10774 Commits

Author	SHA1	Message	Date
github-actions[bot]	42e3d31c49	Post-release preparation for codeql-cli-2.22.4	2025-08-18 14:42:42 +00:00
github-actions[bot]	90d29994c8	Release preparation for version 2.22.4	2025-08-18 14:06:09 +00:00
Napalys Klicius	b19d1e0f57	Merge pull request #20151 from Napalys/js/command-line-libs ... JS: Enhance command injection detection for CLI argument parsing libraries	2025-08-18 09:32:29 +02:00
Napalys Klicius	b2346183d6	Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model ... JS: Exclude environment variables from `js/regex-injection` query by default	2025-08-18 09:32:15 +02:00
Tom Hvitved	874f951727	Merge pull request #20172 from hvitved/shared/concepts-final-aliases ... Shared: Use `final` aliases in `ConcentsShared.qll`	2025-08-11 10:14:55 +02:00
Tom Hvitved	eb3c054b0f	JS: Generate legacy flow steps for all flow summaries	2025-08-06 09:38:49 +02:00
Tom Hvitved	11dcd90435	Shared: Use final aliases in ConcentsShared.qll	2025-08-05 14:53:52 +02:00
github-actions[bot]	fb4b0aac53	Post-release preparation for codeql-cli-2.22.3	2025-08-04 17:18:08 +00:00
github-actions[bot]	fd82aeb1f8	Release preparation for version 2.22.3	2025-08-04 15:47:57 +00:00
Napalys Klicius	881ea7631e	Added change note	2025-08-01 14:34:25 +02:00
Napalys Klicius	ae4077db72	add taint flow for arg/command-line-args with custom argv option	2025-08-01 13:34:08 +02:00
Napalys Klicius	d6508f34b6	Add taint flow for Commander.js direct property access and action callbacks	2025-08-01 13:24:19 +02:00
Napalys Klicius	39170f327c	Added couple more test cases for commander js	2025-08-01 13:14:39 +02:00
Napalys Klicius	6b4e34dd39	Added a step from parse to opts for commander js	2025-08-01 13:12:43 +02:00
Napalys Klicius	e980798ede	Added step through yargs/yargs constructor and chained methods.	2025-08-01 12:01:30 +02:00
Napalys Klicius	e8eb9be3f6	Add command injection tests for CLI argument parsing libraries	2025-08-01 11:02:59 +02:00
Napalys Klicius	3f9061abdb	Added change note	2025-07-31 13:20:38 +02:00
Napalys Klicius	d28a6e6352	Added new test cases for regexp injection with enviromental variable threat model enabled	2025-07-31 13:20:37 +02:00
Napalys Klicius	8583257574	Created new folder for test with threat models disabled	2025-07-31 13:20:30 +02:00
Napalys Klicius	5f538209c9	Exlucde environmental variables from default detection in regexp injection	2025-07-31 12:09:30 +02:00
Anders Schack-Mulligen	3b8234ecec	SSA: Update data flow integration and BarrierGuard interface to use GuardValue.	2025-07-28 11:29:12 +02:00
Geoffrey White	4f6b698ca3	Merge branch 'main' into moresensitive2	2025-07-23 08:50:25 +01:00
github-actions[bot]	37cc78255a	Post-release preparation for codeql-cli-2.22.2	2025-07-22 14:22:20 +00:00
github-actions[bot]	997547b8ef	Release preparation for version 2.22.2	2025-07-22 14:04:14 +00:00
Nick Rolfe	825c813095	Revert "Release preparation for version 2.22.2"	2025-07-22 14:33:45 +01:00
github-actions[bot]	c8632b70b7	Release preparation for version 2.22.2	2025-07-21 16:45:45 +00:00
Nick Rolfe	ad9b637bec	Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" ... This reverts commit e5b4a15e35, reversing changes made to 33e63109bb.	2025-07-21 15:18:59 +01:00
Michael Nebel	2f29459cda	Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck ... Ql4ql: Quality query tagging.	2025-07-17 14:53:14 +02:00
Jeroen Ketema	acc66c7b58	Merge pull request #19984 from jketema/jketema/sec-shared ... Make a proper shared library out of the concept related libraries	2025-07-17 13:25:33 +02:00
Jeroen Ketema	1990438376	JS: Fix import ... The import should not have been private, because we want users to still be able to import this file and have access to the crypto algorithms.	2025-07-16 14:41:50 +02:00
Jeroen Ketema	cbde11ddc9	Properly share ConceptsShared.qll	2025-07-14 16:30:45 +02:00
Geoffrey White	30c6082b5d	Sync identical files.	2025-07-14 11:45:34 +01:00
Jeroen Ketema	f07d8ee493	Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames	2025-07-14 11:39:06 +02:00
Jeroen Ketema	f4ba2e1fd0	Properly share CryptoAlgorithms and CryptoAlgorithmNames	2025-07-14 11:39:00 +02:00
Jeroen Ketema	c582a9ccd6	Remove duplicate copies of SensitiveDataHeuristics	2025-07-14 11:38:52 +02:00
Jeroen Ketema	8b828cecf1	Use shared SensitiveDataHeuristics	2025-07-14 11:38:47 +02:00
Taus	2f822cb0cd	JavaScript: Add change note	2025-07-11 13:32:35 +00:00
Geoffrey White	8f6f9f4359	Add change notes.	2025-07-11 11:54:59 +01:00
Geoffrey White	123458fd21	Sync identical files.	2025-07-10 18:10:24 +01:00
github-actions[bot]	24a0ac1223	Post-release preparation for codeql-cli-2.22.2	2025-07-07 18:15:04 +00:00
github-actions[bot]	f12daefabe	Release preparation for version 2.22.2	2025-07-07 14:00:26 +00:00
Michael Nebel	aefd941135	Java/Javascript: Fix violations.	2025-07-03 11:56:33 +02:00
Asger F	98319ce2ad	Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2025-07-03 08:44:33 +02:00
Asger F	d85838477e	JS: Update Nest model ... An external contribution added more uses of the now-deprecated getType() predicate while this PR was open.	2025-07-02 14:11:31 +02:00
Asger F	47a90c8b32	Merge branch 'main' into js/no-type-extraction	2025-07-02 13:18:05 +02:00
Michael Nebel	233b54c7fa	Merge pull request #19891 from michaelnebel/michaelnebel/freezemoresuites ... Go/Ruby/Python: Freeze quality queries in `security-and-quality`.	2025-07-01 09:04:19 +02:00
Asger F	7c38c48fd7	Merge pull request #19769 from trailofbits/VF/Nest-improvements ... Improve NestJS sources and dependency injection	2025-06-30 10:42:18 +02:00
Asger F	3247babfa5	Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements ... Improve TypeORM model	2025-06-30 10:40:38 +02:00
Michael Nebel	145ada53f2	C#/Java/JavaScript: Re-factor query suites to use the new selector.	2025-06-26 14:19:27 +02:00
Vasco-jofra	8a7516528d	Update formatting	2025-06-26 09:29:07 +02:00