hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

2686 Commits

Author SHA1 Message Date
github-actions[bot]
2d64a618e6 Release preparation for version 2.20.7 2025-03-17 12:15:54 +00:00
Napalys
6b105b2f49 Added modeling underscore.string array to string functions. 2025-03-17 12:55:53 +01:00
Napalys
30623cd953 Added modeling of underscore.string for str to array. 2025-03-17 12:52:56 +01:00
Napalys
9bca863e38 Added modeling of underscore.string string to string functions. 2025-03-17 12:50:41 +01:00
Napalys Klicius
749a0560b4 Merge pull request #19027 from Napalys/js/escape 
JS: Add support for `escape`
 2025-03-17 10:48:44 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Asger F
cd3909245d JS: Bugfix in Array constructor summary 2025-03-14 23:08:22 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Asger F
4c1c0b79a6 JS: Make API-graphs use Content internally, and use steps from flow summaries 2025-03-14 23:08:16 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Napalys
4c77ee2f4f Added change note. 2025-03-14 14:27:14 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys
d40ef0ddae Changed from taint to value steps. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 13:48:15 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Napalys Klicius
908f48a22f Merge branch 'main' into js/vue_tanstack_model 2025-03-14 10:45:42 +01:00
Asger F
9a8cb1a55b Merge pull request #19007 from asgerf/js/api-graph-awaited-return 
JS: Fix bug in API graphs getPromised() missing async function returns
 2025-03-14 10:36:16 +01:00
Napalys
0df2069575 Added change note. 2025-03-13 13:47:46 +01:00
Napalys
de5c7efd63 Added test case for unescape. 2025-03-13 13:47:42 +01:00
Asger F
08ee51cbc4 JS: Move some promise-related store steps into PromiseFlow::storeStep 
API graphs calls PromiseFlow::storeStep to propagate promises, which means it missed a store steps added elsewhere in the old promise library model.

We want API graphs to rely on type-tracking steps in general, like in Ruby, but for now just fixing the bug.
 2025-03-13 12:53:04 +01:00
Napalys
5dff23de6b Added change note. 2025-03-13 12:45:27 +01:00
Napalys
3640e5e425 Added model for tanstack-react useQueries 2025-03-13 12:45:26 +01:00
Napalys
6c9aa0e872 Added modeling of tanstack-vue useQueries. 2025-03-13 12:45:23 +01:00
Napalys
0c0158899e Added tanstack-vue useQuery modeling 2025-03-13 12:25:07 +01:00
Napalys Klicius
40903a9643 Merge pull request #18975 from Napalys/js/tanstack_angular 
JS: Update Angular Client Request's with API graph and `Tanstack` Angular modeling
 2025-03-12 15:30:26 +01:00
Napalys
f867e0fae8 Added angular-query so when it is released it would be still modeled. 2025-03-12 14:00:44 +01:00
Napalys Klicius
bf24f7794f Update javascript/ql/lib/change-notes/2025-03-11-tanstack-angular.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-12 13:58:09 +01:00
Napalys Klicius
86bd3b8d26 Merge pull request #18986 from Napalys/js/remove_dedundant_stats 
JS: Removed auto generated stats file
 2025-03-12 12:51:26 +01:00
Napalys
8a8defd48f Removed redundant stats file genarated from check-db-upgrades-javascript 2025-03-12 11:57:27 +01:00
Napalys
09986bc26c Added change note. 2025-03-12 11:54:57 +01:00
Napalys
770920e738 Add new model configuration for @tanstack/angular-query-experimental. 2025-03-12 11:54:55 +01:00
Asger F
b4016c144b Merge pull request #18973 from asgerf/js/vue-fix 
JS: Fix attributes nodes missing an enclosing callable
 2025-03-12 11:23:25 +01:00
Napalys
979a5b4587 Updated stats file with intersection, subtraction and quoted_string. 2025-03-12 09:02:53 +01:00
Asger F
8599ab2503 JS: Fix attributes nodes missing an enclosing callable 2025-03-11 16:47:48 +01:00
Asger F
e8c5e4d006 Merge branch 'main' into js/test-suite 2025-03-11 13:17:08 +01:00
Napalys Klicius
a4f2264f17 Merge pull request #18899 from Napalys/js/ecma-2024-regex 
JS: Add ECMAScript 2024 `v` Flag Operators for Regex Parsing
 2025-03-11 12:50:44 +01:00
Napalys
c001435258 Refactor Angular2 API to use httpClientApiNode for HttpClient method calls 2025-03-11 12:32:24 +01:00
Napalys Klicius
a900f2cea4 Update javascript/ql/lib/change-notes/2025-03-03-regex-v.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-11 11:57:28 +01:00
Napalys Klicius
7c9edff33c Merge pull request #18964 from Napalys/js/mark_down_table 
JS: Refactor `markdown-table` library modeling
 2025-03-11 09:02:56 +01:00
Asger F
b583e52a87 Merge pull request #18962 from asgerf/js/local-type-indirection 
JS: Unfold local type aliases in getAnUnderlyingType
 2025-03-11 08:54:03 +01:00
Napalys
08c07f815f Improved documentation, removed union fram change note. 2025-03-11 08:30:17 +01:00
Napalys Klicius
1ad8b4677d Update javascript/ql/lib/change-notes/2025-03-10-js-refactor-markdown-table.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-11 08:07:49 +01:00
Erik Krogh Kristensen
e6884cf705 Merge pull request #18959 from erik-krogh/faster-routing 
JS: ensure the result from getPathFromFork is unique (to avoid a blowup)
 2025-03-10 21:45:14 +01:00
Napalys
4a365857f1 Added change note. 2025-03-10 19:40:41 +01:00
Napalys
13c701948a Refactor Markdown taint steps and update expected results for reflected XSS tests 2025-03-10 19:27:36 +01:00
Erik Krogh Kristensen
b945466b9f Merge pull request #18892 from asgerf/js/membership-regexp-test 
JS: Sharpen up EnumerationRegExp
 2025-03-10 16:21:54 +01:00
Asger F
f7d2abf3e3 JS: Unfold local type aliases in getAnUnderlyingType 2025-03-10 16:09:16 +01:00
Asger F
08c9f6fa1e Merge pull request #18798 from erik-krogh/ts58 
JS: upgrade TypeScript to 5.8
 2025-03-10 14:48:03 +01:00
Asger F
d84368eb54 Merge pull request #18858 from Napalys/js/react-relay 
JS: React-relay support
 2025-03-10 14:33:23 +01:00
Napalys
9c8e0a5537 Applied changes from comments. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-10 13:29:05 +01:00