codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Arthur Baars	5d3ec35e29	Remove non-breaking spaces from code	2025-09-05 09:41:15 +02:00
Michael Nebel	8009ddebce	Merge pull request #20329 from michaelnebel/javascript/ql4ql JS: Fix some Ql4Ql violations.	2025-09-04 13:01:37 +02:00
Napalys Klicius	8fc81f4263	Merge branch 'main' into js/remote-property-injection-update	2025-09-03 14:02:19 +02:00
Michael Nebel	8b10ad49d7	JS: Fix some Ql4Ql violations.	2025-09-01 15:17:53 +02:00
Asger F	0d0eaa21a1	Merge pull request #20302 from asgerf/js/simpler-locations JS: Remove synthetic locations	2025-09-01 09:46:13 +02:00
Asger F	cc8fe10801	JS: Update locations in expected files	2025-08-29 12:03:11 +02:00
Napalys Klicius	bafe22c50c	Merge pull request #20048 from Napalys/js/xml_bomb_sinks JS: Exclude patched libraries from `xml-bomb` sink	2025-08-29 08:10:55 +02:00
Napalys Klicius	32606584ea	JS: add enumeration taint flow to Remote Property Injection query	2025-08-27 10:23:03 +00:00
Napalys Klicius	c39c04cb86	JS: added new test case for remote prop injection via `Object.keys`	2025-08-27 10:20:57 +00:00
Napalys Klicius	10c10c7d30	JS: fixed typo in folder name	2025-08-27 10:17:39 +00:00
Napalys Klicius	b19d1e0f57	Merge pull request #20151 from Napalys/js/command-line-libs JS: Enhance command injection detection for CLI argument parsing libraries	2025-08-18 09:32:29 +02:00
Napalys Klicius	b2346183d6	Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model JS: Exclude environment variables from `js/regex-injection` query by default	2025-08-18 09:32:15 +02:00
Tom Hvitved	eb3c054b0f	JS: Generate legacy flow steps for all flow summaries	2025-08-06 09:38:49 +02:00
Napalys Klicius	ae4077db72	add taint flow for arg/command-line-args with custom argv option	2025-08-01 13:34:08 +02:00
Napalys Klicius	d6508f34b6	Add taint flow for Commander.js direct property access and action callbacks	2025-08-01 13:24:19 +02:00
Napalys Klicius	39170f327c	Added couple more test cases for commander js	2025-08-01 13:14:39 +02:00
Napalys Klicius	6b4e34dd39	Added a step from parse to opts for commander js	2025-08-01 13:12:43 +02:00
Napalys Klicius	e980798ede	Added step through yargs/yargs constructor and chained methods.	2025-08-01 12:01:30 +02:00
Napalys Klicius	e8eb9be3f6	Add command injection tests for CLI argument parsing libraries	2025-08-01 11:02:59 +02:00
Napalys Klicius	d28a6e6352	Added new test cases for regexp injection with enviromental variable threat model enabled	2025-07-31 13:20:37 +02:00
Napalys Klicius	8583257574	Created new folder for test with threat models disabled	2025-07-31 13:20:30 +02:00
Napalys Klicius	5f538209c9	Exlucde environmental variables from default detection in regexp injection	2025-07-31 12:09:30 +02:00
Napalys Klicius	1851deb929	Removed `libxmljs` from being marked as `sink` for `xml-bomb`.	2025-07-15 09:33:11 +02:00
Asger F	47a90c8b32	Merge branch 'main' into js/no-type-extraction	2025-07-02 13:18:05 +02:00
Asger F	7c38c48fd7	Merge pull request #19769 from trailofbits/VF/Nest-improvements Improve NestJS sources and dependency injection	2025-06-30 10:42:18 +02:00
Asger F	3247babfa5	Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements Improve TypeORM model	2025-06-30 10:40:38 +02:00
Asger F	c8b2674206	JS: Add support for index expressions	2025-06-25 14:31:22 +02:00
Asger F	b1d4776b17	JS: Handle name resolution through dynamic imports	2025-06-25 14:31:20 +02:00
Asger F	7cc248703a	JS: Add test for dynamic imports	2025-06-25 14:31:17 +02:00
Napalys Klicius	3d9e2f5438	Merge pull request #19858 from Napalys/js/execa JS: moved `execa` out of experimental	2025-06-25 10:34:52 +02:00
Asger F	d39b68cd41	Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries JS: Remove legacy actions queries	2025-06-25 09:18:33 +02:00
Asger F	853fc1a7cf	Merge pull request #19852 from asgerf/js/react-use-server JS: Model React 'use' and 'use server'	2025-06-25 09:13:56 +02:00
Napalys Klicius	0902ca0605	JS: address copilot suggestions	2025-06-24 11:37:07 +02:00
Asger F	d428eaeef8	Merge pull request #19655 from GeekMasher/js-clientrests-axios JS: ClientRequests Axios Instance support	2025-06-24 10:35:51 +02:00
Napalys Klicius	d05de1ba4e	JS: moved `execa` test cases outside experimental	2025-06-24 09:08:13 +02:00
Napalys Klicius	ef51ab172f	JS: exclude `sinon` module from regexp match calls	2025-06-23 20:25:17 +02:00
Napalys Klicius	584b4f51aa	JS: add false positive test cases for hostname regex detection	2025-06-23 20:25:10 +02:00
Asger F	61887beae0	JS: Add test case for false positive	2025-06-23 16:03:41 +02:00
Asger F	cc1a28ac7e	JS: Add parameters of server functions as remote flow sources	2025-06-23 16:03:39 +02:00
Asger F	d9f4e4a90d	JS: Add tests for functions with "use server" directive	2025-06-23 16:03:38 +02:00
Asger F	7dd7246cd4	JS: Update tests.expected Mostly noise due to renamed predicates and reordered result sets	2025-06-23 16:03:35 +02:00
Asger F	180b023c7c	JS: Add inline expectations to React test	2025-06-23 16:03:33 +02:00
Asger F	1787d4dce8	JS: Enable inline expectations in test Will update files in next commit	2025-06-23 16:03:32 +02:00
Asger F	1a18e68364	JS: Remove reactLibraryRef This is not testing anything interesting, and is noisy when adding inline expectations	2025-06-23 16:03:30 +02:00
Asger F	99fb6b62ad	JS: Remove test_ prefix from query predicates	2025-06-23 16:03:29 +02:00
Asger F	8ff7182f3a	JS: Move React test predicates into one file	2025-06-23 15:37:15 +02:00
Asger F	980d0f46fa	JS: Add model for react 'use'	2025-06-23 15:27:21 +02:00
Asger F	768ccc6a54	JS: Add test for react 'use' function	2025-06-23 15:26:08 +02:00
Asger F	76b7228160	JS: Remove js/actions/command-injection Superseded by actions/command-injection/{medium,critical}	2025-06-23 14:41:26 +02:00
Asger F	9dcb61e771	JS: Remove js/actions/actions-artifact-leak Superseded by actions/secrets-in-artifacts	2025-06-23 14:39:28 +02:00

1 2 3 4 5 ...

4958 Commits