09-17 11:48:49 +02:00
Napalys Klicius
4282005e32 JS: Add summary model for graphql's rootValue 2025-09-17 11:48:44 +02:00
Napalys Klicius
a6d728a66d JS: Add test case with missing alert using graphql 2025-09-17 11:23:49 +02:00
Napalys Klicius
ca667b5131 JS: fix test expectations from rebasing 2025-09-17 10:24:45 +02:00
Napalys Klicius
4df8db0d7e Renamed AWS-V3-Common to @aws-sdk/client.Client 2025-09-17 10:21:29 +02:00