hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

2976 Commits

Author SHA1 Message Date
Tamás Vajk
94cb5c2be4 Merge pull request #8296 from github/post-release-prep/codeql-cli-2.8.2 
Post-release preparation for codeql-cli-2.8.2
 2022-03-01 11:57:36 +01:00
Erik Krogh Kristensen
dfc74d728b fix duplicate words in qldoc 2022-03-01 11:22:58 +01:00
Erik Krogh Kristensen
bdd07de7ed improve performance of getTestFile by finding possible test files first 2022-03-01 11:18:22 +01:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
Erik Krogh Kristensen
4c58f9781b add support for TypeScript 4.6 2022-03-01 09:56:21 +01:00
Erik Krogh Kristensen
2b7c819135 fix extension of change-note 2022-03-01 09:54:19 +01:00
Erik Krogh Kristensen
4fba5e4dfb step through parentheses in barrier functions 2022-02-25 17:47:12 +01:00
Asger F
a8bfebaeb6 Merge pull request #8149 from asgerf/shared/use-shared-access-path-syntax 
Shared: use shared access path syntax to parse arguments in CSV rows
 2022-02-25 14:04:18 +01:00
github-actions[bot]
20fe22c8c8 Release preparation for version 2.8.2 2022-02-24 14:57:08 +00:00
Erik Krogh Kristensen
ad3399733b recognize more module exports from the factory pattern 2022-02-23 21:29:45 +01:00
Erik Krogh Kristensen
e13b2df86f Merge pull request #8185 from erik-krogh/amdImp 
JS: recognize modules imported by AMD imports as library inputs
 2022-02-23 20:21:45 +01:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
abd4933d6c Shared: move numeric parsing into AccessPathSyntax.qll 2022-02-23 14:13:37 +01:00
CodeQL CI
7d55771092 Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad 
Approved by erik-krogh
 2022-02-23 11:59:31 +00:00
Stephan Brandauer
a664e02d04 Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source 
JS: Functionality from untrusted sources query (CWE-830)
 2022-02-23 12:45:31 +01:00
Erik Krogh Kristensen
203212657e recognize modules imported by AMD imports as library inputs 2022-02-23 10:39:45 +01:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery 
JS: split request forgery query into server-side and client-side variants
 2022-02-23 10:27:16 +01:00
Esben Sparre Andreasen
58e0d54744 Merge pull request #8168 from github/esbena/hapi-reflected-xss 
JS: model hapi handler returns as reflected-xss sinks
 2022-02-23 08:53:15 +01:00
Erik Krogh Kristensen
73f2e89f3e Merge pull request #8165 from erik-krogh/protoWrite 
JS: support more property writes in js/prototype-pollution-utility
 2022-02-22 21:30:22 +01:00
Erik Krogh Kristensen
b6b93065ff Merge pull request #8157 from erik-krogh/lodash-clone 
JS: add lodash.{clone, cloneDeep} as a clone step
 2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7 Merge pull request #8143 from erik-krogh/pred-ql-style 
QL: add ql-for-ql query for detecting bad predicate qldoc
 2022-02-22 17:49:12 +01:00
Esben Sparre Andreasen
2c527f7b35 model hapi handler returns as reflected-xss sinks 2022-02-22 14:12:01 +01:00
Erik Krogh Kristensen
517e17d422 support more property writes in js/prototype-pollution-utility, and generalize ObjectDefinePropertyAsPropWrite 2022-02-22 13:23:34 +01:00
Stephan Brandauer
6722c17bb0 JS: Functionality from untrusted sources query (CWE-830) 2022-02-22 11:41:52 +01:00
Asger Feldthaus
1be47db2e6 JS: Factor out more JS-specific code 2022-02-22 09:51:56 +01:00
Asger Feldthaus
2d509eb345 JS: Make Impl.qll determine the location of AccessPathSyntax.qll 2022-02-22 09:51:52 +01:00
Asger Feldthaus
42a3d8c689 JS: Treat Member[x] as a language-specific token 
In Ruby it is ambiguous whether Member[foo] means x.foo or x::foo
 2022-02-22 09:51:52 +01:00
Asger Feldthaus
acf95d6178 JS: Move summary resolution into JS-specific code 2022-02-22 09:51:52 +01:00
Asger Feldthaus
ab1642dd3f JS: Rename {Shared,Impl} -> ApiGraphModels{,Specific} 2022-02-22 09:51:48 +01:00
Erik Krogh Kristensen
e8df6a14ca add lodash.{clone, cloneDeep} as a clone step 2022-02-21 22:27:29 +01:00
Asger Feldthaus
8194c041cc JS: Merge sources to one class 2022-02-21 16:26:02 +01:00
Asger F
00ed72ed83 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-02-21 16:24:50 +01:00
Erik Krogh Kristensen
cd4685c4c5 cache RegExpCreationNode::getAReference 2022-02-21 15:04:00 +01:00
Erik Krogh Kristensen
1407b49a8f fix some instances of ql/pred-doc-style for JS 2022-02-21 15:02:21 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Esben Sparre Andreasen
1d437dd722 Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials 
JS: Sharpen hardcoded credentials
 2022-02-21 10:02:58 +01:00
Erik Krogh Kristensen
5f9bd7a4a1 Merge pull request #7984 from erik-krogh/fix-ql-for-ql-js 
JS: fix most ql-for-ql warnings
 2022-02-21 09:15:06 +01:00
Asger Feldthaus
d7f07167ac Shared: Remove getLastToken again 2022-02-21 08:21:53 +01:00
Asger Feldthaus
2c2a82a070 Shared: allow spaces between arguments in a token 2022-02-21 08:21:53 +01:00
Asger Feldthaus
7fcbdbeada Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
2907d53e17 Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
c189df2341 Revert "JS: Add support for " of " syntax to help during transition" 
This reverts commit 9bf522b3048c3b11f7e6d734ed797a613614a095.
 2022-02-21 08:21:51 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Asger Feldthaus
53935db6c6 JS: Add support for " of " syntax to help during transition 2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8 JS: Move ".."-parsing trick into AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
7c2cff3227 JS: Factor out AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
e2cbf47b16 JS: Fix accidental recursion 2022-02-21 08:16:53 +01:00
Asger Feldthaus
260638c68b JS: Add ClientSideRequestForgery and split request-forgery results between the two 2022-02-16 13:35:01 +01:00
Esben Sparre Andreasen
816d79692b ignore deliberately hardcoded password strings 2022-02-16 09:47:01 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00