hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

2976 Commits

Author SHA1 Message Date
Napalys Klicius
9624a413e4 Added change note 2025-04-30 14:57:00 +02:00
Napalys Klicius
71f1b82a56 Added support for fastify.all 2025-04-30 14:54:09 +02:00
Asger F
8ebbfb198e Merge pull request #19412 from asgerf/js/promise-all 
JS: Better type-tracking through Promise.all()
 2025-04-30 14:19:12 +02:00
Napalys Klicius
18cea2d6a5 Added support for shelljs.cmd and async-shelljs.asyncExec 2025-04-30 13:37:02 +02:00
Napalys Klicius
25d04f1cdd Added support for shelljs.which 2025-04-30 13:35:17 +02:00
Napalys Klicius
6de38b1827 Merge pull request #19300 from Napalys/js/fastify 
JS: Added support for `fastify.addHook`
 2025-04-29 18:32:25 +02:00
Asger F
5de2c938d8 JS: Rename getTargetFile to getImportedFile and remove its deprecated name clash 
'getTargetFile' was originally named to avoid the clash with 'getImportedFile' from a subclass. But we now just merge the two predicates.
 2025-04-29 16:06:36 +02:00
Asger F
eae1e1cb02 JS: Make API graphs rely on type-tracking steps in general 2025-04-29 15:08:19 +02:00
Asger F
e40b93b8a3 JS: Add type-tracking step through simple Promise.all() calls 2025-04-29 15:08:18 +02:00
Asger F
ed2a832a55 JS: Deprecate PathExpr and related classes 2025-04-29 13:23:47 +02:00
Asger F
fe055ad603 JS: Use PackageJsonEx instead of resolveMainModule 2025-04-29 13:23:45 +02:00
Asger F
c293f03b9e JS: Remove a dependency on getImportedPath() 
To avoid negative recursion in some upcoming changes, we want to make sure the modeling of createRequire does not depend on getImportedPath().
 2025-04-29 13:23:43 +02:00
Asger F
a195d074c9 JS: Resolve Angular2 templateUrl with ResolveExpr instead of PathExpr 2025-04-29 13:23:42 +02:00
Asger F
d724874969 JS: Implement babel-plugin-root-import as a PathMapping 2025-04-29 13:23:40 +02:00
Asger F
6725cb5b8c JS: Implement import resolution 2025-04-29 13:23:37 +02:00
Asger F
ed4864edf7 JS: Add two more helpers to FilePath class 2025-04-29 13:07:21 +02:00
Asger F
f542956f66 JS: Add internal extension of PackageJson class 2025-04-29 13:07:19 +02:00
Asger F
bb91df8145 JS: Add helper for doing path resolution with JS rules 2025-04-29 13:07:18 +02:00
Asger F
59e1cbcc7b JS: Add tsconfig class 2025-04-29 13:07:16 +02:00
Asger F
ef32a036b1 JS: Extract from methods from PathString into a non-abstract base class 
The new class 'FilePath' has bindingset[this] so one just has to cast a string to that type and you can use its methods.
 2025-04-29 13:07:15 +02:00
Asger F
17aa5220a6 JS: Add some helpers 2025-04-29 13:07:14 +02:00
Napalys Klicius
0a9a7911c2 Fixed issue where method calls weren't properly resolved when inheritance was implemented via prototype manipulation instead of ES6 class syntax. 2025-04-29 12:39:44 +02:00
Asger F
ec9d15bb79 JS: Make shared Folder module visible 2025-04-29 09:42:25 +02:00
Nick Rolfe
50f7ee1158 Merge pull request #19401 from github/post-release-prep/codeql-cli-2.21.2 
Post-release preparation for codeql-cli-2.21.2
 2025-04-28 16:16:21 +01:00
github-actions[bot]
2e0699ab2b Post-release preparation for codeql-cli-2.21.2 2025-04-28 14:03:28 +00:00
Napalys Klicius
ee3a3bd9f5 Add support for prototype methods in class instance member resolution 2025-04-28 15:17:26 +02:00
Napalys Klicius
c57172121e Update Nodes.qll 
Applied suggestions

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-04-28 14:58:51 +02:00
Napalys Klicius
8b53f8f2a6 Fix, prevent addHook return values from being treated as XSS sinks 2025-04-28 14:22:51 +02:00
Napalys Klicius
73309fb9dd Updated modeling of aws-sdk with MaD 2025-04-28 14:00:12 +02:00
Napalys Klicius
654177daa7 Fixed naming acronyms to be PascalCase 2025-04-28 14:00:12 +02:00
Napalys Klicius
f7f9fb823a Updated takesConfigurationObject with API graphs 2025-04-28 14:00:12 +02:00
Napalys Klicius
42d5b80e81 Added support for AWS.Credentials hardcoded credentials 2025-04-28 14:00:12 +02:00
Napalys Klicius
f69037c176 Added ability to detect direct write to global AWS.config 2025-04-28 14:00:12 +02:00
Napalys Klicius
05e4677fd1 Added ability to detect new AWS.ServiceName cases with hardcoded credentials 2025-04-28 14:00:12 +02:00
github-actions[bot]
625354c46e Release preparation for version 2.21.2 2025-04-28 10:55:22 +00:00
Napalys Klicius
6a284eeecb Merged ES6Class into FunctionStyleClass 2025-04-24 09:12:20 +02:00
Napalys
fdfdcc0d93 Undo unnecessary name tracking for request, response objects 2025-04-22 14:16:45 +02:00
Asger F
00661b62dc JS: Add isMiddlewareSetup() hook to Routing model 2025-04-22 12:00:02 +02:00
Asger F
c2cab184ac Merge pull request #19283 from asgerf/js/rest-pattern-fix 
JS: Fix missing flow into rest pattern lvalue
 2025-04-22 10:37:36 +02:00
github-actions[bot]
d78736b1bf Post-release preparation for codeql-cli-2.21.1 2025-04-15 16:33:15 +00:00
Napalys
5c3556da66 Add user-controlled property tracking and update code injection alerts in Fastify hooks 2025-04-15 09:41:52 +02:00
Napalys
9b194ea613 Added addHook to RouteSetup thus now it is recognized now as rouute handler 2025-04-15 09:37:13 +02:00
Napalys
f1a3293f4c Added change note 2025-04-15 09:27:51 +02:00
github-actions[bot]
b961c5961d Release preparation for version 2.21.1 2025-04-14 09:53:06 +00:00
Napalys Klicius
86313715a4 Merge pull request #19184 from Napalys/js/request_handlers 
JS: Support for `Request` and `NextRequest`
 2025-04-14 08:07:24 +02:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00