hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,645 Commits 1,671 Branches 157 Tags
redsun82/js-build
Commit Graph

2629 Commits

Author SHA1 Message Date
Napalys Klicius
3d9e2f5438 Merge pull request #19858 from Napalys/js/execa 
JS: moved `execa` out of experimental
 2025-06-25 10:34:52 +02:00
Asger F
d39b68cd41 Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries 
JS: Remove legacy actions queries
 2025-06-25 09:18:33 +02:00
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server 
JS: Model React 'use' and 'use server'
 2025-06-25 09:13:56 +02:00
Napalys Klicius
0902ca0605 JS: address copilot suggestions 2025-06-24 11:37:07 +02:00
Napalys Klicius
d05de1ba4e JS: moved execa test cases outside experimental 2025-06-24 09:08:13 +02:00
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Napalys Klicius
584b4f51aa JS: add false positive test cases for hostname regex detection 2025-06-23 20:25:10 +02:00
Asger F
61887beae0 JS: Add test case for false positive 2025-06-23 16:03:41 +02:00
Asger F
76b7228160 JS: Remove js/actions/command-injection 
Superseded by actions/command-injection/{medium,critical}
 2025-06-23 14:41:26 +02:00
Asger F
9dcb61e771 JS: Remove js/actions/actions-artifact-leak 
Superseded by actions/secrets-in-artifacts
 2025-06-23 14:39:28 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
bca536c5b6 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-20 11:30:20 +02:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
53cae4fa97 Merge remote-tracking branch 'origin/main' into js/quality/loop_shift 2025-06-19 10:21:52 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Napalys Klicius
a96ea182c7 JS: add test cases for serialize-javascript with tainted object properties 2025-06-16 09:30:52 +02:00
Napalys Klicius
0906d85b39 Merge pull request #19726 from Napalys/js/quality/string_interpolation 
JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.
 2025-06-13 13:36:53 +02:00
Napalys Klicius
28ae39694f Merge pull request #19741 from Napalys/js/quality/suspicious_method_names 
JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.
 2025-06-12 15:30:13 +02:00
Napalys Klicius
66d66fe87d JS: fix false positives for splice with conditional index decrement 2025-06-12 14:51:10 +02:00
Napalys Klicius
7292a76ee4 JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting 2025-06-12 14:39:47 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Napalys Klicius
6811cad687 Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class 
JS: Promote `js/regex/duplicate-in-character-class` to quality
 2025-06-11 11:05:07 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00
Napalys Klicius
a0db250dc3 Update javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-10 12:50:07 +02:00
Napalys Klicius
42a880bf58 Improved test coverage for js/regex/duplicate-in-character-class 2025-06-10 11:07:22 +02:00
Napalys Klicius
c97da2eda5 Exclude expressions that are part of a conditional expression 2025-06-10 10:56:11 +02:00
Napalys Klicius
b7f7092ab3 Added test cases for better test coverage 2025-06-10 09:37:40 +02:00
Asger F
691fdb106e JS: Nicer jump-to-def for function declarations 2025-06-04 22:17:42 +02:00
Napalys Klicius
aac56e089a JavaScript: Fix false positive on Flow type annotations in ExprHasNoEffect 2025-06-03 15:26:22 +02:00
Napalys Klicius
46b5ded862 JS: Enhance void context propagation 2025-06-03 15:20:55 +02:00
Napalys Klicius
bf48b59874 JS: Removed exclusion of FunctionExpr from compound statements. 2025-06-03 15:12:26 +02:00
Napalys Klicius
8521c53a40 Renamed test directory to match the query name 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 14:12:12 +02:00
Napalys Klicius
d1869941c2 Renamed UnhandledStreamPipe.ql to a better fitting name and ID 
As a side effect of merge `security-and-quality` does not contain anymore related new query.

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 13:57:10 +02:00
Napalys Klicius
f6e7059589 Merge branch 'main' into js/quality/stream_pipe 2025-06-03 13:48:41 +02:00
Napalys Klicius
bca1bc7153 JS: Enhance isDomProperty to check for getAPropertyRead on DOM nodes 2025-06-02 14:56:45 +02:00
Napalys Klicius
9b2ef8be10 JS: add test for DOM access where expression appears to have no side effects 2025-06-02 14:54:46 +02:00
Napalys Klicius
298ef9ab12 Now able to track error handler registration via instance properties 2025-06-02 11:01:41 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Napalys Klicius
19cc3e335f JS: Add test case for RequestForgery with url wrapped via package URL 2025-05-30 18:26:47 +02:00
Napalys Klicius
f843cc02f6 Fix false positives in stream pipe analysis by improving error handler tracking via property access. 2025-05-30 18:08:04 +02:00
Napalys Klicius
5bb29b6e33 Now flags only .pipe calls which have an error somewhere down the stream, but not on the source stream. 2025-05-28 17:17:43 +02:00