hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

2976 Commits

Author SHA1 Message Date
Asger F
429c4eac96 JS: Add support for Array.prototype.with 
Note: This was authored by Copilot
 2025-09-16 13:06:59 +02:00
Asger F
ee78b7dc96 JS: Add support for Promise.try 2025-09-16 13:06:57 +02:00
Asger F
45eff3dac8 Merge pull request #20399 from asgerf/js/default-interop2 
JS: Refactor handling of ambiguous default imports
 2025-09-16 13:02:22 +02:00
Asger F
65102a073a Merge pull request #19770 from trailofbits/VF/async-package-improvements 
Improve data flow in the `async` package
 2025-09-16 08:55:52 +02:00
Asger F
f587273828 Merge pull request #19768 from trailofbits/VF/lodash-group-by 
Add lodash GroupBy as taint step
 2025-09-16 08:55:13 +02:00
Napalys Klicius
278a1efb4b JS: Add change note 2025-09-15 18:21:45 +02:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Napalys Klicius
22b61852a1 JS: Add modeling for thenify-all 2025-09-15 16:31:14 +02:00
Asger F
132a8b8b53 JS: Model json and jsonp methods 2025-09-12 08:51:23 +02:00
Asger F
7a2391f848 JS: Deprecate Portals and delete tests 
This is a super old attempt at model generation, from before MaD even existed. It's obsolete and just have to be removed.
 2025-09-11 11:05:36 +02:00
Asger F
d39263dcac Merge pull request #20317 from asgerf/js/xunit 
JS: Avoid overriding Expr predicates in xUnit.qll
 2025-09-10 13:41:21 +02:00
Asger F
dacc9e26e9 JS: Refactor 'default' import interop 2025-09-10 13:03:36 +02:00
Asger F
2a4d6830ec JS: An array of constants should be considered "filtered" 2025-09-10 11:07:32 +02:00
Asger F
09edc29979 Merge pull request #20322 from asgerf/js/react-no-override 
JS: Do not override AST methods in React model
 2025-09-10 10:42:59 +02:00
Asger F
d575d3c9e4 Merge pull request #20374 from asgerf/js/typescript-5.9 
JS: Support TypeScript 5.9 and support 'import defer' syntax
 2025-09-09 20:50:04 +02:00
Asger F
d8e943ea05 Update javascript/ql/lib/semmle/javascript/frameworks/React.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-09 08:36:25 +02:00
Asger F
0752dbea9b Merge pull request #20360 from asgerf/js/remove-angularjs-string-special-case 
JS: Remove special treatment of strings in AngularJS code
 2025-09-08 22:48:23 +02:00
Asger F
b5045b3407 Merge pull request #20363 from asgerf/js/remove-fallback-type 
JS: Remove unused getFallbackTypeAnnotation()
 2025-09-08 22:48:07 +02:00
Napalys Klicius
b2feaaceea Merge branch 'main' into js/move-cors-query-from-experimental 2025-09-05 12:11:09 +02:00
Asger F
a08878f419 JS: Add upgrade and downgrade scripts 2025-09-05 12:03:56 +02:00
Asger F
215602c963 JS: Preserve information about 'defer' keyword 2025-09-05 11:57:33 +02:00
Napalys Klicius
d8c4d6deb4 Rename cors-misconfiguration to cors-origin. 2025-09-05 11:30:07 +02:00
Napalys Klicius
c4c8dbcf7d Merge remote-tracking branch 'origin/main' into js/move-cors-query-from-experimental 2025-09-04 15:24:44 +02:00
Napalys Klicius
d3d608fa33 Updated query description and added a sanitizer 2025-09-04 13:16:37 +00:00
Napalys Klicius
6c751ce934 Merged config classes 2025-09-04 12:31:24 +00:00
Napalys Klicius
4dac80a998 Replace complex wrapper classes with MaD 2025-09-04 12:19:22 +00:00
Asger F
d8346ef106 JS: Remove unused getFallbackTypeAnnotation() 
This private predicate was unused, but due to its recursive self-reference it was not reported as an unused predicate.
 2025-09-04 13:40:49 +02:00
Michael Nebel
8009ddebce Merge pull request #20329 from michaelnebel/javascript/ql4ql 
JS: Fix some Ql4Ql violations.
 2025-09-04 13:01:37 +02:00
Asger F
5b0ef40a3e JS: Remove special treatment of strings in AngularJS code 
String literals are already SourceNodes. But we need to add template literals as well
 2025-09-04 11:06:22 +02:00
Napalys Klicius
8fc81f4263 Merge branch 'main' into js/remote-property-injection-update 2025-09-03 14:02:19 +02:00
Asger F
1ea843f23c Merge pull request #20323 from asgerf/js/remove-totalorder 
JS: Remove totalorder()
 2025-09-02 22:08:33 +02:00
Michael Nebel
31852985e5 Merge pull request #20335 from michaelnebel/shared/ql4ql 
Shared and Sync: Fix some Ql4Ql violations.
 2025-09-02 14:37:34 +02:00
Arthur Baars
0bb7fdccf6 Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 
Post-release preparation for codeql-cli-2.23.0
 2025-09-02 14:14:03 +02:00
Anders Schack-Mulligen
f833fe0e6e Merge pull request #20300 from aschackmull/cfg/successortype 
Shared: Add a shared SuccessorType implementation
 2025-09-02 14:09:35 +02:00
Michael Nebel
7490d8ddd2 Shared and Sync: Fix some Ql4Ql violations. 2025-09-02 13:54:22 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Asger F
19fa29d527 Merge pull request #20307 from asgerf/js/overlay-extract-and-discard-only 
JS: Add overlay support to extractor
 2025-09-02 11:24:11 +02:00
Michael Nebel
8b10ad49d7 JS: Fix some Ql4Ql violations. 2025-09-01 15:17:53 +02:00
Anders Schack-Mulligen
144e34c669 Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs. 2025-09-01 13:43:32 +02:00
Asger F
45b8158fe5 JS: Remove totalorder() 
This was once as input to the shared data flow library, but has since been removed from the input signature.
 2025-09-01 13:39:54 +02:00
Asger F
ca393a9afe JS: Do not override AST methods in React model 2025-09-01 12:57:06 +02:00
Anders Schack-Mulligen
09b2c5abf0 BasicBlock: Replace entryBlock predicate with subclass. 2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen
f459ddc40a Languages: Adapt to api changes. 2025-09-01 11:26:33 +02:00