Erik Krogh Kristensen
9893650f7c
Merge pull request #8604 from erik-krogh/httpNode
...
JS: refactor most library models away from AST nodes
2022-09-09 10:04:17 +02:00
erik-krogh
1ec77136ec
depend on an explicit version of the typo database
2022-09-09 08:37:38 +02:00
erik-krogh
88f295fbb1
make a shared library of the typo database
2022-09-08 15:49:43 +02:00
github-actions[bot]
a9d80a5a48
Release preparation for version 2.10.5
2022-09-08 11:35:54 +00:00
erik-krogh
a35fe1ffab
Merge branch 'main' into js-followMsg
2022-09-08 13:09:15 +02:00
Asger F
5c12780b1c
JS: Change note
2022-09-07 13:45:38 +02:00
erik-krogh
24f2e3cc07
update alert-messages of the sensitive data queries to match #10314
2022-09-06 12:25:36 +02:00
erik-krogh
0776687991
fix leftover todo in js/insecure-temporary-file
2022-09-06 10:05:50 +02:00
Erik Krogh Kristensen
b4968eb645
refactor the SensitiveExpr to be a dataflow node
2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
aa9261f1b1
convert the AngularJS model to use DataFlow nodes
2022-09-05 16:11:54 +02:00
Erik Krogh Kristensen
9cb7522bc1
change RouteSetup to a DataFlow::Node
2022-09-05 15:45:31 +02:00
erik-krogh
aa56ca37ae
make the alert messages of taint-tracking queries more consistent
2022-09-05 14:04:52 +02:00
Edoardo Pirovano
8f332714f4
Merge pull request #10260 from github/edoardo/3.7-mergeback
...
Merge `rc/3.7` into `main`
2022-09-01 15:44:17 +01:00
github-actions[bot]
3b4ad3c4f1
Post-release preparation for codeql-cli-2.10.4
2022-08-26 09:32:11 +00:00
erik-krogh
cc7a9ef97a
rename more acronyms
2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
06afe9c0f4
Merge pull request #9816 from erik-krogh/msgConsis
...
Make alert messages consistent across languages
2022-08-25 15:20:01 +02:00
github-actions[bot]
0f63bc077f
Release preparation for version 2.10.4
2022-08-25 12:52:26 +00:00
erik-krogh
f1799ae3d2
print the endpointExample in the alert-messsage, and only report one working example
2022-08-24 13:09:48 +02:00
erik-krogh
a50234adb0
apply suggestion from review
2022-08-23 15:41:37 +02:00
erik-krogh
afadcd9b45
use a more detailed alert message in bitwise-sign-check
2022-08-23 11:18:45 +02:00
erik-krogh
f7846a598e
add change-notes
2022-08-23 07:54:01 +02:00
erik-krogh
60908de089
update js/nested-loops-with-same-variable to match cpp
2022-08-22 21:41:46 +02:00
erik-krogh
20625ae60d
update {js/go/py}/xpath-injection to match csharp/java
2022-08-22 21:41:46 +02:00
erik-krogh
b5458b2125
update js/insecure-randomness to match csharp
2022-08-22 21:41:46 +02:00
erik-krogh
9cdd8cc8f5
update js/tainted-format-string to match ruby/java
2022-08-22 21:41:46 +02:00
erik-krogh
9395f156de
update {js/py}/command-line-injection to match csharp/java
2022-08-22 21:41:46 +02:00
erik-krogh
3553f3d9b8
update {rb/py/js/go}/path-injection to match java/csharp
2022-08-22 21:41:45 +02:00
erik-krogh
39c1832995
update {cpp/js}/bitwise-sign-check to match java
2022-08-22 21:41:45 +02:00
erik-krogh
b471a401cc
update {rb/js/java}/unused-parameter to match python
2022-08-22 21:41:45 +02:00
erik-krogh
594fbc678e
update js/zip-slip to match java/go/csharp
2022-08-22 21:41:45 +02:00
erik-krogh
0aebc90b61
don't lowercase the endpointExample, and correctly handle root states
2022-08-21 18:38:47 +02:00
erik-krogh
d052b1e3c9
also support regular expressions without repetitions
2022-08-19 19:21:44 +02:00
erik-krogh
26fcf6b25b
apply suggestions from review
2022-08-18 15:00:57 +02:00
erik-krogh
de3e1c39e4
use the shared regular expression libraries in js/case-sensitive-middleware-path
2022-08-18 10:07:55 +02:00
Harry Maclean
70ec70940a
Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization
2022-08-18 10:02:39 +12:00
erik-krogh
6ac898bad4
add desugered to the typo database
2022-08-17 13:13:43 +02:00
Harry Maclean
f1a546c4d6
Rename IncompleteMultiCharacterSanitization[Query]
2022-08-17 16:03:49 +12:00
Harry Maclean
e48158b9ad
JS: Share more code with Ruby
2022-08-17 16:03:49 +12:00
Harry Maclean
b7d9bf4066
Share IncompleteMultiCharacterSanitization JS/Ruby
...
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
2022-08-17 16:03:46 +12:00
Sid Shankar
1e1e2318b7
Merge pull request #10052 from github/task/fix-broken-links
...
Docs: Replace HTTP broken links to equivalent HTTPS resources
2022-08-16 08:45:08 -04:00
Alex Ford
d02ad51d74
Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3
...
Post-release preparation for codeql-cli-2.10.3
2022-08-16 12:04:07 +01:00
Erik Krogh Kristensen
f106e064fa
Merge pull request #9422 from erik-krogh/refacReDoS
...
Refactorizations of the ReDoS libraries
2022-08-16 09:32:08 +02:00
Sid Shankar
639af0a9a3
Use Wayback Machine 🔗 for IE Conditional Comments
2022-08-15 14:45:34 -04:00
Sid Shankar
79a4ddd2ee
Fix invalid link to Ecmascript 2015 specification
2022-08-15 14:44:18 -04:00
Erik Krogh Kristensen
0adb588fe8
Merge pull request #9712 from erik-krogh/badRange
...
JS/RB/PY/Java: add suspicious range query
2022-08-15 13:55:44 +02:00
erik-krogh
b54f037424
Merge branch 'main' into refacReDoS
2022-08-12 20:28:30 +02:00
github-actions[bot]
21d0c78376
Post-release preparation for codeql-cli-2.10.3
2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b
Release preparation for version 2.10.3
2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
887f6557ed
fix common misspellings throughout github/codeql
2022-08-10 23:21:41 +02:00
Esben Sparre Andreasen
0c6f28014c
Merge pull request #9821 from erik-krogh/jsQlFix
...
JS: fix some QL-for-QL warnings in JS
2022-08-09 22:06:29 +02:00
