hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

10370 Commits

Author SHA1 Message Date
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Arthur Baars
942cd7c275 Merge pull request #12113 from erik-krogh/diagnostics 
JS: Implement diagnostics
 2023-03-09 12:57:06 +01:00
Arthur Baars
7ab0f88f78 JS: add link to docs to parse error diagnostic 2023-03-08 16:47:43 +01:00
Arthur Baars
e5be8ab1e5 JS: add integration test for diagnostic messages 2023-03-08 16:04:49 +01:00
Asger F
05b5aea477 JS: Changenote 2023-03-07 13:15:44 +01:00
Asger F
856b50735d JS: Expand test case 2023-03-07 13:04:26 +01:00
Asger F
0affd898de JS: Track trusted type policy callbacks 2023-03-07 10:22:26 +01:00
Asger F
4f0e17bf97 JS: Add step to a few other queries 2023-03-07 09:39:40 +01:00
Asger F
d4b4d22378 JS: Step through HTML sanitizers in SQL injection query 2023-03-06 15:10:26 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Dave Bartolomeo
b342e93989 Move change note to appropriate pack 2023-03-03 14:43:00 -05:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Asger F
37999eaea0 JS: Fix implicit this 2023-03-03 13:43:17 +01:00
Asger F
f4b13e0955 JS: Update printAst expected output 2023-03-03 13:42:42 +01:00
Erik Krogh Kristensen
d94e51aaf6 Merge pull request #12377 from erik-krogh/jHtml 
JS: add the html argument to the jQuery functions as an XSS sink
 2023-03-03 13:19:38 +01:00
Asger F
7f96fe725b JS: Change note 2023-03-03 12:21:20 +01:00
Asger F
7a55b003d2 JS: Fix location of assert clause 2023-03-03 12:21:20 +01:00
Asger F
38194c6ae7 JS: Extract import assertions to DB 2023-03-03 12:21:20 +01:00
erik-krogh
a6c9af4182 add the html argument to the jQuery functions as an XSS sink 2023-03-03 11:09:53 +01:00
erik-krogh
94870b838f add failing test 2023-03-03 11:08:33 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
github-actions[bot]
50c90bbc5c ATM: Update model pack dependency of ML-powered model building and query packs 2023-03-02 17:31:03 +00:00
Erik Krogh Kristensen
64dad3db8a Merge pull request #12333 from kaspersv/kaspersv/fix-join-order 
ReflectedXss: Prevent bad join order
 2023-03-01 12:48:30 +01:00
Kasper Svendsen
86925646f3 ReflectedXss: Prevent bad join order 2023-02-28 12:06:27 +01:00
Erik Krogh Kristensen
50aa5e072a Merge pull request #12177 from erik-krogh/alias-html 
JS: More precise type-test sanitizer guards in unsafe-html-construction
 2023-02-27 18:16:11 +01:00
Erik Krogh Kristensen
927c322b7b Merge pull request #11769 from erik-krogh/moreSan 
JS: Sanitizer for `sanitizer(x) === true`
 2023-02-27 15:48:34 +01:00
Alex Ford
7c85448cba Merge pull request #12080 from alexrford/js-use-shared-cryptography 
JS: Use shared `CryptographicOperation` concept
 2023-02-27 12:26:38 +00:00
erik-krogh
0e60fc5512 Merge branch 'main' into alias-html 2023-02-27 09:16:25 +01:00
Erik Krogh Kristensen
f8f926ad50 Merge pull request #12175 from erik-krogh/reg-input 
JS: add process.env and process.argv etc. as source for `js/regex-injection`
 2023-02-27 09:12:02 +01:00
Erik Krogh Kristensen
4ffe20ae75 Merge pull request #12189 from erik-krogh/more-export 
JS: also consider relative exports when finding library inputs
 2023-02-27 09:02:55 +01:00
Henry Mercer
eb1fe57590 Merge branch 'main' into codeql-ci/atm/release-0.4.8 2023-02-23 16:23:32 +00:00
github-actions[bot]
7e2b286f03 JS: Bump version of ML-powered library and query packs to 0.4.9 2023-02-23 16:12:23 +00:00
github-actions[bot]
e02368f6fa JS: Bump patch version of ML-powered library and query packs 2023-02-23 16:04:39 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Alex Ford
9cfd0f5f46 JS: fix qldoc 2023-02-16 11:00:37 +00:00
Alex Ford
1556b1a728 Merge branch 'main' into js-use-shared-cryptography 2023-02-15 17:13:53 +00:00
Alex Ford
1958b9dcd5 JS: add missing qldoc 2023-02-15 16:59:03 +00:00
Alex Ford
43af306d60 dynamic: more detailed qldoc for CryptographicOperation#getBlockMode() 2023-02-15 16:55:18 +00:00
Alex Ford
e8cbf7287d JS: breaking change note for CryptographicOperation sync 2023-02-15 16:50:24 +00:00
Alex Ford
925b4a3fa8 JS: improve documentation on deprecated CryptographicOperation#getInput() predicate 2023-02-15 16:23:46 +00:00
Alex Ford
d4d0b91085 dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate 2023-02-15 16:23:46 +00:00
Alex Ford
c7aaad9ed0 JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby 2023-02-15 16:23:46 +00:00
erik-krogh
51ddb55d7b use tainted-object to precisely model that plain object are fine, but their properties are not 2023-02-15 15:02:03 +01:00
erik-krogh
09794fa836 delete PrefixStringSanitizer 2023-02-15 14:55:02 +01:00
Rasmus Wriedt Larsen
c72dbc49fc Merge pull request #12165 from RasmusWL/crypto-updates 
Python/Ruby/JS Crypto: Add a few algorithms + block modes
 2023-02-15 14:35:40 +01:00
erik-krogh
bec8dc6775 add explicit this 2023-02-15 10:44:57 +01:00
erik-krogh
b7305fd229 also consider relative exports when finding library inputs 2023-02-14 21:08:13 +01:00
erik-krogh
de4f5017e1 add change-note 2023-02-14 18:36:07 +01:00