Nick Rolfe
|
f417c12c5e
|
Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3
Post-release preparation for codeql-cli-2.9.3
|
2022-05-31 16:17:50 +01:00 |
|
github-actions[bot]
|
ed2f3409bc
|
Post-release preparation for codeql-cli-2.9.3
|
2022-05-31 09:54:55 +00:00 |
|
Erik Krogh Kristensen
|
6cfd790cda
|
Merge pull request #9356 from erik-krogh/getRouting
JS: rewrite js/sensitive-get-query to use routing trees
|
2022-05-31 11:08:54 +02:00 |
|
Erik Krogh Kristensen
|
adb40f9360
|
Merge pull request #9289 from erik-krogh/es2022
JS: Support the remaining of the finished ES2022 proposals
|
2022-05-30 12:27:19 +02:00 |
|
Erik Krogh Kristensen
|
ab28b0a690
|
Merge pull request #9348 from erik-krogh/polyRegSyntax
JS: use syntactically correct JS in poly-redos example
|
2022-05-30 12:26:04 +02:00 |
|
Erik Krogh Kristensen
|
63e637503d
|
rewrite js/sensitive-get-query to use routing trees
|
2022-05-30 11:55:09 +02:00 |
|
Asger F
|
cc42f2f824
|
Merge pull request #8606 from asgerf/js/api-graph-api
JS/Python/Ruby: Document how API graphs should be interpreted
|
2022-05-30 10:49:14 +02:00 |
|
Erik Krogh Kristensen
|
fef87db739
|
use syntactically correct JS in poly-redos example
|
2022-05-27 10:08:30 +02:00 |
|
Erik Krogh Kristensen
|
361b2aa6bb
|
Merge pull request #9325 from erik-krogh/CWE-940
JS: add CWE-940 to js/missing-origin-check
|
2022-05-25 16:41:40 +02:00 |
|
Erik Krogh Kristensen
|
ed907f6f63
|
add CWE-940 to js/missing-origin-check
|
2022-05-25 14:15:48 +02:00 |
|
Erik Krogh Kristensen
|
009ba4c280
|
update query id to the updated id
|
2022-05-25 10:55:33 +02:00 |
|
github-actions[bot]
|
1f1b364feb
|
Release preparation for version 2.9.3
|
2022-05-25 07:46:48 +00:00 |
|
Asger F
|
a955bd3695
|
JS: Change note
|
2022-05-24 14:18:06 +02:00 |
|
Erik Krogh Kristensen
|
82c6c22d50
|
make a model for hasOwnProperty calls and similar
|
2022-05-24 14:13:53 +02:00 |
|
Erik Krogh Kristensen
|
2a97dd9f6f
|
add support for Object.hasOwn(obj, key)
|
2022-05-24 13:59:25 +02:00 |
|
Asger F
|
631527fe49
|
JS: Rename Node.{getASource -> asSource, getASink -> asSink}
|
2022-05-24 11:57:30 +02:00 |
|
Asger Feldthaus
|
19a5db9f89
|
JS: Rename getARhs -> getASink
|
2022-05-24 11:57:30 +02:00 |
|
Asger Feldthaus
|
4c6192670e
|
JS: Rename getAnImmediateUse -> getASource
|
2022-05-24 11:57:30 +02:00 |
|
Erik Krogh Kristensen
|
a404a8c61a
|
use more set literals instead of big disjunctions
|
2022-05-24 11:09:10 +02:00 |
|
Erik Krogh Kristensen
|
d58fe8e193
|
add explicit this
|
2022-05-24 10:59:13 +02:00 |
|
Erik Krogh Kristensen
|
d1ad08ecb5
|
fix misspellings in predicate names
|
2022-05-24 10:57:13 +02:00 |
|
Erik Krogh Kristensen
|
aadbc989ce
|
fix typo in comment
Co-authored-by: Asger F <asgerf@github.com>
|
2022-05-23 15:07:29 +02:00 |
|
Erik Krogh Kristensen
|
7a3bbede1b
|
remove support for passport in the session-fixation query
|
2022-05-23 12:55:11 +02:00 |
|
Erik Krogh Kristensen
|
86e97c32d6
|
fix all ql/use-string-compare
|
2022-05-17 14:11:05 +02:00 |
|
Mathias Vorreiter Pedersen
|
1280d43e36
|
Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2
Post-release preparation for codeql-cli-2.9.2
|
2022-05-17 10:01:37 +01:00 |
|
Erik Krogh Kristensen
|
2550988006
|
change @id from js/actions/injection to js/actions/command-injection
