hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,465 Commits 1,671 Branches 157 Tags
ginsbach/overlay-java-discarding
Commit Graph

6276 Commits

Author SHA1 Message Date
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
erik-krogh
9aeba4f31e changes based on review 2023-06-01 17:24:44 +02:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
Asger F
baef99995d JS: Change note 2023-06-01 14:10:11 +02:00
erik-krogh
1e08105863 less duplicated headers in the sql-injection samples 2023-05-31 18:04:34 +02:00
erik-krogh
98820780af show how to use mysql.escape in the sql-injection qhelp 2023-05-31 18:04:34 +02:00
erik-krogh
7d801e05ee add an example of using dollar eq 2023-05-31 18:04:23 +02:00
erik-krogh
e24b45b423 elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp 2023-05-31 09:57:38 +02:00
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Erik Krogh Kristensen
239234c5d2 fix bad change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-17 14:47:32 +02:00
erik-krogh
5a82454710 add change-note 2023-05-17 12:02:21 +02:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
Max Schaefer
5dfe52afd0 Merge pull request #13152 from github/max-schaefer/unsafe-shell-command-construction-examples-sync 
JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input.
 2023-05-12 16:50:25 +01:00
Max Schaefer
2e7eb50319 JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input. 2023-05-12 14:42:11 +01:00
Max Schaefer
a4f6ccf2fc JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass 2023-05-12 14:21:40 +01:00
Kasper Svendsen
7dd9906e95 JS: Enable implicit this receiver warnings 2023-05-12 09:49:14 +02:00
Asger F
c376eeb133 Merge pull request #12978 from asgerf/js/github-actions-sources 
JS: Add sources and sinks related to GitHub Actions
 2023-05-10 09:55:24 +02:00
Jaroslav Lobačevski
5aa71352dc Update javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-09 12:23:52 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Asger F
bdcda7ffe6 JS: Move change note to right location 2023-05-03 10:22:40 +02:00
Asger F
67afbee06d Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher 
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
 2023-05-02 13:59:30 +02:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
Asger F
1b75afb5b1 JS: Change note 2023-04-28 14:32:11 +02:00
github-actions[bot]
3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
Asger F
c9c281cb9a JS: Change note 2023-04-26 12:50:59 +02:00
Asger F
5f011a262c JS: Change note 2023-04-26 12:49:24 +02:00
smiddy007
a2a82fcde9 Merge branch 'main' into JS-Allow-Truncated-Hash-Forge-NonKeyCipher 2023-04-25 12:23:31 -04:00
jarlob
6e9f54ef55 Use double curly braces 2023-04-21 19:03:38 +02:00
smiddy007
bda0ef3a75 Merge branch 'github:main' into JS-Allow-Truncated-Hash-Forge-NonKeyCipher 2023-04-19 13:40:32 -04:00
smiddy007
4f7275f064 Reformat doc and move change note 2023-04-19 13:39:18 -04:00
Nate Johnson
4ae8377713 Merge branch 'main' into js-insecure-http-parser 2023-04-18 22:00:13 -04:00
Nate Johnson
78229bb264 Moved into experimental 2023-04-18 21:59:14 -04:00
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Tom Hvitved
f6d000eb20 Merge pull request #12805 from hvitved/remove-queries-xml 
Remove all `queries.xml` files
 2023-04-18 10:52:14 +02:00
Nate Johnson
bbb1ee9597 Merge branch 'main' into js-insecure-http-parser 2023-04-18 00:45:32 -04:00