codeql

mirror of https://github.com/github/codeql.git synced 2026-06-06 14:07:06 +02:00

Author	SHA1	Message	Date
Ed Minnix	61a4b251c0	`NavigationManager::Uri` and URI-parsing utilities	2024-11-28 08:59:57 -05:00
Edward Minnix III	418ab4b22a	Merge pull request #18123 from egregius313/egregius313/csharp/ijsruntime-models C#: Add `js-interop` sinks for `Microsoft.JSInterop.IJSRuntime`	2024-11-28 08:58:23 -05:00
Tamas Vajk	7acbf1a984	Add change note	2024-11-28 14:40:20 +01:00
Tamas Vajk	072713f771	C#: Exclude more property access expressions from DB quality metric	2024-11-28 14:34:35 +01:00
Napalys	d2de9a2238	Fixed change notes	2024-11-28 14:24:27 +01:00
Napalys Klicius	9ca0fe4cbf	Update RegExp handling and add test case Co-authored-by: erik-krogh <erik-krogh@github.com>	2024-11-28 14:13:40 +01:00
Geoffrey White	2810d64b22	Rust: Fix ql-for-ql warning.	2024-11-28 12:43:24 +00:00
Taus	a9817a0281	Python: Add guide describing how to extend the parser	2024-11-28 12:32:00 +00:00
Geoffrey White	14b70b856a	Merge pull request #18143 from geoffw0/swift6models3 Swift: Fix makeIterator() models	2024-11-28 12:11:26 +00:00
Simon Friis Vindum	b05d290bf0	Rust: Exclude data flow inconsistencies that stem from other inconsistencies	2024-11-28 12:46:32 +01:00
Napalys	fd773603e6	Added change notes	2024-11-28 12:04:09 +01:00
Napalys	9a1c1f4be3	JS: Added in RegExpCreationNode maybeGlobal predicate for more convenience.	2024-11-28 12:03:51 +01:00
Paolo Tranquilli	50c917d2eb	Rust: restrict extracted files queries	2024-11-28 12:02:57 +01:00
yoff	c1937ea549	Merge pull request #18117 from github/tausbn/python-fix-match-literal-pruning Python: Add change note for CFG pruning fix	2024-11-28 11:40:21 +01:00
Napalys	1d2e08a3b6	JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer	2024-11-28 11:26:58 +01:00
Napalys	62194f5337	JS: add test cases RegExp with unknown flags	2024-11-28 11:26:57 +01:00
Napalys	e673348ed3	JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information	2024-11-28 11:26:56 +01:00
Napalys	a2c46749c6	JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects	2024-11-28 11:26:55 +01:00
Napalys	1ca57cfb9d	JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results	2024-11-28 11:26:54 +01:00
Napalys	c71778f1aa	JS: xss does not flag anymore replace with RegExp unknown flags	2024-11-28 11:26:53 +01:00
Napalys	dbae553146	JS: add xss test cases with unknownflags for replace using RegExp	2024-11-28 11:26:52 +01:00
Napalys	fe28657c7d	JS: add test cases with unknown flags for double escaping, works as expected.	2024-11-28 11:26:51 +01:00
Napalys	98fd97799c	JS: imcomplete sanization now handles properly maybe global	2024-11-28 11:26:50 +01:00
Napalys	1ae174849f	JS: incomplete sanitization now also works with RegExp objects	2024-11-28 11:26:48 +01:00
Napalys	76318035ff	JS: Add test cases for RegExp object usage in replace within incomplete sanitization	2024-11-28 11:26:47 +01:00
Napalys	9c2366a660	JS: Added tests for ReDos with unknownFlags, everything seems to be good	2024-11-28 11:26:46 +01:00
Napalys	875478c1c6	JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall	2024-11-28 11:26:45 +01:00
Napalys	aa557cf950	JS: Added tests for DotRemovingReplaceCall with RegExp Object.	2024-11-28 11:26:44 +01:00
Napalys	a0df33c3ac	JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives.	2024-11-28 11:26:43 +01:00
Napalys	155f1fca85	JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal	2024-11-28 11:26:42 +01:00
Napalys	23b18aeca9	JS: Now unknown flags are not flagged in taint paths	2024-11-28 11:26:41 +01:00
Napalys	eca7a88615	JS: Fixed docs description	2024-11-28 11:26:40 +01:00
Napalys	7db6f7c721	JS: Added test cases with new RegExp for Tainted paths, currently works only with literals	2024-11-28 11:26:39 +01:00
Napalys	faef9dd877	JS: protyte poluting now treats unknownFlags as potentially good sanitization.	2024-11-28 11:26:38 +01:00
Napalys	41fef0f2b3	JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting	2024-11-28 11:26:37 +01:00
Napalys	18c7b18f82	JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.	2024-11-28 11:26:36 +01:00
Napalys	89f3b6f8d3	JS: Added test case for bad sanitizer with unknown flags, currently not flagged.	2024-11-28 11:26:35 +01:00
Napalys	38be0e4c0a	JS: Now BadHtmlSanitizers also flags new RegExp as potential issue	2024-11-28 11:26:34 +01:00
Napalys	41f21d429b	JS: Added test case which is not flagged but should be abusing new RegExp with global flag	2024-11-28 11:26:33 +01:00
Geoffrey White	23ed48ea12	Swift: Add a couple more makeIterator() implementations to be safe.	2024-11-28 10:18:13 +00:00
Geoffrey White	1d43abfe4d	Swift: Model Collection.makeIterator().	2024-11-28 10:11:55 +00:00
Paolo Tranquilli	814218c7a8	Swift: extract variables as children of `ForEachStmt`	2024-11-28 11:03:46 +01:00
Tamas Vajk	5727fda07a	C#: Exclude `get`-only property accesses from `CallTargetStats`	2024-11-28 11:02:39 +01:00
Simon Friis Vindum	e8ddb6b180	Rust: Add `getStaticTarget` to `CallExprBase`	2024-11-28 10:57:07 +01:00
Edward Minnix III	1b224c1ab2	Merge pull request #17258 from egregius313/egregius313/go/mad/documentation Go: Models as Data Documentation	2024-11-27 22:55:50 -05:00
Mathias Vorreiter Pedersen	3c0af498db	C++: Fix bug introduced in an earlier commit and accept test changes. They all look good.	2024-11-27 19:04:25 +00:00
Óscar San José	1a0442c5a6	Adding correct wildcard	2024-11-27 19:34:34 +01:00
Óscar San José	5790f5d5dc	Include paths on pull_request event trigger for compile-queries.yml workflow	2024-11-27 18:37:12 +01:00
Mathias Vorreiter Pedersen	02428745bd	C++: Add change note.	2024-11-27 16:42:00 +00:00
Mathias Vorreiter Pedersen	19e7c37760	C++: Update the final test changes. Nothing exciting here.	2024-11-27 16:41:58 +00:00

... 252 253 254 255 256 ...

86439 Commits