github-actions[bot]
|
18fa6799ce
|
Release preparation for version 2.23.6
|
2025-11-17 16:38:07 +00:00 |
|
Paolo Tranquilli
|
82435218dc
|
Javascript: fix compilation error after scripted replacement
|
2025-11-11 12:44:33 +01:00 |
|
Paolo Tranquilli
|
9d51932124
|
Merge branch 'main' into redsun82/update-rules_java
|
2025-11-11 12:43:05 +01:00 |
|
Napalys Klicius
|
d122534398
|
Merge pull request #20671 from github/napalys/adjust_query_severity
Adjust query severity ratings
|
2025-11-11 12:37:31 +01:00 |
|
Paolo Tranquilli
|
ff62c65cdf
|
Javascript: avoid null pointer exception on boolean values
|
2025-11-11 12:11:49 +01:00 |
|
Paolo Tranquilli
|
6ef314ed03
|
Javascript: fix errors from upcoming rules_java update
|
2025-11-11 11:53:07 +01:00 |
|
github-actions[bot]
|
4014df9a6e
|
Post-release preparation for codeql-cli-2.23.4
|
2025-11-04 17:57:52 +00:00 |
|
Asger F
|
6790684767
|
Merge pull request #20752 from asgerf/actions/dont-fail-if-no-js
Actions: don't fail if no JS/TS code was found
|
2025-11-04 12:19:54 +00:00 |
|
github-actions[bot]
|
64fcdd1f2f
|
Release preparation for version 2.23.4
|
2025-11-03 14:52:23 +00:00 |
|
Asger F
|
c583b480af
|
JS: Add pragma[nomagic] just to be safe
The DIL is unchanged
|
2025-10-30 15:31:51 +01:00 |
|
Asger F
|
1f7671cf5e
|
JS: Ensure integration test contains one valid file
|
2025-10-30 15:31:51 +01:00 |
|
Asger F
|
0acfacefbf
|
JS: Recursively delete source archive so emptiness detection works
|
2025-10-30 15:31:51 +01:00 |
|
Asger F
|
a5819a14be
|
JS: Fix bad join order in getNextToken()
|
2025-10-30 15:31:51 +01:00 |
|
Asger F
|
39f74d808b
|
JS: Add compileForOverlayEval
|
2025-10-30 15:31:51 +01:00 |
|
Nora Dimitrijević
|
a0975e7e19
|
Constrain location overrides to actual sources/sinks
|
2025-10-28 09:42:20 +01:00 |
|
Nora Dimitrijević
|
bb80d83276
|
JS/SSRF
javascript/ql/src/experimental/Security/CWE-918/SSRF.ql
|
2025-10-28 09:40:19 +01:00 |
|
Nora Dimitrijević
|
bcdbe0b50a
|
JS/PolynomialReDoSQuery
javascript/ql/src/Performance/PolynomialReDoS.ql
|
2025-10-28 09:40:16 +01:00 |
|
Nora Dimitrijević
|
94343254e3
|
JS/ShellCommandInjectionFromEnvironmentQuery
javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
|
2025-10-28 09:40:14 +01:00 |
|
Nora Dimitrijević
|
71cf042607
|
JS/IndirectCommandInjectionQuery
javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
|
2025-10-28 09:40:11 +01:00 |
|
Nora Dimitrijević
|
2a30ea923a
|
JS/CommandInjectionQuery
javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql
javascript/ql/src/Security/CWE-078/CommandInjection.ql
|
2025-10-28 09:40:09 +01:00 |
|
Asger F
|
8d49f26f3d
|
Merge pull request #20397 from asgerf/js/build-artifact-leak-fp
JS: Fix FP in js/build-artifact-leak when keys come from an array of constants
|
2025-10-28 06:40:13 +01:00 |
|
Tom Hvitved
|
eb9df008b0
|
JS: Remove two invalid QHelp links
|
2025-10-24 08:45:12 +02:00 |
|
Napalys Klicius
|
9c70ae04fb
|
Add change note
|
2025-10-22 11:48:16 +00:00 |
|
Napalys Klicius
|
fa47174013
|
CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0
|
2025-10-22 11:32:33 +00:00 |
|
Napalys Klicius
|
7b6720ce2c
|
JS: Align DOM XSS query severity with other XSS queries
|
2025-10-22 11:30:34 +00:00 |
|
Asger F
|
d7cf5ef645
|
