hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

6172 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
aca4c8727f Merge pull request #8802 from github/post-release-prep/codeql-cli-2.9.0 
Post-release preparation for codeql-cli-2.9.0
 2022-04-25 22:52:55 +01:00
Erik Krogh Kristensen
0a26e891a2 include startsWith/endsWith checks in js/missing-origin-check 2022-04-25 15:28:50 +02:00
Erik Krogh Kristensen
fe3d71ebc2 fix qhelp: the window, not the origin, is sending the message 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-04-25 14:07:01 +02:00
CodeQL CI
06e5962da7 Merge pull request #8791 from asgerf/js/static-accessors 
Approved by erik-krogh
 2022-04-22 13:39:32 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Khang. Võ Vĩ
f4581ae866 fix PrototypePollutingAssignment examples 2022-04-22 11:55:45 +07:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
Asger Feldthaus
c6e66edb97 JS: Change note 2022-04-21 08:32:01 +02:00
Erik Krogh Kristensen
6799232009 fix typo in qldoc 2022-04-19 11:09:27 +02:00
Erik Krogh Kristensen
8e5a7bcd76 add change-note 2022-04-19 10:53:48 +02:00
Erik Krogh Kristensen
2e5d435bea add CWE-400, and add a reference to DoS attacks 2022-04-14 18:37:50 +02:00
Erik Krogh Kristensen
41bdd8f4da minor fixes 2022-04-13 10:11:07 +02:00
Erik Krogh Kristensen
a2d2626c9c add security severity 2022-04-12 16:34:00 +02:00
Erik Krogh Kristensen
d64df30724 reintroduce the reverted qhelp 2022-04-12 16:33:06 +02:00
Erik Krogh Kristensen
e2b7f7d05d reintroduce the number sinks 2022-04-12 16:26:10 +02:00
Erik Krogh Kristensen
688b2b6898 use the Query.qll pattern 2022-04-12 15:52:52 +02:00
Erik Krogh Kristensen
8fb54c3f32 move js/resource-exhaustion out of experimental 2022-04-12 15:51:36 +02:00
Erik Krogh Kristensen
df295e69d6 add change-note 2022-04-12 14:37:51 +02:00
Erik Krogh Kristensen
bca4d14129 rename files 2022-04-12 14:37:43 +02:00
Erik Krogh Kristensen
591fcda862 various improvements to the js/missing-origin-verification query 2022-04-12 14:20:41 +02:00
Erik Krogh Kristensen
18532bae54 move js/missing-postmessageorigin-verification out of experimental 2022-04-12 10:39:27 +02:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes 
Approved by erik-krogh
 2022-04-11 14:08:15 +01:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Asger Feldthaus
2a67085d9d JS: Change note 2022-04-07 10:02:21 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Erik Krogh Kristensen
cf94c93b1a Merge pull request #8481 from erik-krogh/schemeChain 
JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check
 2022-03-25 11:13:10 +01:00
Erik Krogh Kristensen
47a9376e81 fix bad join in js/unreachable-method-overloads 2022-03-24 16:09:10 +01:00
Arthur Baars
65f8f56095 Merge branch 'main' into incomplete-url-string-sanitization 2022-03-24 11:27:30 +01:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
CodeQL CI
b04c46f96d Merge pull request #8478 from asgerf/js/store-load-flow-context-sensitivity-bug 
Approved by erik-krogh
 2022-03-21 08:54:51 +00:00
Arthur Baars
bf888f0f0b Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization 
Conflicts:
	config/identical-files.json
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
	ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
 2022-03-18 16:09:20 +01:00
Arthur Baars
4a27928728 Ruby/JS add missing ^ in qhelp 2022-03-18 14:00:10 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Asger Feldthaus
26b7edccd4 JS: Change note 2022-03-18 11:59:36 +01:00
Erik Krogh Kristensen
235aa9c24e recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check 2022-03-18 10:37:20 +01:00
Erik Krogh Kristensen
daed33f5af JS: fix more instances of ql/missing-parameter-qldoc 2022-03-16 22:58:28 +01:00
Erik Krogh Kristensen
efba220b45 JS: fix most ql/missing-parameter-qldoc issues 2022-03-16 22:56:52 +01:00
Erik Krogh Kristensen
f083e87fa1 refactor the js/xss query to use three flowlabels and one configuration 2022-03-16 22:32:08 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen
2442beaf9a add missing severities to JS queries 2022-03-16 10:40:34 +01:00
Erik Krogh Kristensen
195ce9c58a add some API-nodes to js/disabling-certificate-validation 2022-03-14 21:33:13 +01:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen
7d6700a943 Merge branch 'main' into depMore 2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen
54760081dc add pointers to the qldoc of deprecated predicates 2022-03-14 10:10:38 +01:00
Erik Krogh Kristensen
4fc85a791d deprecate DefiningIdentifier, it was not used in any query 2022-03-13 23:54:53 +01:00