hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

6172 Commits

Author SHA1 Message Date
erik-krogh
b3a9c1ca06 Py/JS/RB: Use instanceof in more places 2022-12-12 16:06:57 +01:00
github-actions[bot]
343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
github-actions[bot]
0b2fb4f70a Release preparation for version 2.11.6 2022-12-10 15:49:35 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Erik Krogh Kristensen
6b9cab23d4 Merge pull request #11248 from erik-krogh/js-redosMod 
JS: use the shared regex pack
 2022-12-05 14:48:37 +01:00
Matt Rothenberg
95f994a82b Update RequestForgeryBad.js 2022-12-02 14:17:37 +01:00
Matt Rothenberg
7d674e7cdc set base URL 2022-12-02 14:17:17 +01:00
Matt Rothenberg
c49e9e8503 fix: use let for subdomain assignment 2022-12-02 14:07:39 +01:00
Matt Rothenberg
a453405365 Update RequestForgeryBad.js 2022-12-02 14:03:37 +01:00
Matt Rothenberg
2ae0c7e115 Update RequestForgeryGood.js 2022-12-02 14:02:54 +01:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
erik-krogh
2eb6b1adb3 JS: fix two typos 2022-11-23 14:38:12 +01:00
erik-krogh
6b5cd9abc3 use RegExpTreeView insteaed of RegexTreeView in JS 2022-11-22 12:55:48 +01:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
Chris Smowton
0219c2b02b Copyedit Javascript changelog 2022-11-17 17:02:01 +00:00
Chris Smowton
80b2f0d3cd Coopyedit Javascript changelog 2022-11-17 17:01:43 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Mauro Baluda
784475dd66 Merge branch 'main' into main 2022-11-16 11:06:27 +01:00
Mauro Baluda
84cb59b942 Create 2022-11-08-hapi-glue.md 2022-11-16 11:05:23 +01:00
erik-krogh
75ef5b1b0b add support for satisfies-expressions 2022-11-15 22:07:24 +01:00
erik-krogh
e18ceba49e port the JS regex/redos queries to use the shared pack 2022-11-15 17:14:38 +01:00
Asger F
5f18484fa9 JS: Change note 2022-11-14 15:09:30 +01:00
Asger F
44e94f6615 JS: Change note 2022-11-08 11:51:26 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
Dave Bartolomeo
013b7eff1c Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-04 18:46:32 -04:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Erik Krogh Kristensen
c82d8cbacc Merge pull request #11013 from erik-krogh/sndCmd 
JS: second-order-command-injection
 2022-11-04 10:58:50 +01:00
Erik Krogh Kristensen
1f51bd4594 add dash in description 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-03 16:24:59 +01:00
erik-krogh
96ec54e5be fix minor issues in qhelp 2022-11-03 14:01:58 +01:00
erik-krogh
b5666888b1 rewrite @description of second-order-command-injection 2022-11-03 14:00:29 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Dave Bartolomeo
49c4c554c4 Merge from main 2022-11-01 13:22:40 -04:00
erik-krogh
6f3ca40fed expand the explanation to include with arguments make the commands vulnerable 2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen
8fd6424db9 fix the qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2022-11-01 14:05:25 +01:00
erik-krogh
5e5160d4fc add which commands are flagged in the change-note 2022-10-31 21:42:59 +01:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Taus
503cc560cf Merge pull request #10943 from bananabr/main 
Javascript/Python: Tokens built from predictable UUIDs
 2022-10-27 14:12:34 +02:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen
cecb498bf3 Merge pull request #10984 from tyage/add-next-js-source 
JS: Add Next.js parameters as source
 2022-10-27 10:36:12 +02:00
tyage
e8b751ae17 Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-27 10:24:08 +09:00
Dave Bartolomeo
23b572e9b7 Use ${workspace} for intra-workspace dependencies 
Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release.

Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.
 2022-10-26 16:40:01 -04:00
Daniel Santos
64da2cec50 removed unnecessary getACall and fixed formatting 2022-10-26 12:02:55 -05:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
tyage
7a19744cf2 add change note 2022-10-26 15:17:50 +09:00
Daniel Santos
f7ace6f801 Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-25 14:27:03 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00