Merge pull request #20647 from asgerf/js/type-resolution-cache
JS: Avoid magic and improve a join in type resolution
|
2025-10-20 11:50:23 +02:00 |
|
Owen Mansel-Chan
|
66f95bcbcd
|
Merge pull request #20603 from owen-mc/update-broken-algo-qhelp
Many languages: Update broken algo qhelp
|
2025-10-17 12:30:43 +01:00 |
|
Asger F
|
c6577c8590
|
JS: Avoid magic and improve a join in type resolution
|
2025-10-15 11:54:28 +02:00 |
|
Napalys Klicius
|
45e8164f14
|
JS: remove quality tag from SyntaxError query
|
2025-10-15 09:07:11 +02:00 |
|
github-actions[bot]
|
6dd07790ac
|
Post-release preparation for codeql-cli-2.23.3
|
2025-10-14 11:16:33 +00:00 |
|
github-actions[bot]
|
33542f7d40
|
Release preparation for version 2.23.3
|
2025-10-14 09:30:24 +00:00 |
|
Owen Mansel-Chan
|
0bcdb91639
|
Improve qhelp for broken crypto algo queries
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
|
2025-10-08 14:10:54 +01:00 |
|
Asger F
|
10c9b747a5
|
Merge pull request #20586 from asgerf/js/api-graphs-block-this
JS: Restrict receiver-flow in API graphs
|
2025-10-08 08:41:56 +02:00 |
|
Asger F
|
587ad5c600
|
JS: Refine criteria so that explicit this-passing is not affected
|
2025-10-06 11:43:18 +02:00 |
|
Asger F
|
4d33190241
|
JS: Restrict this-argument passing in API graphs
|
2025-10-06 11:42:36 +02:00 |
|
Asger F
|
84c788a027
|
JS: Add API graph test for explicit 'this' passing
|
2025-10-06 11:40:40 +02:00 |
|
github-actions[bot]
|
a7a4e43991
|
Post-release preparation for codeql-cli-2.23.2
|
2025-09-29 15:10:19 +00:00 |
|
github-actions[bot]
|
d2130a589b
|
Release preparation for version 2.23.2
|
2025-09-29 10:28:45 +00:00 |
|
Florin Coada
|
ba520c60d2
|
Update 2.1.0.md
|
2025-09-26 10:11:03 +01:00 |
|
Florin Coada
|
09833e2541
|
Update CHANGELOG for query promotion and acknowledgment
Promote 'Permissive CORS configuration' query to default suite and acknowledge contributor.
|
2025-09-26 10:09:30 +01:00 |
|
Florin Coada
|
2f96e32ec9
|
Update 2.1.0.md
|
2025-09-26 10:08:31 +01:00 |
|
Simon Friis Vindum
|
26aa938acc
|
Merge pull request #20452 from paldepind/rust/mad-source-parameter
Rust, shared: Support `Parameter` in source MaD models
|
2025-09-24 09:37:25 +02:00 |
|
Asger F
|
2e8091f0fb
|
Merge pull request #20419 from asgerf/js/express-json-send
JS: Model Express json and jsonp methods
|
2025-09-24 09:25:32 +02:00 |
|
Simon Friis Vindum
|
7d6e2060e5
|
Adapt all languages to changes in shared library
|
2025-09-22 14:18:58 +02:00 |
|
Napalys Klicius
|
3a6a537986
|
JS: Add change note
|
2025-09-19 14:47:58 +02:00 |
|
Napalys Klicius
|
6cfc950159
|
JS: Model GraphQLObjectType resolve params as sources
|
2025-09-19 14:39:36 +02:00 |
|
Napalys Klicius
|
d88bc8e408
|
JS: Add test case for GraphQLObjectType
|
2025-09-19 14:23:40 +02:00 |
|
Napalys Klicius
|
4f8166a661
|
Merge pull request #20450 from Napalys/js/graph-ql-ench
JS: Improve graphql flow
|
2025-09-17 16:32:01 +02:00 |
|
Ian Lynagh
|
c653d939d9
|
Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1
Post-release preparation for codeql-cli-2.23.1
|
2025-09-17 13:00:14 +01:00 |
|
Michael Nebel
|
6d330891db
|
Merge pull request #20395 from michaelnebel/javascript/code-quality-extended
JS: Add most `medium` precision queries to the `code-quality-extended` suite.
|
2025-09-17 13:47:02 +02:00 |
|