codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Napalys Klicius	d3d608fa33	Updated query description and added a sanitizer	2025-09-04 13:16:37 +00:00
Napalys Klicius	4dac80a998	Replace complex wrapper classes with MaD	2025-09-04 12:19:22 +00:00
Napalys Klicius	95743d7109	Added inline test expectations for cors permissive config	2025-07-30 10:42:55 +00:00
Napalys Klicius	358617f533	Move CORS misconfiguration query from experimental to Security	2025-07-30 10:22:59 +00:00
Asger F	47a90c8b32	Merge branch 'main' into js/no-type-extraction	2025-07-02 13:18:05 +02:00
Asger F	7c38c48fd7	Merge pull request #19769 from trailofbits/VF/Nest-improvements Improve NestJS sources and dependency injection	2025-06-30 10:42:18 +02:00
Asger F	3247babfa5	Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements Improve TypeORM model	2025-06-30 10:40:38 +02:00
Asger F	c8b2674206	JS: Add support for index expressions	2025-06-25 14:31:22 +02:00
Asger F	b1d4776b17	JS: Handle name resolution through dynamic imports	2025-06-25 14:31:20 +02:00
Asger F	7cc248703a	JS: Add test for dynamic imports	2025-06-25 14:31:17 +02:00
Napalys Klicius	3d9e2f5438	Merge pull request #19858 from Napalys/js/execa JS: moved `execa` out of experimental	2025-06-25 10:34:52 +02:00
Asger F	d39b68cd41	Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries JS: Remove legacy actions queries	2025-06-25 09:18:33 +02:00
Asger F	853fc1a7cf	Merge pull request #19852 from asgerf/js/react-use-server JS: Model React 'use' and 'use server'	2025-06-25 09:13:56 +02:00
Napalys Klicius	0902ca0605	JS: address copilot suggestions	2025-06-24 11:37:07 +02:00
Asger F	d428eaeef8	Merge pull request #19655 from GeekMasher/js-clientrests-axios JS: ClientRequests Axios Instance support	2025-06-24 10:35:51 +02:00
Napalys Klicius	d05de1ba4e	JS: moved `execa` test cases outside experimental	2025-06-24 09:08:13 +02:00
Napalys Klicius	ef51ab172f	JS: exclude `sinon` module from regexp match calls	2025-06-23 20:25:17 +02:00
Napalys Klicius	584b4f51aa	JS: add false positive test cases for hostname regex detection	2025-06-23 20:25:10 +02:00
Asger F	61887beae0	JS: Add test case for false positive	2025-06-23 16:03:41 +02:00
Asger F	cc1a28ac7e	JS: Add parameters of server functions as remote flow sources	2025-06-23 16:03:39 +02:00
Asger F	d9f4e4a90d	JS: Add tests for functions with "use server" directive	2025-06-23 16:03:38 +02:00
Asger F	7dd7246cd4	JS: Update tests.expected Mostly noise due to renamed predicates and reordered result sets	2025-06-23 16:03:35 +02:00
Asger F	180b023c7c	JS: Add inline expectations to React test	2025-06-23 16:03:33 +02:00
Asger F	1787d4dce8	JS: Enable inline expectations in test Will update files in next commit	2025-06-23 16:03:32 +02:00
Asger F	1a18e68364	JS: Remove reactLibraryRef This is not testing anything interesting, and is noisy when adding inline expectations	2025-06-23 16:03:30 +02:00
Asger F	99fb6b62ad	JS: Remove test_ prefix from query predicates	2025-06-23 16:03:29 +02:00
Asger F	8ff7182f3a	JS: Move React test predicates into one file	2025-06-23 15:37:15 +02:00
Asger F	980d0f46fa	JS: Add model for react 'use'	2025-06-23 15:27:21 +02:00
Asger F	768ccc6a54	JS: Add test for react 'use' function	2025-06-23 15:26:08 +02:00
Asger F	76b7228160	JS: Remove js/actions/command-injection Superseded by actions/command-injection/{medium,critical}	2025-06-23 14:41:26 +02:00
Asger F	9dcb61e771	JS: Remove js/actions/actions-artifact-leak Superseded by actions/secrets-in-artifacts	2025-06-23 14:39:28 +02:00
Asger F	3a00e8d1c5	JS: Remove js/actions/pull-request-target Superseded by actions/untrusted-checkout/{medium,high,critical}	2025-06-23 14:37:21 +02:00
Asger F	f5f12c2f81	JS: Delete or simplify TypeScript type-specific tests	2025-06-23 12:55:15 +02:00
Asger F	fb92d9b034	JS: Update type usage in UnreachableMethodOverloads This query depended on the cons-hashing performed by type extraction to determine if two types are the same. This is not trivial to restore, but not important enough to reimplement right now, so for now just simplifying the query's ability to recognise that two types are the same.	2025-06-23 12:55:06 +02:00
Asger F	b71d09630a	JS: Update type usage in Electron model	2025-06-23 12:55:03 +02:00
Napalys Klicius	3fbe348f99	Merge pull request #19784 from Napalys/js/express_middleware JS: Improve Express middleware taint tracking	2025-06-20 15:36:26 +02:00
Napalys Klicius	bca536c5b6	Merge remote-tracking branch 'origin/main' into js/quality/loop_shift	2025-06-20 11:30:20 +02:00
Napalys Klicius	f80651e78a	Merge pull request #19750 from Napalys/js/remove_encodeURI JS: remove `encodeURI` from sanitizer list of request forgery	2025-06-19 14:12:52 +02:00
Napalys Klicius	53cae4fa97	Merge remote-tracking branch 'origin/main' into js/quality/loop_shift	2025-06-19 10:21:52 +02:00
Napalys Klicius	060b98d36c	JS: enchance middleware taint tracking via local source	2025-06-17 08:30:19 +02:00
Napalys Klicius	da21a064ac	JS: add `_parsedUrl` as remote input source	2025-06-16 16:28:30 +02:00
Napalys Klicius	67aac7abfa	JS: add test cases for middleware property assignment tracking	2025-06-16 16:26:08 +02:00
Napalys Klicius	bdbc49c63f	JS: Removed `encodeURI` from request forgery sanitizer list	2025-06-16 13:08:11 +02:00
Napalys Klicius	deb715a517	JS: Add test case with `encodeURI` for request forgery	2025-06-16 10:49:29 +02:00
Napalys Klicius	5a107ec33b	JS: track taint through `serialize-javascript` calls with object arguments	2025-06-16 10:38:20 +02:00
Napalys Klicius	a96ea182c7	JS: add test cases for `serialize-javascript` with tainted object properties	2025-06-16 09:30:52 +02:00
Vasco-jofra	e2eca5bbff	Update test.expected	2025-06-15 12:12:12 +02:00
Vasco-jofra	6920430073	Improve dependency injection through import function calls	2025-06-15 00:47:34 +02:00
Vasco-jofra	477f32c7ff	NestJS dependency injection support useValue provider	2025-06-15 00:21:38 +02:00
Vasco-jofra	2b143c86ac	NestJS dependency Injection support useFactory provider	2025-06-15 00:09:07 +02:00

1 2 3 4 5 ...

4939 Commits