hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,645 Commits 1,671 Branches 157 Tags
redsun82/js-build
Commit Graph

4919 Commits

Author SHA1 Message Date
Napalys Klicius
3d9e2f5438 Merge pull request #19858 from Napalys/js/execa 
JS: moved `execa` out of experimental
 2025-06-25 10:34:52 +02:00
Asger F
d39b68cd41 Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries 
JS: Remove legacy actions queries
 2025-06-25 09:18:33 +02:00
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server 
JS: Model React 'use' and 'use server'
 2025-06-25 09:13:56 +02:00
Napalys Klicius
0902ca0605 JS: address copilot suggestions 2025-06-24 11:37:07 +02:00
Asger F
d428eaeef8 Merge pull request #19655 from GeekMasher/js-clientrests-axios 
JS: ClientRequests Axios Instance support
 2025-06-24 10:35:51 +02:00
Napalys Klicius
d05de1ba4e JS: moved execa test cases outside experimental 2025-06-24 09:08:13 +02:00
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Napalys Klicius
584b4f51aa JS: add false positive test cases for hostname regex detection 2025-06-23 20:25:10 +02:00
Asger F
61887beae0 JS: Add test case for false positive 2025-06-23 16:03:41 +02:00
Asger F
cc1a28ac7e JS: Add parameters of server functions as remote flow sources 2025-06-23 16:03:39 +02:00
Asger F
d9f4e4a90d JS: Add tests for functions with "use server" directive 2025-06-23 16:03:38 +02:00
Asger F
7dd7246cd4 JS: Update tests.expected 
Mostly noise due to renamed predicates and reordered result sets
 2025-06-23 16:03:35 +02:00
Asger F
180b023c7c JS: Add inline expectations to React test 2025-06-23 16:03:33 +02:00
Asger F
1787d4dce8 JS: Enable inline expectations in test 
Will update files in next commit
 2025-06-23 16:03:32 +02:00
Asger F
1a18e68364 JS: Remove reactLibraryRef 
This is not testing anything interesting, and is noisy when adding inline expectations
 2025-06-23 16:03:30 +02:00
Asger F
99fb6b62ad JS: Remove test_ prefix from query predicates 2025-06-23 16:03:29 +02:00
Asger F
8ff7182f3a JS: Move React test predicates into one file 2025-06-23 15:37:15 +02:00
Asger F
980d0f46fa JS: Add model for react 'use' 2025-06-23 15:27:21 +02:00
Asger F
768ccc6a54 JS: Add test for react 'use' function 2025-06-23 15:26:08 +02:00
Asger F
76b7228160 JS: Remove js/actions/command-injection 
Superseded by actions/command-injection/{medium,critical}
 2025-06-23 14:41:26 +02:00
Asger F
9dcb61e771 JS: Remove js/actions/actions-artifact-leak 
Superseded by actions/secrets-in-artifacts
 2025-06-23 14:39:28 +02:00
Asger F
3a00e8d1c5 JS: Remove js/actions/pull-request-target 
Superseded by actions/untrusted-checkout/{medium,high,critical}
 2025-06-23 14:37:21 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
bca536c5b6 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-20 11:30:20 +02:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
53cae4fa97 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-19 10:21:52 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Napalys Klicius
a96ea182c7 JS: add test cases for serialize-javascript with tainted object properties 2025-06-16 09:30:52 +02:00
Napalys Klicius
0906d85b39 Merge pull request #19726 from Napalys/js/quality/string_interpolation 
JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.
 2025-06-13 13:36:53 +02:00
Napalys Klicius
28ae39694f Merge pull request #19741 from Napalys/js/quality/suspicious_method_names 
JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.
 2025-06-12 15:30:13 +02:00
Napalys Klicius
66d66fe87d JS: fix false positives for splice with conditional index decrement 2025-06-12 14:51:10 +02:00
Napalys Klicius
7292a76ee4 JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting 2025-06-12 14:39:47 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Napalys Klicius
6811cad687 Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class 
JS: Promote `js/regex/duplicate-in-character-class` to quality
 2025-06-11 11:05:07 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00
Napalys Klicius
a0db250dc3 Update javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-10 12:50:07 +02:00
Napalys Klicius
42a880bf58 Improved test coverage for js/regex/duplicate-in-character-class 2025-06-10 11:07:22 +02:00
Napalys Klicius
c97da2eda5 Exclude expressions that are part of a conditional expression 2025-06-10 10:56:11 +02:00
Napalys Klicius
b7f7092ab3 Added test cases for better test coverage 2025-06-10 09:37:40 +02:00
Asger F
42f762a140 JS: Update test output now that 'satisfies' is a SourceNode 2025-06-09 16:22:30 +02:00
Mathew Payne
9d23677024 Merge branch 'main' into js-clientrests-axios 2025-06-09 14:18:54 +01:00