github-actions[bot]
|
337ce65fe5
|
Release preparation for version 2.7.3
|
2021-11-30 20:39:35 +00:00 |
|
Dave Bartolomeo
|
96deddf053
|
JavaScript change notes
|
2021-11-29 16:16:30 -05:00 |
|
Dave Bartolomeo
|
d0dac03bad
|
Manually bump versions
|
2021-11-29 14:21:08 -05:00 |
|
Dave Bartolomeo
|
2dfcd1dd9c
|
Add groups property
Also removed versions from test packs
|
2021-11-29 14:15:53 -05:00 |
|
yoff
|
e63f9141e5
|
Merge pull request #7233 from RasmusWL/fix-cleartext-logging-cwes
JS/Py: Fix cleartext logging CWEs
|
2021-11-29 15:58:10 +01:00 |
|
Henry Mercer
|
29eb66d772
|
JS: Add ML models to .gitignore
|
2021-11-25 17:06:37 +00:00 |
|
Henry Mercer
|
2af509595b
|
JS: Add ML models specification to ATM query pack definition
This will allow us to resolve the ATM machine learning models that will
be distributed within this pack.
|
2021-11-25 16:42:38 +00:00 |
|
Erik Krogh Kristensen
|
1e752f305d
|
apply the explicit this patch to new code
|
2021-11-24 15:26:19 +01:00 |
|
Erik Krogh Kristensen
|
08ce03cd93
|
Merge branch 'main' into explicit-this
|
2021-11-24 15:24:58 +01:00 |
|
Rasmus Wriedt Larsen
|
c05ffd4d00
|
JS/PY: Remove CWE-315 form CleartextLogging
Since it is not relevant for this query:
CWE-315: Cleartext Storage of Sensitive Information in a Cookie
See https://cwe.mitre.org/data/definitions/315.html
|
2021-11-24 14:59:18 +01:00 |
|
Erik Krogh Kristensen
|
87a1ccd428
|
Merge branch 'main' into getRubyInSync
|
2021-11-23 20:20:37 +01:00 |
|
Henry Mercer
|
245edd41ff
|
Merge pull request #7186 from github/henrymercer/rename-available-models-predicate
JS: [Internal only] Rename the available ML models external predicate
|
2021-11-22 18:26:46 +00:00 |
|
Henry Mercer
|
8ba864e897
|
JS: Rename the available ML models external predicate
|
2021-11-19 12:56:03 +00:00 |
|
Anders Schack-Mulligen
|
1f3f7e9ccc
|
Merge pull request #7169 from erik-krogh/useMatches
use matches instead of regexpMatch/prefix/suffix
|
2021-11-19 11:42:47 +01:00 |
|
Erik Krogh Kristensen
|
ee858d840e
|
get ReDoSUtil in sync for ruby
|
2021-11-18 16:49:34 +01:00 |
|
Erik Krogh Kristensen
|
011fc20963
|
use matches instead of regexpMatch
|
2021-11-18 15:41:25 +01:00 |
|
Erik Krogh Kristensen
|
2af7817691
|
use min() instead of rank[1]
|
2021-11-18 14:26:55 +01:00 |
|
Erik Krogh Kristensen
|
1cca377e7d
|
Merge pull request #6561 from erik-krogh/htmlReg
JS/Py/Ruby: add a bad-tag-filter query
|
2021-11-18 09:39:13 +01:00 |
|
Erik Krogh Kristensen
|
474c808373
|
Merge pull request #7137 from erik-krogh/functionExport
JS: recognize library inputs when the library exports "through" a function
|
2021-11-17 09:49:02 +01:00 |
|
Erik Krogh Kristensen
|
a7cd097ca2
|
Merge pull request #6756 from erik-krogh/extractBigReg
JS: extract regexp literals for string concatenations
|
2021-11-16 13:33:21 +01:00 |
|
Erik Krogh Kristensen
|
b9ea4a8709
|
recognize library inputs when the library exports "through" a function
|
2021-11-15 22:43:38 +01:00 |
|
Erik Krogh Kristensen
|
12c24c07df
|
improve the got model
|
2021-11-15 21:52:12 +01:00 |
|
Erik Krogh Kristensen
|
0023b885f5
|
update expected output
|
2021-11-15 13:50:12 +01:00 |
|
Erik Krogh Kristensen
|
2163648b39
|
fix location off-by-ones with regexp parsing
|
2021-11-15 13:43:39 +01:00 |
|
CodeQL CI
|
c8b8a2874f
|
Merge pull request #7119 from github/max-schaefer/api-graphs-property-copies
Approved by asgerf
|
2021-11-15 04:09:16 -08:00 |
