hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

70 Commits

Author SHA1 Message Date
Asger F
2a4d6830ec JS: An array of constants should be considered "filtered" 2025-09-10 11:07:32 +02:00
Asger F
602dae0592 JS: Add test showing FP 2025-09-10 10:58:34 +02:00
Asger F
36e18c2a89 JS: Enable inline expectations in BuildArtifactLeak 
The tests already have the annotations, it just seems to have been disable by accident
 2025-09-10 10:56:34 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Asger F
9dcb61e771 JS: Remove js/actions/actions-artifact-leak 
Superseded by actions/secrets-in-artifacts
 2025-06-23 14:39:28 +02:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
193b26e938 JS: Add query IDs 2025-02-28 13:29:37 +01:00
Asger F
c67c5854ba Disable for more queries with alerts in JSON 2025-02-28 13:29:35 +01:00
Asger F
64d39da5f8 JS: Accept Sources/Sink tags 2025-02-28 13:29:30 +01:00
Asger F
fc95702341 JS: Accept some more alerts from CleartextStorage 2025-02-28 13:28:14 +01:00
Asger F
51b45598c4 JS: Move an alert and add query ID 2025-02-28 13:28:13 +01:00
Asger F
e91a046a17 JS: Mark a spurious alert 2025-02-28 13:28:12 +01:00
Asger F
b54ff3b5b3 JS: Accept an alert 2025-02-28 13:28:10 +01:00
Asger F
10a7294327 JS: Accept trivial test changes 
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.

In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
 2025-02-28 13:27:43 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
789a7bdb48 JS: Disable for test with alerts in a JSON file 
JSON does not support comments so we can't use inline expectations
 2025-02-28 13:27:36 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
erik-krogh
37a1727043 fix example in clear-text-logging qhelp to actually be bad 2025-01-27 11:31:28 +01:00
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Napalys Klicius
9ca0fe4cbf Update RegExp handling and add test case 
Co-authored-by: erik-krogh <erik-krogh@github.com>
 2024-11-28 14:13:40 +01:00
Napalys
e673348ed3 JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information 2024-11-28 11:26:56 +01:00
Napalys
a2c46749c6 JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects 2024-11-28 11:26:55 +01:00
Napalys
1ca57cfb9d JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results 2024-11-28 11:26:54 +01:00
Asger F
52ba91a7f8 JS: Updates to nodes/edges in tests 
Only changes to nodes/edges for various reasons, no actual result changes
 2024-10-29 08:32:13 +01:00
Asger F
1243188825 JS: Update CleartextLogging with fixed FP 2024-10-29 08:32:11 +01:00
Asger F
12e316b99d JS: Update test output after merging in 'main' 
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
 2024-10-08 10:11:15 +02:00
Asger F
1cd00a118c Merge branch 'main' into js/shared-dataflow-merge-main 2024-09-18 14:57:50 +02:00
Alvaro Muñoz
5d1da861a2 fix: Use YamlScalar for booleans 2024-09-06 23:21:41 +02:00
Alvaro Muñoz
d9e8792d33 [javascript] Query to detect GITHUB_TOKEN leaked in artifacts 2024-09-06 22:55:58 +02:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Asger F
2d814428d6 JS: Update expected output with provenance 2024-08-06 12:45:08 +02:00
Asger F
c3806a2210 JS: Messy test output updates 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
 2024-06-27 11:59:56 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
2296a273c4 JS: Port BuildArtifactLeak 2023-10-13 13:15:04 +02:00
Asger F
40d68cb4dc JS: Port CleartextStorage 2023-10-13 13:15:04 +02:00
Asger F
b8a6f81669 JS: Port CleartextLogging 2023-10-13 13:15:04 +02:00
Asger F
944a2ca825 JS: Replace ClearTextLogging::isSanitizerEdge with a node 2023-07-11 14:20:17 +02:00
Erik Krogh Kristensen
724a31b746 fix comment that wasn't updated in test 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-10 15:56:44 +01:00
erik-krogh
23add8a72b recognize passcode as sensitive 2022-11-09 11:30:57 +01:00
erik-krogh
e0bcfe2afb add failing test 2022-11-09 11:30:31 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
24f2e3cc07 update alert-messages of the sensitive data queries to match #10314 2022-09-06 12:25:36 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
Asger Feldthaus
b85739cb7e JS: Update test output 2022-04-07 13:23:26 +02:00
Erik Krogh Kristensen
431c995131 add support for the debug library 2021-06-02 23:11:15 +02:00
Erik Krogh Kristensen
64828713d6 remove FPs in js/build-artifact-leak where the "leaked" properties are constrained to a safe subset 2020-11-18 10:35:02 +01:00