hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

5030 Commits

Author SHA1 Message Date
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Napalys Klicius
6811cad687 Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class 
JS: Promote `js/regex/duplicate-in-character-class` to quality
 2025-06-11 11:05:07 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00
Napalys Klicius
a0db250dc3 Update javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-10 12:50:07 +02:00
Napalys Klicius
42a880bf58 Improved test coverage for js/regex/duplicate-in-character-class 2025-06-10 11:07:22 +02:00
Napalys Klicius
c97da2eda5 Exclude expressions that are part of a conditional expression 2025-06-10 10:56:11 +02:00
Napalys Klicius
b7f7092ab3 Added test cases for better test coverage 2025-06-10 09:37:40 +02:00
Asger F
42f762a140 JS: Update test output now that 'satisfies' is a SourceNode 2025-06-09 16:22:30 +02:00
Mathew Payne
9d23677024 Merge branch 'main' into js-clientrests-axios 2025-06-09 14:18:54 +01:00
Asger F
691fdb106e JS: Nicer jump-to-def for function declarations 2025-06-04 22:17:42 +02:00
Asger F
57fad7e6c9 JS: Add SatisfiesExpr 2025-06-04 22:17:40 +02:00
Asger F
79101fd121 JS: Add test with type casts 2025-06-04 22:17:39 +02:00
GeekMasher
79a72fc15b fix(js): Update tests 2025-06-03 16:37:36 +01:00
GeekMasher
6a1cfb6aef feat(js): Add Axios Instance support and add tests 2025-06-03 15:55:23 +01:00
Napalys Klicius
aac56e089a JavaScript: Fix false positive on Flow type annotations in ExprHasNoEffect 2025-06-03 15:26:22 +02:00
Napalys Klicius
46b5ded862 JS: Enhance void context propagation 2025-06-03 15:20:55 +02:00
Napalys Klicius
bf48b59874 JS: Removed exclusion of FunctionExpr from compound statements. 2025-06-03 15:12:26 +02:00
Napalys Klicius
8521c53a40 Renamed test directory to match the query name 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 14:12:12 +02:00
Napalys Klicius
d1869941c2 Renamed UnhandledStreamPipe.ql to a better fitting name and ID 
As a side effect of merge `security-and-quality` does not contain anymore related new query.

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 13:57:10 +02:00
Napalys Klicius
f6e7059589 Merge branch 'main' into js/quality/stream_pipe 2025-06-03 13:48:41 +02:00
Napalys Klicius
bca1bc7153 JS: Enhance isDomProperty to check for getAPropertyRead on DOM nodes 2025-06-02 14:56:45 +02:00
Napalys Klicius
9b2ef8be10 JS: add test for DOM access where expression appears to have no side effects 2025-06-02 14:54:46 +02:00
Napalys Klicius
298ef9ab12 Now able to track error handler registration via instance properties 2025-06-02 11:01:41 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Napalys Klicius
19cc3e335f JS: Add test case for RequestForgery with url wrapped via package URL 2025-05-30 18:26:47 +02:00
Napalys Klicius
f843cc02f6 Fix false positives in stream pipe analysis by improving error handler tracking via property access. 2025-05-30 18:08:04 +02:00
Napalys Klicius
5bb29b6e33 Now flags only .pipe calls which have an error somewhere down the stream, but not on the source stream. 2025-05-28 17:17:43 +02:00
Napalys Klicius
5214cc0407 Excluded ngrx, datorama, angular, react and langchain from stream pipe query. 2025-05-27 09:45:37 +02:00
Napalys Klicius
000e69fd48 Replaced fuzzy NonNodeStream MaD to a ql predicate to deal easier with submodules 2025-05-23 13:55:40 +02:00
Napalys Klicius
c6db32ed73 Add exceptions for arktype, execa, and highland to prevent them from being flagged by unhandled pipe error query 2025-05-23 12:34:11 +02:00
Napalys Klicius
15ff7cb41a Added more test cases which common js libraries uses .pipe() 2025-05-23 12:30:49 +02:00
Napalys Klicius
b10a9481f3 Fixed false positives from strapi and rxjs/testing as well as when one passes function as second arg to pipe 2025-05-22 18:50:02 +02:00
Napalys Klicius
e6ae8bbde4 Added test cases where second parameter passed to pipe is a function and some popular library ones 2025-05-22 18:50:01 +02:00
Napalys Klicius
ac24fdd348 Add predicate to detect non-stream-like usage in sources of pipe calls 2025-05-22 18:49:59 +02:00
Napalys Klicius
5b1af0c0bd Added detection of custom gulp-plumber sanitizer, thus one would not flag such instances. 2025-05-22 18:49:53 +02:00
Napalys Klicius
09220fce84 Fixed issue where pipe calls from rxjs package would been identified as pipe calls on streams 2025-05-22 12:33:36 +02:00
Napalys Klicius
d7f86db76c Enhance PipeCall to exclude non-function and non-object arguments in pipe method detection 2025-05-22 12:31:27 +02:00
Napalys Klicius
4332de464a Eliminate false positives by detecting non-stream objects returned from pipe() calls based on accessed properties 2025-05-22 12:31:26 +02:00
Napalys Klicius
5710f0cf51 Add test cases for non-stream field accesses and methods before and after pipe operations 2025-05-22 12:31:19 +02:00
Napalys Klicius
03d1f9a7d3 Restrict pipe detection to calls with 1-2 arguments 2025-05-21 11:41:22 +02:00
Napalys Klicius
30f2815503 Fixed issue where a custom pipe method which returns non stream would be flagged by the query 2025-05-21 11:41:19 +02:00
Napalys Klicius
ef1bde554a Fixed issue where streams would not be tracked via chainable methods 2025-05-21 11:40:35 +02:00
Napalys Klicius
f39bf62fc6 test: Add edge cases for stream pipe error handling 
Add tests for chained stream methods and non-stream pipe objects
 2025-05-21 11:39:03 +02:00
Napalys Klicius
c27157f021 Add UnhandledStreamPipee Quality query and tests to detect missing error handlers in Node.js streams 2025-05-21 11:38:57 +02:00
Asger F
b698b4e5e2 JS: Add test for missing type flow through generics 2025-05-20 13:20:38 +02:00
Asger F
9bcc62002d JS: Fix regression from global declare vars 2025-05-20 13:20:35 +02:00
Asger F
27979c6a2f JS: Add regression tests for declared globals 2025-05-20 13:20:34 +02:00
Asger F
b610e10122 JS: Accept change in handling of variable resolution in face of ambient declarations 
This test enforced the opinion that ambient declarations should have no impact on data flow, which is no longer the case. For now I'm just updating the test output.
 2025-05-20 13:20:33 +02:00