|
Erik Krogh Kristensen
|
f0c5a80d1a
|
apply the explicit this patch to new code
|
2021-11-13 21:03:54 +01:00 |
|
Erik Krogh Kristensen
|
0ff36cd083
|
Merge branch 'main' into explicit-this
|
2021-11-13 21:01:25 +01:00 |
|
Erik Krogh Kristensen
|
eef7709982
|
Merge pull request #7057 from erik-krogh/cwe598
JS: add js/sensitive-get-query query
|
2021-11-12 16:03:21 +01:00 |
|
Erik Krogh Kristensen
|
80919e39a2
|
Merge branch 'main' into extractBigReg
|
2021-11-12 11:45:49 +01:00 |
|
Erik Krogh Kristensen
|
e09c12430d
|
Merge pull request #7105 from erik-krogh/flagJqueryUI
JS: have the aliasPropertyPresenceStep step over extend calls
|
2021-11-11 14:05:11 +01:00 |
|
CodeQL CI
|
34cc61e51f
|
Merge pull request #7083 from asgerf/js/type-track-object-literals-with-methods
Approved by erik-krogh
|
2021-11-11 04:35:55 -08:00 |
|
Erik Krogh Kristensen
|
b513033e0f
|
Merge pull request #7021 from erik-krogh/cwe326
JS: Add insufficient key size query
|
2021-11-11 12:17:04 +01:00 |
|
Erik Krogh Kristensen
|
891694b50a
|
Merge pull request #5908 from erik-krogh/protoLib
JS: Add library input as source to js/prototype-polluting-assignment
|
2021-11-11 12:04:05 +01:00 |
|
Erik Krogh Kristensen
|
140a70f9df
|
Merge pull request #7029 from erik-krogh/cwe384
JS: add js/session-fixation query
|
2021-11-11 11:59:52 +01:00 |
|
Erik Krogh Kristensen
|
9a11c13e11
|
update expected output
|
2021-11-11 11:56:30 +01:00 |
|
Asger F
|
7d8284a41c
|
Apply suggestions from code review
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2021-11-11 10:42:49 +01:00 |
|
Erik Krogh Kristensen
|
5d901ef728
|
move extend aliasing to getAnAliasedSourceNode
|
2021-11-10 18:08:50 +01:00 |
|
Erik Krogh Kristensen
|
2d907f825e
|
have the aliasPropertyPresenceStep step over extend calls
|
2021-11-10 16:26:00 +01:00 |
|
Erik Krogh Kristensen
|
55434653f5
|
add CWE-532 to the clear-text-logging query
|
2021-11-10 14:15:49 +01:00 |
|
Erik Krogh Kristensen
|
98da532c46
|
dont extract regular expressions from strings that are leaves in a string concat
|
2021-11-10 14:11:48 +01:00 |
|
Max Schaefer
|
a8c4455b20
|
Factor out an auxiliary predicate.
|
2021-11-10 10:17:59 +00:00 |
|
Erik Krogh Kristensen
|
ab5d9459c7
|
Update javascript/ql/src/Security/CWE-384/SessionFixation.qhelp
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
|
2021-11-10 08:24:46 +01:00 |
|
CodeQL CI
|
d9d304fc13
|
Merge pull request #7076 from asgerf/js/tainted-path-regexp-guard2
Approved by erik-krogh
|
2021-11-09 03:40:37 -08:00 |
|
Erik Krogh Kristensen
|
56a7c8b163
|
fix typo in change note
Co-authored-by: Asger F <asgerf@github.com>
|
2021-11-09 12:06:29 +01:00 |
|
Erik Krogh Kristensen
|
8727060ca7
|
add comment about modes of operation
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
|
2021-11-09 11:15:12 +01:00 |
|
Asger Feldthaus
|
87aa39cef2
|
JS: Limited tracking of object literals with methods
|
2021-11-09 11:06:41 +01:00 |
|
Asger F
|
0c6680b2c0
|
Revert "JS: Skip files with unsupported file encoding"
|
2021-11-09 09:07:54 +00:00 |
|
Asger Feldthaus
|
f14f9449ee
|
JS: Use getAMatchedString instead of getConstantString
|
2021-11-08 15:35:35 +01:00 |
|
Asger Feldthaus
|
b3e64f1669
|
JS: Add test
|
2021-11-08 15:32:43 +01:00 |
|
Erik Krogh Kristensen
|
330c2c42b5
|
Merge pull request #7075 from erik-krogh/cwe297
JS: add cwe-297 to `js/disabling-certificate-validation`
|
2021-11-08 14:35:58 +01:00 |
|