|
2022-05-17 09:25:05 +02:00 |
|
Nick Rolfe
|
c518150b49
|
Merge pull request #9132 from github/nickrolfe/misspelling
QL for QL: generalise non-US spelling query
|
2022-05-16 16:03:36 +01:00 |
|
Erik Krogh Kristensen
|
23981cb323
|
Merge pull request #7626 from erik-krogh/CWE-377
JS: add query for detecting insecure temporary files
|
2022-05-16 15:25:17 +02:00 |
|
github-actions[bot]
|
b7cbd8fd75
|
Post-release preparation for codeql-cli-2.9.2
|
2022-05-12 18:21:38 +00:00 |
|
Nick Rolfe
|
1115227f9d
|
Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling
|
2022-05-12 16:10:27 +01:00 |
|
Nick Rolfe
|
2ed42c327c
|
JS: fix typos in comments
|
2022-05-12 16:02:19 +01:00 |
|
Erik Krogh Kristensen
|
4bef451156
|
Merge pull request #9021 from erik-krogh/actions
JS: promote `js/actions/injection` out of experimental
|
2022-05-12 14:38:38 +02:00 |
|
Erik Krogh Kristensen
|
fef4455ccc
|
apply suggestion from doc review
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
|
2022-05-12 13:28:45 +02:00 |
|
github-actions[bot]
|
ee9980b31c
|
Release preparation for version 2.9.2
|
2022-05-12 10:17:28 +00:00 |
|
Erik Krogh Kristensen
|
53b26eba17
|
Merge pull request #8724 from erik-krogh/postMessage
JS: promote the `js/missing-origin-verification` query
|
2022-05-09 12:28:58 +02:00 |
|
Mathias Vorreiter Pedersen
|
176e40f139
|
Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1
Post-release preparation for codeql-cli-2.9.1
|
2022-05-06 13:15:17 +01:00 |
|
github-actions[bot]
|
1a25457178
|
Post-release preparation for codeql-cli-2.9.1
|
2022-05-05 19:05:50 +00:00 |
|
Erik Krogh Kristensen
|
58db9226dc
|
add missing word in qhelp
|
2022-05-05 14:24:45 +02:00 |
|
Erik Krogh Kristensen
|
2d7c7ff372
|
apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2022-05-05 13:03:35 +02:00 |
|
Erik Krogh Kristensen
|
0c0e280637
|
update the qhelp to mention that the GITHUB_TOKEN only sometimes has write-access
|
2022-05-05 12:12:29 +02:00 |
|
Erik Krogh Kristensen
|
c0152a46bc
|
rename getAReferencedExpression to getASimpleReferenceExpression and add examples of what it can parse
|
2022-05-05 11:02:47 +02:00 |
|
Erik Krogh Kristensen
|
1f00ba812a
|
move YAMLMappingLikeNode to the standard library
|
2022-05-05 10:22:52 +02:00 |
|
Erik Krogh Kristensen
|
8425eaf919
|
Merge pull request #8549 from erik-krogh/unreachableJoin
JS: fix bad join in js/unreachable-method-overloads
|
2022-05-04 16:28:06 +02:00 |
|
Erik Krogh Kristensen
|
8e2b00d209
|
make the big disjunctions more readable by using a set literal
|
2022-05-04 16:15:17 +02:00 |
|
Erik Krogh Kristensen
|
31a4de902e
|
add missing security severity
|
2022-05-04 16:15:17 +02:00 |
|
Erik Krogh Kristensen
|
d8cc82bdb1
|
add change-note
|
2022-05-04 16:14:59 +02:00 |
|
Erik Krogh Kristensen
|
df4bfef8c7
|
expand the qhelp for js/actions/injection
|
2022-05-04 16:14:59 +02:00 |
|
Erik Krogh Kristensen
|
48fb01f9f7
|
set js/actions/injection as a high precision warning query
|
2022-05-04 16:14:54 +02:00 |
|
Erik Krogh Kristensen
|
2a65d1d3ec
|
move js/actions/injection out of experimental
|
2022-05-04 16:14:19 +02:00 |
|
Erik Krogh Kristensen
|
bc470b89f1
|
leave a deprecated alias for Actions.qll
|
2022-05-04 16:14:19 +02:00 |
|