hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Max Schaefer
ce24215dd5 JavaScript: Improve modelling of Module.prototype._compile sink. 2021-07-12 15:32:21 +01:00
Max Schaefer
70c82c83ac JavaScript: Make ModuleVarNode and ExportsVarNode more easily accessible. 2021-07-12 15:31:40 +01:00
Erik Krogh Kristensen
d22ebadcf2 add support for many more case changing libraries 2021-07-12 14:09:34 +02:00
Erik Krogh Kristensen
a5d1325d3f add support for the change-case library 2021-07-12 13:37:06 +02:00
Erik Krogh Kristensen
bef7e61e76 add support for the fast-json-stringify library 2021-07-12 11:13:01 +02:00
Erik Krogh Kristensen
40aa970db3 add support for the strip-json-comments library 2021-07-12 11:08:50 +02:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Erik Krogh Kristensen
94cbc4b2c0 add step through the fclone library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
f99a33598f add support for the safe-stable-stringify library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
d6300bced3 add support for the replicator library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
babf657d9d add support for the teleport-javascript library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
9261b7f859 add support for the flatted library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
1792c9a611 add taint step through the prettyjson library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
0bfff1eb7e add support for the json5 library 2021-07-12 10:51:42 +02:00
Erik Krogh Kristensen
cb3bd4901b add taint step through the json2csv library 2021-07-12 10:51:42 +02:00
CodeQL CI
1d56748eed Merge pull request #6200 from yoff/pythonJS-make-expbtlib-private 
Approved by RasmusWL, esbena
 2021-07-02 09:09:18 -07:00
Asger Feldthaus
457ce14ca6 JS: Summarize steps into captured variables 2021-07-02 13:42:42 +02:00
Asger Feldthaus
ff49aaa684 JS: Do not capture own variables 2021-07-02 13:17:32 +02:00
Asger Feldthaus
ee608540c5 JS: Add support for createNamespacedHelpers 2021-07-02 12:47:55 +02:00
Asger Feldthaus
dd1e21c713 JS: Model vuex 2021-07-02 12:47:55 +02:00
Asger Feldthaus
fefe30a9fa JS: Add API graph edges for indirect propref members 2021-07-02 12:47:54 +02:00
Asger Feldthaus
2a3bc0f110 JS: Add spread step when bactracking in API graphs 2021-07-02 12:47:54 +02:00
Asger Feldthaus
9f2897b179 JS: Make VueRouterFlowSource a subclass of ClientSideRemoteFlowSource 2021-07-02 12:47:54 +02:00
Rasmus Lerchedahl Petersen
6f2642607e Python: make the import of RedosUtil public 
This mirrors `SuperlinearBacktracking.qll`
An alternative is to keep it private and import it again
in the query files.
 2021-07-02 12:32:04 +02:00
Rasmus Lerchedahl Petersen
77c329fb0f Python/JS: Make much more private 2021-07-02 12:13:52 +02:00
Asger Feldthaus
7249d2892a JS: Add comment to VueTemplateSink class 2021-07-02 11:55:56 +02:00
Asger Feldthaus
6d9b96f6e8 JS: Dont use getALocalSource() when marking Vue template sinks 2021-07-02 11:55:56 +02:00
Asger Feldthaus
472b41f5e1 JS: Update React to handle string literals being SourceNodes 2021-07-02 11:55:56 +02:00
Asger Feldthaus
39c204ac39 JS: Treat string literals as source nodes 2021-07-02 11:55:56 +02:00
CodeQL CI
61ee193dc0 Merge pull request #6197 from asgerf/js/recompose 
Approved by esbena
 2021-07-02 00:58:06 -07:00
Esben Sparre Andreasen
0cf9c95981 Merge pull request #6193 from esbena/esbena/mootools-xss 
JS: add Mootools XSS sinks
 2021-07-02 09:24:56 +02:00
Rasmus Lerchedahl Petersen
eee56e0156 Python/JS: Make most of the new library private 2021-07-01 15:34:06 +02:00
Asger Feldthaus
993cc29275 JS: Autoformat 2021-07-01 14:22:44 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
Asger Feldthaus
780453008a JS: Drive-by fixes in ComposedFunctions.qll 2021-06-30 15:07:59 +02:00
Asger Feldthaus
7e2871bfdf JS: Propagate React components through recompose HOCs 2021-06-30 15:05:28 +02:00
Rasmus Lerchedahl Petersen
d2eeaff441 JS: Refactor ReDoS to make files sharable 
the extra ordering conditions in ReDoSUtil will be needed
for the Python implementation.
 2021-06-28 17:04:48 +02:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
CodeQL CI
28c060e758 Merge pull request #6113 from erik-krogh/promise 
Approved by esbena
 2021-06-24 13:25:42 -07:00
CodeQL CI
c02c96369d Merge pull request #6139 from erik-krogh/colors 
Approved by esbena
 2021-06-23 14:02:17 -07:00
Erik Krogh Kristensen
dbc8b9cf6a autoformat 2021-06-23 14:21:15 +02:00
CodeQL CI
a86f50e091 Merge pull request #6135 from erik-krogh/chokidar 
Approved by esbena
 2021-06-23 05:16:06 -07:00
CodeQL CI
b66f4cb965 Merge pull request #6134 from erik-krogh/templates 
Approved by asgerf, esbena
 2021-06-23 05:09:23 -07:00
Erik Krogh Kristensen
700dfcc3a7 add comment about why colors/safe is not safe 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-06-23 10:39:56 +02:00
Erik Krogh Kristensen
8b5c285ac8 add support for the chokidar library 2021-06-23 09:59:34 +02:00
Erik Krogh Kristensen
fa02651542 add taint step through the strip-ansi library 2021-06-23 09:13:03 +02:00
Erik Krogh Kristensen
fe76341820 add taint step through the chalk library 2021-06-23 09:12:48 +02:00
Erik Krogh Kristensen
053d9b5564 add taint step through the kleur library 2021-06-23 09:12:25 +02:00
CodeQL CI
37b66f9045 Merge pull request #6117 from asgerf/js/sharpen-match-calls 
Approved by esbena
 2021-06-22 22:52:37 -07:00