hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,879 Commits 1,670 Branches 157 Tags
main
Commit Graph

11950 Commits

Author SHA1 Message Date
Arthur Baars
0bb7fdccf6 Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 
Post-release preparation for codeql-cli-2.23.0
 2025-09-02 14:14:03 +02:00
Anders Schack-Mulligen
f833fe0e6e Merge pull request #20300 from aschackmull/cfg/successortype 
Shared: Add a shared SuccessorType implementation
 2025-09-02 14:09:35 +02:00
Michael Nebel
7490d8ddd2 Shared and Sync: Fix some Ql4Ql violations. 2025-09-02 13:54:22 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Asger F
19fa29d527 Merge pull request #20307 from asgerf/js/overlay-extract-and-discard-only 
JS: Add overlay support to extractor
 2025-09-02 11:24:11 +02:00
Henry Mercer
d71991fdc0 Merge pull request #20320 from github/henrymercer/default-queries 
Specify default queries in `codeql-extractor.yml`
 2025-09-01 15:52:47 +01:00
Michael Nebel
8b10ad49d7 JS: Fix some Ql4Ql violations. 2025-09-01 15:17:53 +02:00
Anders Schack-Mulligen
144e34c669 Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs. 2025-09-01 13:43:32 +02:00
Asger F
45b8158fe5 JS: Remove totalorder() 
This was once as input to the shared data flow library, but has since been removed from the input signature.
 2025-09-01 13:39:54 +02:00
Asger F
ca393a9afe JS: Do not override AST methods in React model 2025-09-01 12:57:06 +02:00
Anders Schack-Mulligen
09b2c5abf0 BasicBlock: Replace entryBlock predicate with subclass. 2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen
f459ddc40a Languages: Adapt to api changes. 2025-09-01 11:26:33 +02:00
Anders Schack-Mulligen
bb3abc815f SSA: Update input to use member predicates. 2025-09-01 11:19:48 +02:00
Asger F
67a1c2ffef Update javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-01 10:20:17 +02:00
Asger F
0d0eaa21a1 Merge pull request #20302 from asgerf/js/simpler-locations 
JS: Remove synthetic locations
 2025-09-01 09:46:13 +02:00
Henry Mercer
55869f28c3 Specify default queries in codeql-extractor.yml 2025-08-29 17:34:45 +01:00
Asger F
57b4534d30 JS: Avoid overriding Expr predicates in xUnit.qll 2025-08-29 13:06:05 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Asger F
d117c52d2f JS: Use the LHS as the location for SsaExplicitDefinition 2025-08-28 11:35:15 +02:00
Asger F
4437f47a7b Merge pull request #20297 from asgerf/js/simpler-summary-pruning 
JS: Change pruning to not rely on Import
 2025-08-28 11:20:14 +02:00
Napalys Klicius
e0916c8750 JS: add change note 2025-08-27 10:32:45 +00:00
Napalys Klicius
32606584ea JS: add enumeration taint flow to Remote Property Injection query 2025-08-27 10:23:03 +00:00
Napalys Klicius
c39c04cb86 JS: added new test case for remote prop injection via Object.keys 2025-08-27 10:20:57 +00:00
Napalys Klicius
10c10c7d30 JS: fixed typo in folder name 2025-08-27 10:17:39 +00:00
Asger F
4a687a1222 JS: Add deprecated alias 
The old DbLocation class was public, hence the alias
 2025-08-27 11:21:18 +02:00
Asger F
dcf63fc434 JS: Remove synthetic locations 2025-08-27 11:20:24 +02:00
Asger F
be32579cab JS: Change pruning to not rely on Import 2025-08-27 10:44:23 +02:00
Asger F
6783456213 JS: Add discard predicates 2025-08-19 09:20:00 +02:00
Asger F
ba585b8af5 JS: Add upgrade/downgrade scripts 2025-08-19 09:19:58 +02:00
Asger F
30baf0acec JS: Add overlayChangedFiles 2025-08-19 09:19:57 +02:00
Asger F
c1df8a95cb JS: Overlay extraction support 2025-08-19 09:19:55 +02:00
Asger F
6872f51725 JS: Add metadata to dbscheme and stats 2025-08-19 09:19:54 +02:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
b2346183d6 Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model 
JS: Exclude environment variables from `js/regex-injection` query by default
 2025-08-18 09:32:15 +02:00
Tom Hvitved
874f951727 Merge pull request #20172 from hvitved/shared/concepts-final-aliases 
Shared: Use `final` aliases in `ConcentsShared.qll`
 2025-08-11 10:14:55 +02:00
Tom Hvitved
eb3c054b0f JS: Generate legacy flow steps for all flow summaries 2025-08-06 09:38:49 +02:00
Tom Hvitved
11dcd90435 Shared: Use final aliases in ConcentsShared.qll 2025-08-05 14:53:52 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
Napalys Klicius
881ea7631e Added change note 2025-08-01 14:34:25 +02:00
Napalys Klicius
ae4077db72 add taint flow for arg/command-line-args with custom argv option 2025-08-01 13:34:08 +02:00
Napalys Klicius
d6508f34b6 Add taint flow for Commander.js direct property access and action callbacks 2025-08-01 13:24:19 +02:00
Napalys Klicius
39170f327c Added couple more test cases for commander js 2025-08-01 13:14:39 +02:00
Napalys Klicius
6b4e34dd39 Added a step from parse to opts for commander js 2025-08-01 13:12:43 +02:00
Napalys Klicius
e980798ede Added step through yargs/yargs constructor and chained methods. 2025-08-01 12:01:30 +02:00
Napalys Klicius
e8eb9be3f6 Add command injection tests for CLI argument parsing libraries 2025-08-01 11:02:59 +02:00