hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
luciaromeroML
1fc58e51a3 adding suggestion that removes sanitizer for unknown base urls 2021-09-27 17:37:36 -03:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
luciaromeroML
f348a5ce47 adding comments to some functions 2021-09-17 18:25:14 -03:00
luciaromeroML
25065bc986 simplifying sentence 2021-09-17 18:07:04 -03:00
luciaromeroML
0b0ac8317c format ql code 2021-09-17 18:05:52 -03:00
valeria-meli
054218a381 Merge branch 'main' into javascript/ssrf 2021-09-17 17:08:52 -03:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
CodeQL CI
220f2ded85 Merge pull request #6698 from asgerf/js/template-self-assignment 
Approved by esbena
 2021-09-15 01:08:39 -07:00
Asger Feldthaus
b5db4047a0 JS: Exclude template files in SelfAssignment 2021-09-15 08:59:47 +02:00
Erik Krogh Kristensen
3b6c8c5191 Merge branch 'main' into clipBoard 2021-09-14 20:21:37 +02:00
Erik Krogh Kristensen
b936a04826 add some fitting CWEs to existing queries 2021-09-14 14:59:24 +02:00
Erik Krogh Kristensen
6d12c4aab1 use the correct cwe tags 2021-09-14 14:42:23 +02:00
Erik Krogh Kristensen
bac80bf686 delete ClipboardXss.ql experimental query 2021-09-13 20:43:31 +02:00
rhysd
97ed9edd32 JS: Detect untrusted inputs in 'discussion' and 'discussion_comment' payloads 2021-09-10 10:42:58 +09:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Nati Pesaresi
629efb85fb ternary operator 2021-09-02 17:55:09 -03:00
CodeQL CI
cf9ab83dee Merge pull request #6498 from bananabr/main 
Approved by asgerf
 2021-08-31 08:46:11 +02:00
Daniel Santos
b8ce5a63c5 Remove unncessary results 
Simplifies query to improve performance by removing unnecessary results.
 2021-08-25 17:33:45 -05:00
Andrew Eisenberg
45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
 2021-08-25 12:15:56 -07:00
Daniel Santos
cd40de7464 Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql 
Typo fix

Co-authored-by: Asger F <asgerf@github.com>
 2021-08-25 09:40:55 -05:00
CodeQL CI
1daeea5696 Merge pull request #6472 from erik-krogh/apiPromise 
Approved by asgerf
 2021-08-25 14:45:03 +01:00
CodeQL CI
170a069657 Merge pull request #6403 from asgerf/js/handlebars-extraction 
Approved by erik-krogh
 2021-08-25 13:54:52 +01:00
Asger Feldthaus
87843a3794 JS: Autoformatttt 2021-08-25 10:37:37 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
Asger Feldthaus
8a564cc64b JS: Fix qldoc 2021-08-24 14:31:00 +02:00
Asger F
8f8a46848d Update javascript/ql/src/semmle/javascript/frameworks/Templating.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-08-24 14:16:41 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
CodeQL CI
c0e8680c81 Merge pull request #6534 from erik-krogh/fallbackEntry 
Approved by asgerf
 2021-08-24 11:38:25 +01:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Erik Krogh Kristensen
38477d7d2e Merge pull request #6462 from erik-krogh/repeat 
JS: support more regular expressions in js/incomplete-multi-character-sanitization
 2021-08-23 15:39:31 +02:00
Erik Krogh Kristensen
5fe6671cc5 making it more explicit what character class matching is used for 2021-08-23 08:30:50 +02:00
Erik Krogh Kristensen
5d232bbfce recognize more src folders when "main" in package.json points to a compiled output 2021-08-23 08:09:01 +02:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
Asger Feldthaus
bac212c610 JS: Fix typo: instantiaton -> instantiation 2021-08-19 14:41:18 +02:00
Asger Feldthaus
a1819a54f2 JS: Remove unused isInPlainCodeContext 2021-08-19 14:22:05 +02:00
Daniel Santos
5644514606 Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2021-08-18 09:52:55 -05:00
Asger Feldthaus
cde8059960 JS: Update some comments referring to Vue instances 2021-08-18 15:36:41 +02:00
Asger Feldthaus
165f6c6935 JS: Add a deprecated forwarder for Vue::Instance 2021-08-18 15:36:41 +02:00
Asger Feldthaus
b21071923e JS: Rename variables to match new class name 2021-08-18 15:36:41 +02:00
Asger Feldthaus
0a98679f74 JS: Rename Vue::Instance to Vue::Component 2021-08-18 15:36:41 +02:00
Asger Feldthaus
4a1fb5df5d JS: De-abstractify Vue::Instance class 2021-08-18 11:14:25 +02:00
Asger Feldthaus
40ae13a20e JS: Rename Vue::{Component -> ComponentRegistration} 2021-08-18 11:14:25 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Daniel Santos
5e155d25b1 new Experimental query ClipboardBasedXss 2021-08-17 12:57:26 -05:00
Erik Krogh Kristensen
3f7f5d2418 performance improvements in ReDoSUtil 2021-08-17 15:10:33 +02:00
Erik Krogh Kristensen
5d4c434d34 restrict char class matches to alpha-numeric chars 2021-08-17 15:10:30 +02:00