hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,880 Commits 1,672 Branches 157 Tags
redsun82/codegen-readme
Commit Graph

6371 Commits

Author SHA1 Message Date
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Sid Shankar
59098be8c4 Merge branch 'main' into change/adjust-extracted-files-diagnostics 2024-01-16 21:51:41 -05:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Erik Krogh Kristensen
d782bd9b1f Merge pull request #13624 from jorgectf/seclab/dotjs 
JS: Add `dot.js` support
 2024-01-11 14:57:19 +01:00
maikypedia
78e7793e01 Move to experimental 2024-01-09 01:11:58 +01:00
Sid Shankar
e30a0d1e83 JS: Report any extracted file as successfully extracted 2024-01-08 22:19:33 +00:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
Jorge
f8cfd698fa Merge branch 'main' into seclab/dotjs 2023-12-19 10:44:52 +01:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Jorge
b81fbd7669 Add change note 2023-12-18 12:55:30 +01:00
Maiky
191766a47b Use config.getCorsConfiguration().getOrigin()) 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-18 12:38:39 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
amammad
18d0b28024 v1 2023-12-10 20:27:21 +01:00
erik-krogh
e8f9e366d5 remove redundant imports for JS 2023-12-08 16:56:54 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
amammad
1547cd0546 added inline tests, move to experimental dir 2023-12-05 18:59:46 +01:00
Felicity Chapman
4cb2f53223 Remove unwanted period from query name 
Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name
 2023-11-30 14:31:17 +00:00
Rafael
0a74a3a765 Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael
0b0c9e3e48 Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael
286e3951bf Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
amammad
48a9b107b9 add query to detect strapi CVe too 2023-11-24 10:47:17 +01:00
Maiky
4ef4c92e2c Move Customizations and Query 2023-11-23 21:29:09 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
erik-krogh
dd1e71ace9 update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
amammad
5cc4206e00 add a temporary Query file to demonstrate unsuccessful usage of two DataFlow configs 2023-11-22 08:30:59 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
Max Schaefer
2c5ce3216e Merge pull request #14846 from github/max-schaefer/js/path-injection 
Update qhelp for js/path-injection.
 2023-11-21 13:50:41 +00:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
0652afced3 update tests, updated qldoc and examples, upgrade all libraries to path-problem, update jsonwebtoken source and sinks 2023-11-07 08:25:25 +01:00
amammad
faa483a282 move to CWE-347, update comments of tests 2023-11-02 16:24:58 +01:00
amammad
9da815a5c0 move to new CWE-321 directory, make saparate query files for each JWT pkg, create a path query for jsonwebtoken package which is not work correctly 2023-11-02 14:13:52 +01:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
erik-krogh
cf958f0828 lower the severity of js/identity-replacement to medium 2023-10-27 13:54:17 +02:00