hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

10951 Commits

Author SHA1 Message Date
Napalys Klicius
ad6c6b2d26 Changed js/angular/dependency-injection-mismatch to reliability and correctness 2025-06-19 17:16:32 +02:00
Napalys Klicius
c18fe303d0 JS: Changed MissingThisQualifier to reliability and correctness 2025-06-19 16:27:00 +02:00
Napalys Klicius
244bf428a1 JS: Fixed typo. 2025-06-19 16:26:07 +02:00
Napalys Klicius
8679151ace Update javascript/ql/src/change-notes/2025-06-12-loop-iteration.md 
Co-authored-by: Taus <tausbn@github.com>
 2025-06-19 14:21:08 +02:00
Napalys Klicius
5448071e09 Update javascript/ql/src/change-notes/2025-06-12-loop-iteration-fix.md 
Co-authored-by: Taus <tausbn@github.com>
 2025-06-19 14:20:37 +02:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
8b2bb07140 Updated quality extended expected file after merge 2025-06-19 10:27:57 +02:00
Napalys Klicius
119c1e61ec Merge remote-tracking branch 'origin/main' into js/mass_quality_promotion 2025-06-19 10:27:15 +02:00
Napalys Klicius
88f668781d Updated extended expected file after merge 2025-06-19 10:24:39 +02:00
Napalys Klicius
53cae4fa97 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-19 10:21:52 +02:00
Tamas Vajk
e6a9ff08a3 Adjust query-suite integration test expected files 2025-06-18 13:10:34 +02:00
Tamas Vajk
40274dcd69 Add code-quality-extended query suites 2025-06-18 13:10:34 +02:00
Napalys Klicius
72528749f2 JS: add change note 2025-06-17 08:34:34 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
fc0c8a8f5a JS: update change note 2025-06-17 08:20:35 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
b14b661cd1 JS: add change note 2025-06-16 14:12:39 +02:00
Napalys Klicius
0c31838aa5 JS: mass add missing quality related tags to relevant queries 2025-06-16 14:05:57 +02:00
Napalys Klicius
0d5f5104d1 Updated UriEncodingSanitizer comment 2025-06-16 13:08:16 +02:00
Napalys Klicius
798721bd71 JS: add change note 2025-06-16 13:08:14 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
eca69e1654 JS: remove serialize-javascript from JsonParsers.qll as it is not a parser 2025-06-16 12:59:36 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
fffbc0c0bc JS: add change note 2025-06-16 10:38:27 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Napalys Klicius
a96ea182c7 JS: add test cases for serialize-javascript with tainted object properties 2025-06-16 09:30:52 +02:00
Vasco-jofra
8c4dbca23c Improve data flow in the async library 2025-06-15 17:59:49 +02:00
Vasco-jofra
e2eca5bbff Update test.expected 2025-06-15 12:12:12 +02:00
Vasco-jofra
6920430073 Improve dependency injection through import function calls 2025-06-15 00:47:34 +02:00
Vasco-jofra
9019879d99 Improve useFactory inter file function detection 2025-06-15 00:32:26 +02:00
Vasco-jofra
477f32c7ff NestJS dependency injection support useValue provider 2025-06-15 00:21:38 +02:00
Vasco-jofra
2b143c86ac NestJS dependency Injection support useFactory provider 2025-06-15 00:09:07 +02:00
Vasco-jofra
baf0d3ef22 Model NestJS middlewares as sources 2025-06-14 23:27:49 +02:00
Vasco-jofra
26f3b40d35 Add lodash GroupBy as taint step 2025-06-14 00:13:03 +02:00
Vasco-jofra
ddf77a0b72 Remove unnecessary spaces 2025-06-13 15:37:27 +02:00
Vasco-jofra
4ea53773b9 Model the TypeORM Repository API 2025-06-13 15:35:46 +02:00
Napalys Klicius
0906d85b39 Merge pull request #19726 from Napalys/js/quality/string_interpolation 
JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.
 2025-06-13 13:36:53 +02:00
Napalys Klicius
28ae39694f Merge pull request #19741 from Napalys/js/quality/suspicious_method_names 
JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.
 2025-06-12 15:30:13 +02:00
Napalys Klicius
10d10286f7 JS: add change notes 2025-06-12 15:23:31 +02:00
Napalys Klicius
885e8369aa JS: add quality and reliability tags to loop-iteration-skipped-due-to-shifting 2025-06-12 15:18:26 +02:00
Napalys Klicius
66d66fe87d JS: fix false positives for splice with conditional index decrement 2025-06-12 14:51:10 +02:00
Napalys Klicius
7292a76ee4 JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting 2025-06-12 14:39:47 +02:00
Napalys Klicius
d7ad625de3 JS: restrict type tracking to strings of interest. 2025-06-12 14:28:00 +02:00
Napalys Klicius
da5cd251be Update javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-12 14:25:00 +02:00
Napalys Klicius
e6d26912e0 Update javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-12 13:10:27 +02:00
Napalys Klicius
7b91a57eb1 JS: add change note. 2025-06-12 12:19:39 +02:00
Napalys Klicius
75ee649362 JS: add change note 2025-06-12 12:14:14 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00