hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

2976 Commits

Author SHA1 Message Date
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Asger F
b46ba896dd Merge pull request #9616 from asgerf/js/without-prop-step-await 
JS: Add withoutPropStep and model raw 'await' step with it
 2022-06-21 09:06:01 +02:00
Erik Krogh Kristensen
79696c6c5f Merge pull request #9572 from erik-krogh/heuristicSteps 
JS: add heuristic taint-step for potentially unmodelled libraries
 2022-06-21 09:00:58 +02:00
Asger F
a0d3a6b5b1 JS: Add withoutPropStep and model 'await' steps with it 2022-06-20 20:16:07 +02:00
Asger F
ed4c39bbb4 JS: Upgrade script 2022-06-17 14:40:22 +02:00
Asger F
5610f654e9 JS: Add PackageJson.getTypingsModule 2022-06-17 14:40:22 +02:00
Asger F
a3204f6d74 JS: Trim whitespace in dbscheme 2022-06-17 14:40:22 +02:00
Asger F
608de70568 JS: Associate symbols with external module decls 2022-06-17 14:40:22 +02:00
Erik Krogh Kristensen
ce323e215b add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps 2022-06-15 20:27:49 +02:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Erik Krogh Kristensen
cb0a6936ad add support for the "exports" property in a package.json 2022-06-14 13:31:47 +02:00
Erik Krogh Kristensen
92d1c84f05 bind the result in JsonValue::getBooleanValue 2022-06-14 13:22:09 +02:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00
CodeQL CI
9dd20f113d Merge pull request #8603 from github/max-schaefer/better-amd-modelling 
Approved by asgerf, erik-krogh
 2022-05-31 03:10:32 -07:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Erik Krogh Kristensen
6a6a63e1aa Merge pull request #9354 from erik-krogh/jsStages 
JS: collapse a few small stages
 2022-05-30 20:31:54 +02:00
Asger F
c188aa87c7 Merge branch 'main' into js/madman-prep 2022-05-30 15:03:14 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Erik Krogh Kristensen
b700972e6f fix bad join in XmlParers::getAResult 2022-05-30 12:37:51 +02:00
Max Schaefer
820dfac48c Manually write out a transitive closure. 2022-05-30 12:37:50 +02:00
Max Schaefer
ea70aaff57 Improve detection of UMD modules. 
We previously required the `define` to appear directly as an expression statement, but there are common patterns where this is not the case.
 2022-05-30 12:37:50 +02:00
Max Schaefer
47e425a184 Improve inVoidContext to take conditional expressions into account. 2022-05-30 12:37:50 +02:00
Erik Krogh Kristensen
adb40f9360 Merge pull request #9289 from erik-krogh/es2022 
JS: Support the remaining of the finished ES2022 proposals
 2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Asger F
cc42f2f824 Merge pull request #8606 from asgerf/js/api-graph-api 
JS/Python/Ruby: Document how API graphs should be interpreted
 2022-05-30 10:49:14 +02:00
Asger F
468a4df215 Update javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-27 15:55:25 +02:00
Erik Krogh Kristensen
8c12a7289f collapse a few small stages 2022-05-27 13:19:06 +02:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Asger F
5964be4463 Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-25 15:53:24 +02:00
Erik Krogh Kristensen
f38d1f9a4e merge main into ts47 2022-05-25 10:13:25 +00:00
Asger F
877a9d8bcc JS: Fix FP in js/type-confusion-through-parameter-tampering 2022-05-25 09:53:46 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Asger F
ced1d21405 JS: Add getters for DeclarationSpace members 2022-05-24 14:30:36 +02:00
Asger Feldthaus
a5f2c949d3 JS: Add UnionOrIntersectionTypeExpr 2022-05-24 14:30:36 +02:00
Asger F
c8bb0e2117 JS: Treat d.ts as a single extension in Folder.getJavaScriptFile 2022-05-24 14:30:36 +02:00
Asger F
7d4a191a32 JS: Simplify 2022-05-24 14:18:06 +02:00
Asger F
db4b6d620a JS: Remove Buffer.from as sink for js/resource-exhaustion 2022-05-24 14:18:05 +02:00
Erik Krogh Kristensen
82c6c22d50 make a model for hasOwnProperty calls and similar 2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen
2a97dd9f6f add support for Object.hasOwn(obj, key) 2022-05-24 13:59:25 +02:00
Erik Krogh Kristensen
1717d17fb3 add flow step for Array.prototype.at 2022-05-24 12:41:27 +02:00
Erik Krogh Kristensen
fc25d14af7 add change note 2022-05-24 12:37:28 +02:00
Asger F
631527fe49 JS: Rename Node.{getASource -> asSource, getASink -> asSink} 2022-05-24 11:57:30 +02:00