hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

6172 Commits

Author SHA1 Message Date
Asger F
d23c198072 JS: Change note 2025-01-30 20:41:20 +01:00
Asger F
f8694a34e5 Merge pull request #18397 from aegilops/angular-sources-sinks 
JavaScript CodeQL library updates: new Angular sink(s)
 2025-01-29 09:09:23 +01:00
Erik Krogh Kristensen
87ad09bcdf Merge pull request #18595 from erik-krogh/erik-krogh/clear-text-example 
JS: fix example in clear-text-logging qhelp to actually be bad
 2025-01-27 11:45:50 +01:00
erik-krogh
37a1727043 fix example in clear-text-logging qhelp to actually be bad 2025-01-27 11:31:28 +01:00
Paul Hodgkinson
f033f179f7 Merge branch 'main' into angular-sources-sinks 2025-01-24 15:46:48 +00:00
aegilops
d248551e88 Updated expected test result files using HEAD version of codeql 2025-01-24 15:46:09 +00:00
Asger F
1b7977bf90 Merge pull request #18466 from asgerf/js/view-component-inputs 
JS: Add view-component-input threat model
 2025-01-24 10:59:25 +01:00
Asger F
60f9160822 Merge pull request #18574 from asgerf/js/diff-informed2 
JS: fix and improve diff-informed queries
 2025-01-24 10:58:22 +01:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
Asger F
102b187c35 JS: Ignore experimental queries for now 2025-01-23 12:53:18 +01:00
Asger F
dba76a0e4d JS: Rerun patch query after bugfix 2025-01-23 10:31:32 +01:00
Erik Krogh Kristensen
4bd4937e65 Merge pull request #18547 from erik-krogh/suffixCheck 
JS: Fix FPs with js/incorrect-suffix-check
 2025-01-22 21:13:27 +01:00
Asger F
051fa66af1 JS: Add change note 2025-01-22 11:49:48 +01:00
erik-krogh
04bbd5919a add change-note 2025-01-22 10:16:11 +01:00
Asger F
01f7d45e2d JS: Add meta query for reporting threat model sources 2025-01-22 09:51:32 +01:00
Asger F
30d192a1db JS: Move getName() to a shared location 2025-01-22 09:51:32 +01:00
Asger F
0b9187d76c JS: Add change note 2025-01-21 14:17:35 +01:00
erik-krogh
2f1bd75ee9 remove redundant cast 2025-01-21 09:51:14 +01:00
erik-krogh
17afab7d0f support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall() 2025-01-21 09:43:57 +01:00
erik-krogh
d5529e3a7e ensure an indexOf call is equivalent with itself. (getAUse() is used later to find matching indexOf calls) 2025-01-21 09:42:30 +01:00
github-actions[bot]
fbb7f0a0c6 Post-release preparation for codeql-cli-2.20.2 2025-01-20 21:11:14 +00:00
github-actions[bot]
a0512a50f2 Release preparation for version 2.20.2 2025-01-20 21:11:12 +00:00
Asger F
8fe622f572 JS: Update PrototypePollutingFunction.ql 2025-01-20 11:20:29 +01:00
Asger F
fd763a0883 JS: Auto-patch diff informed queries 2025-01-20 11:20:27 +01:00
Asger F
7b3727b874 JS: Add change note 2025-01-17 10:27:02 +01:00
Asger F
6cd9752289 Merge pull request #18467 from github/js/shared-dataflow-branch 
JS: Migrate to shared data flow library (targeting main!) 🚀
 2025-01-16 11:28:57 +01:00
Erik Krogh Kristensen
70a1a6454d Merge pull request #18452 from asgerf/js/import-spec-strings 
JS: Fix crash in case of string literal in export specifier
 2025-01-09 15:50:40 +01:00
Asger F
a7fbfb2c2d JS: Change note 2025-01-09 10:48:52 +01:00
github-actions[bot]
fb20f6ca63 Post-release preparation for codeql-cli-2.20.1 2025-01-07 22:07:40 +00:00
github-actions[bot]
88b6f1e79a Release preparation for version 2.20.1 2025-01-07 20:50:36 +00:00
Dave Bartolomeo
72a53c4b23 Revert "Release preparation for version 2.20.1" 2025-01-07 13:32:23 -05:00
github-actions[bot]
fbf9f2fff8 Release preparation for version 2.20.1 2025-01-07 17:20:13 +00:00
Dave Bartolomeo
22e030584c Revert "Release preparation for version 2.20.1" 2025-01-07 12:14:27 -05:00
github-actions[bot]
a121c5a5d0 Release preparation for version 2.20.1 2025-01-06 18:20:22 +00:00
Asger F
0cdda87161 JS: Restrict AP length in prototype-polluting function 2025-01-06 14:33:41 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Asger F
947b785d47 JS: Remove reference to deprecated step relation that's empty anyway 2024-12-16 15:35:53 +01:00
Asger F
079294e55f JS: Mass rename to node1,state1,node2,state2 naming convention 2024-12-16 15:35:46 +01:00
Asger F
73af3f3536 JS: Migrate PrototypePollutingFunction 2024-12-16 15:35:40 +01:00
Asger F
ebe596f227 JS: Migrate CorsPermissiveConfiguration 2024-12-16 15:35:39 +01:00
Asger F
d83ddfabaa JS: Migrate an experimental CodeInjection query 2024-12-16 15:35:38 +01:00
Asger F
a398599bfb JS: Rename an experimental query 
Having the same name as a standard query is just confusing
 2024-12-16 15:35:36 +01:00
Asger F
4e25036cdc JS: Follow naming convention in InsecureModuleFlow module 2024-12-13 11:09:59 +01:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00
github-actions[bot]
96564b7128 Release preparation for version 2.20.0 2024-12-04 16:01:14 +00:00
Henry Mercer
963f084d87 Merge branch 'main' into henrymercer/merge-back-rc-3.16 2024-12-04 13:39:10 +00:00
Asger F
b3461989b1 JS: Remove use of SanitizerGuardNode in experimental SSRF query 
Makes a quick effort attempt to restore the original behaviour, though
it is not exactly the same due to lack of recursion.
 2024-12-03 14:30:36 +01:00
Asger F
a574ff1669 JS: Remove use of MakeLegacyBarrierGuard in experimental SSRF 2024-12-03 14:30:28 +01:00
Asger F
75ab4856b8 Remove unsupported features from PoI 2024-12-03 14:30:25 +01:00
Asger F
04a3a6707f JS: Update a reference to AdditionalSanitizerGuardNode 
Unlike most other references to this class, we're not subclassing it here, we're
just trying to reuse some standard barrier guards but with a different flow state.
 2024-12-03 14:30:22 +01:00