hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

2976 Commits

Author SHA1 Message Date
Asger F
079294e55f JS: Mass rename to node1,state1,node2,state2 naming convention 2024-12-16 15:35:46 +01:00
Asger F
ac6da6c2b1 JS: Add some missing qldoc 2024-12-16 15:35:44 +01:00
Asger F
d993c888b1 JS: Deprecate the FlowLabel class 2024-12-16 15:35:43 +01:00
Asger F
c951a29e2a JS: Migrate UnvalidatedDynamicMethodCall 2024-12-16 15:35:34 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
820f81fc10 JS: Migrate UnsafeDynamicMethodAccess 2024-12-13 11:32:25 +01:00
Asger F
a9e89ed8e3 JS: Migrate PrototypePollutingAssignment 2024-12-13 11:23:31 +01:00
Asger F
bcc1669f4c JS: Migrate InsecureDownload 2024-12-13 11:10:14 +01:00
Asger F
4e25036cdc JS: Follow naming convention in InsecureModuleFlow module 2024-12-13 11:09:59 +01:00
Asger F
d381ab1260 JS: Migrate IncompleteHtmlAttributeSanitization 2024-12-13 10:55:00 +01:00
Asger F
2112ecc44d JS: Migrate HardcodedDataInterpretedAsCode 2024-12-13 10:48:43 +01:00
Asger F
dc3d7a0159 Update ExceptionXssCustomizations.qll 2024-12-13 10:47:04 +01:00
Asger F
42a7208704 JS: Migrate ExceptionXss 2024-12-13 10:29:32 +01:00
Asger F
d9a43dbd85 JS: Migrate UnsafeHtmlConstruction 2024-12-13 10:08:17 +01:00
Asger F
8907252814 JS: Migrate TemplateObjectInjection 2024-12-13 10:08:16 +01:00
Asger F
3573f0b065 JS: Migrate SecondOrderCommandInjection 2024-12-13 10:08:15 +01:00
Asger F
355f7cdd54 JS: Migrate PrototypePollutingMergeCall 2024-12-13 10:08:13 +01:00
Asger F
c38e3a23eb JS: Migrate NoSqlInjection 2024-12-13 10:08:12 +01:00
Asger F
8e8de5cf23 JS: Migrate LoopBoundInjection 2024-12-13 10:08:11 +01:00
Asger F
daddff0dc6 JS: Avoid deprecation warning in XssThroughDom 2024-12-13 10:08:10 +01:00
Asger F
15d999a9dc JS: Migrate DeepObjectResourceExhaustion 2024-12-13 10:08:09 +01:00
Asger F
5f42a715f6 JS: Migrate TaintedObject to a CommonFlowState 2024-12-13 10:08:08 +01:00
Asger F
12289d4c39 JS: Migrate DomBasedXssQuery to FlowState 2024-12-13 10:08:06 +01:00
Asger F
114d4a141a JS: Move FlowState definition into CommonFlowState 
Needed for migrating the XSS query
 2024-12-13 10:08:05 +01:00
Asger F
3cf14d8506 JS: Migrate ClientSideUrlRedirect to flow state 2024-12-13 10:08:03 +01:00
Asger F
cca980298f JS: Use flow state in barrier and step relations 2024-12-13 10:08:02 +01:00
Asger F
a8fdd759f9 JS: Add FlowState class to TaintedUrlSuffix 2024-12-13 10:08:01 +01:00
Asger F
a53d294d91 Merge pull request #18203 from asgerf/jss/document-url 
JS: Use TaintedUrlSuffix in ClientSideUrlRedirect
 2024-12-12 15:47:51 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Geoffrey White
44a0ad2942 Update data-flow -> data flow in all versions of ConceptsShared.qll. 2024-12-12 13:36:26 +00:00
Asger F
97b78e752b JS: Added more qldoc 2024-12-12 13:10:52 +01:00
Asger F
77f8e8ef4e JS: Use FlowState::fromFlowLabel instead of Label::toFlowState 
This works better for other queries where we don't already have a module named Label
 2024-12-10 11:57:18 +01:00
Asger F
38c9023dd9 JS: FlowLabel -> FlowState in ZipSlip 2024-12-10 11:16:07 +01:00
Asger F
0cd01cb96f JS: Use node1,state1,node2,state2 naming convention in tainted path 2024-12-10 11:16:05 +01:00
Asger F
0802107d9a JS: Flow label -> flow state in TaintedPath 2024-12-10 11:16:04 +01:00
Asger F
66eb458134 JS: Handle match/matchAll and unknown regexps 2024-12-09 15:38:36 +01:00
Asger F
6e7c5a3707 JS: Slightly more general getRoot() 2024-12-09 15:05:45 +01:00
Asger F
be617cee4a JS: More precise handling of .exec() 2024-12-09 15:03:51 +01:00
Asger F
2a2a4d2b67 JS: Add TaintedUrlSuffixCustomizations 
Importing TaintedUrlSuffix.qll causes the flow label to materialised in unrelated queries, so:

- Renames TaintedUrlSuffix.qll to TaintedUrlSuffixCustomizations.qll
- Make the flow label class abstract
- Adds a new TaintedUrlSuffix.qll that re-exports the above file and also materialises the flow label
- Import the *Customizations.qll file from contexts where we don't want to materialise the flow label
 2024-12-09 14:59:29 +01:00
Asger F
71a6a47713 JS: Fix issue with new RegExp().exec() 2024-12-09 14:59:25 +01:00
Asger F
ef833de60e JS: Replace DocumentUrl with TaintedUrlSuffix 2024-12-09 14:59:23 +01:00
Henry Mercer
92d614dbcd Add periods for consistency 2024-12-06 19:13:05 +00:00
github-actions[bot]
8c64648520 Release preparation for version 2.20.0 2024-12-06 19:10:28 +00:00
Henry Mercer
a6a4ad6400 Revert "Release preparation for version 2.20.0" 2024-12-06 19:00:27 +00:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
Henry Mercer
e0e82ad7ad Add periods for consistency 2024-12-04 16:05:15 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Asger F
3f0d0e3a05 JS: Deprecate DataFlow::BarrierGuardNode 2024-12-03 14:30:50 +01:00