hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,280 Commits 1,671 Branches 157 Tags
oscarsj/test-cpp-internal-checks
Commit Graph

11276 Commits

Author SHA1 Message Date
Napalys
23fdc3534f Added test case @apollo/server with SSRF. 2025-03-19 13:34:27 +01:00
Asger F
1324c11044 Merge pull request #19012 from asgerf/js/api-graph-array-element 
JS: Make API graphs use steps from summaries
 2025-03-18 18:03:43 +01:00
Napalys
922a07d01e Added underscore.string clearsContent. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-18 12:58:19 +01:00
Asger F
53ba588993 JS: Use ArrayElement instead of AnyMember 
The use of AnyMember was a workaround until the bugfix in this PR landed.
 2025-03-18 09:26:02 +01:00
Napalys
8b431dc0e7 Added change note. 2025-03-17 19:10:12 +01:00
Napalys
2c7562d875 Removed value from modeling its return value as Wrapper class, since it return simple string. 2025-03-17 19:08:43 +01:00
Napalys
d8e6d76b0e Added modeling for tap function. 2025-03-17 19:07:02 +01:00
Napalys
eb18c3ce24 Added test case for tap. 2025-03-17 18:36:23 +01:00
Napalys
fc6b779a4b Added modeling for aliases. 2025-03-17 18:33:14 +01:00
Napalys
dcc1e88d08 Added test cases for aliases. 2025-03-17 18:23:46 +01:00
Napalys
3a83c8d1fd Added modeling for extra chaining function from underscore.string. 2025-03-17 18:06:26 +01:00
Napalys
cccd863a96 Added test for extra chaining function for underscore.string. 2025-03-17 18:05:49 +01:00
Napalys
ca9ae8a58d Added chaining modeling for underscore.string package. 2025-03-17 14:46:07 +01:00
Napalys
25c6fb59df Added chaining tests for underscore.string package. 2025-03-17 14:46:06 +01:00
Napalys
b59b9c86e4 Added modeling underscore.string of function which contain multiple sources points. 2025-03-17 14:46:01 +01:00
github-actions[bot]
51cdeefafb Post-release preparation for codeql-cli-2.20.7 2025-03-17 13:00:41 +00:00
Asger F
1516029cf5 JS: Avoid generating ArrayElement edges for extend-like patterns 2025-03-17 13:48:27 +01:00
Asger F
125e732c4c JS: Fix bad join order 2025-03-17 13:44:33 +01:00
github-actions[bot]
2d64a618e6 Release preparation for version 2.20.7 2025-03-17 12:15:54 +00:00
Napalys
77e1e171e1 Added test cases underscore.string with multiple sources. 2025-03-17 12:58:53 +01:00
Napalys
6b105b2f49 Added modeling underscore.string array to string functions. 2025-03-17 12:55:53 +01:00
Napalys
cd40b6f125 Added test cases underscore.string array to string. 2025-03-17 12:53:53 +01:00
Napalys
30623cd953 Added modeling of underscore.string for str to array. 2025-03-17 12:52:56 +01:00
Napalys
c256b9c336 Added underscore.string test cases for str to array. 2025-03-17 12:51:48 +01:00
Napalys
9bca863e38 Added modeling of underscore.string string to string functions. 2025-03-17 12:50:41 +01:00
Napalys
e8b233f086 Added test cases underscore.string string to string. 2025-03-17 12:48:41 +01:00
Napalys Klicius
749a0560b4 Merge pull request #19027 from Napalys/js/escape 
JS: Add support for `escape`
 2025-03-17 10:48:44 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Napalys Klicius
9134f79fd2 Merge pull request #18984 from Napalys/js/extractor_error_handler 
JS: Extractor handle error instead of exiting.
 2025-03-17 10:11:26 +01:00
Asger F
cd3909245d JS: Bugfix in Array constructor summary 2025-03-14 23:08:22 +01:00
Asger F
fe1bdf2468 JS: Update a test 2025-03-14 23:08:20 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Asger F
4c1c0b79a6 JS: Make API-graphs use Content internally, and use steps from flow summaries 2025-03-14 23:08:16 +01:00
Asger F
cc95c77cbc JS: Add failing test 2025-03-14 23:04:10 +01:00
Napalys
c93be70053 Rename validation methods for type expressions and added recursive call for type validation. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 14:58:27 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Napalys
4c77ee2f4f Added change note. 2025-03-14 14:27:14 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys
d40ef0ddae Changed from taint to value steps. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 13:48:15 +01:00
Napalys
1468e81c55 Ensure interface extends valid expr. 2025-03-14 13:41:37 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Napalys
c4b717b86c Added test case for escape. 2025-03-14 11:40:23 +01:00
Napalys
66737402c2 Updated test ouput with fixes from main. 2025-03-14 10:50:10 +01:00
Napalys Klicius
908f48a22f Merge branch 'main' into js/vue_tanstack_model 2025-03-14 10:45:42 +01:00
Asger F
9a8cb1a55b Merge pull request #19007 from asgerf/js/api-graph-awaited-return 
JS: Fix bug in API graphs getPromised() missing async function returns
 2025-03-14 10:36:16 +01:00
Napalys
0df2069575 Added change note. 2025-03-13 13:47:46 +01:00
Napalys
de5c7efd63 Added test case for unescape. 2025-03-13 13:47:42 +01:00
Asger F
08ee51cbc4 JS: Move some promise-related store steps into PromiseFlow::storeStep 
API graphs calls PromiseFlow::storeStep to propagate promises, which means it missed a store steps added elsewhere in the old promise library model.

We want API graphs to rely on type-tracking steps in general, like in Ruby, but for now just fixing the bug.
 2025-03-13 12:53:04 +01:00
Napalys
5dff23de6b Added change note. 2025-03-13 12:45:27 +01:00