codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00

Author	SHA1	Message	Date
aegilops	86afd54a9b	Moved new query to 'experimental' Moved lists of domains to data extensions, including adding those to the overall qlpack.yml Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io	2024-07-09 16:38:01 +01:00
github-actions[bot]	ae3aba061b	Post-release preparation for codeql-cli-2.18.0	2024-07-08 13:30:13 +00:00
aegilops	5a3328b07a	Merge branch 'aegilops/js/insecure-helmet-middleware' of https://github.com/aegilops/codeql into aegilops/js/insecure-helmet-middleware	2024-07-08 11:31:15 +01:00
aegilops	2aff2a7385	Fixed code markup	2024-07-08 11:31:06 +01:00
Paul Hodgkinson	d896fdf9fa	Merge branch 'main' into aegilops/js/insecure-helmet-middleware	2024-07-08 11:25:47 +01:00
aegilops	c003f265b0	Fixed missing li closing tag	2024-07-08 10:58:06 +01:00
aegilops	1fe14e26b1	Split out "compromised" functionality	2024-07-08 10:56:12 +01:00
github-actions[bot]	b0d6778652	Release preparation for version 2.18.0	2024-07-08 09:10:51 +00:00
Erik Krogh Kristensen	1c0c51faaf	Merge pull request #16904 from igfoo/igfoo/shouldExtract JS: Remove call to shouldExtract	2024-07-04 12:44:54 +02:00
Ian Lynagh	95a418aa14	JS: Remove call to shouldExtract It always returns true nowadays.	2024-07-04 09:42:07 +01:00
aegilops	e2b37f97b0	Added dot to end of test message	2024-07-01 17:41:26 +01:00
aegilops	73fc6bcdb1	Added some missing QLDoc	2024-07-01 17:10:24 +01:00
aegilops	b4d8c4889a	Fixed wrong name for example HTML	2024-07-01 16:58:03 +01:00
aegilops	c985c9adb3	Added change note for polyfill.io query	2024-07-01 16:56:07 +01:00
aegilops	1744a98017	Added full stop to end of message	2024-07-01 16:53:22 +01:00
aegilops	ceda46e317	Fixed ending <p> tags	2024-07-01 16:52:28 +01:00
aegilops	a1b0703690	Added detection for specific Polyfill.io CDN compromise - edited existing library and added new query and tests	2024-07-01 16:21:34 +01:00
aegilops	fc6fba8d06	Fixed CWE tags	2024-07-01 14:25:47 +01:00
aegilops	d1d082982a	More external references	2024-07-01 14:25:29 +01:00
am0o0	b360c8adb8	Update hardcodedCredentials query file to only exclude 'jwt key' kind from with the isTestFile predicate. According to expected test results, with a new query, the jwt sinks of __test__/ dir have been exluded from query results.	2024-07-01 15:00:08 +02:00
am0o0	5a1877547f	update test cases of __tests__/ dir since we want to check if a jwt related sink is in this dir or not	2024-07-01 14:50:07 +02:00
am0o0	6ecd8b7ee8	add new default cred kind	2024-07-01 14:42:34 +02:00
am0o0	fa8c457015	move the TextEncoder and Buffer jose.base64url taint steps to a local query taint step	2024-07-01 12:11:53 +02:00
am0o0	60aa711005	implement TextEncoderStep taint step with globalVarRef predicate	2024-07-01 11:59:05 +02:00
am0o0	65fdb8ccce	move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results	2024-07-01 11:38:17 +02:00
Arthur Baars	b12b33c8f9	Merge remote-tracking branch 'upstream/main' into 'rc/3.14'	2024-06-28 19:50:35 +02:00
Asger F	1d267efb6b	JS: Fix missing qldoc	2024-06-28 14:30:56 +02:00
Erik Krogh Kristensen	60811116ab	Merge pull request #16332 from erik-krogh/ts55 JS: upgrade TypeScript to 5.5	2024-06-28 13:59:52 +02:00
Asger F	e5924c1f84	JS: Another messy test update	2024-06-28 13:08:38 +02:00
Asger F	14fc790617	Update DataFlowConsistency.expected	2024-06-28 13:08:09 +02:00
Maiky	d0cf2a978c	Merge branch 'main' into maikypedia/javascript-cors	2024-06-27 20:24:42 +02:00
Asger F	1c730bc66e	JS: Fix compilation error in DataFlowImplConsistency.qll	2024-06-27 12:47:15 +02:00
Asger F	c3806a2210	JS: Messy test output updates These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking changes in the data flow library. I wanted the breaking-change updates to live in their own commits, not just eaten by a merge resolution commit, so the test output became broken for a while. The '#select' result set is unchanged in all of these, so they should be safe to accept.	2024-06-27 11:59:56 +02:00
Asger F	90f0e07e49	JS: Benign update after fixing PropertyName charpred	2024-06-27 11:56:22 +02:00
Asger F	ee10702e73	JS: Another provanance test output update	2024-06-27 11:56:01 +02:00
Asger F	df0488a470	Ensure Member tokens from flow summaries are seen in PropertyName	2024-06-27 10:22:14 +02:00
Asger F	c52a4b0621	JS: Provide RenderSummarizedCallable	2024-06-27 09:44:45 +02:00
Asger F	e53c0cdce7	Fix unknown Parameter/Argument decoding	2024-06-27 09:39:06 +02:00
Asger F	2473274681	JS: Benign test output changes	2024-06-27 09:06:45 +02:00
Asger F	af7b4e3063	Accept flow difference due to added test cases New library gets FN for spread arguments in a call to splice(), which was added to the old version in this PR: https://github.com/github/codeql/pull/16739	2024-06-26 13:52:27 +02:00
Asger F	53efb5837b	JS: Update some tests with provenance columns Only includes the changes that purely contain the new provenance columns	2024-06-26 13:51:44 +02:00
Asger F	88edc06517	Avoid bad join in compatibleTypesCached This is identical to the code in Ruby and seems to prevent a bad join ordering in a cached version of this predicate in DataFlowCommon	2024-06-26 13:51:41 +02:00
Asger F	fc7c2c5b17	Remove unused code	2024-06-26 13:51:40 +02:00
Asger F	e67e89dd70	Implement decodeUnknownArgument/ParameterPosition	2024-06-26 13:51:39 +02:00
Asger F	3bebd709b3	Handle AnyMemberDeep and ArrayElementDeep in encodeContent	2024-06-26 13:51:38 +02:00
Asger F	6c0c67dce4	Implement encodeWith/WithoutContent	2024-06-26 13:51:37 +02:00
Asger F	b0ea81276b	Implement encodeReturn	2024-06-26 13:51:36 +02:00
Asger F	5811a3c5a6	Port getMadStringFromContentSet -> encodeContent	2024-06-26 13:51:35 +02:00
Asger F	8c4e5e8876	Boilerplate implementation of default predicates from FlowSummaryImpl.qll	2024-06-26 13:51:34 +02:00
aegilops	f22778960b	Fixed expected test results for Helmet query	2024-06-26 11:31:57 +01:00

... 36 37 38 39 40 ...

11940 Commits