Alvaro Muñoz
|
009403b61e
|
Add QLDoc for FormatterSetup.getAFormatterHandler
|
2022-10-19 22:18:13 +02:00 |
|
Alvaro Muñoz
|
2ad5a70cf1
|
Merge branch 'main' into restify_improvements
|
2022-10-19 21:57:37 +02:00 |
|
Alvaro Muñoz
|
245be44eac
|
Merge branch 'main' into javascript_xss_improvements
|
2022-10-19 18:18:19 +02:00 |
|
Alvaro Muñoz
|
976dd7f99f
|
Fix format errors
|
2022-10-19 18:14:25 +02:00 |
|
Alvaro Muñoz
|
b79f7f3e95
|
Address code review comments
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2022-10-18 21:42:15 +02:00 |
|
Alvaro Muñoz
|
6ab62da015
|
Add Restify/Spife support
|
2022-10-18 21:41:34 +02:00 |
|
Alvaro Muñoz
|
41fea776e8
|
Do not discard XSS sinks when non-content-type headers are local to the sendArgument expression
|
2022-10-13 17:50:43 +02:00 |
|
Josh Soref
|
45d1e3f9b2
|
spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-13 10:56:41 -04:00 |
|
Josh Soref
|
124c5544cf
|
spelling: predicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-13 10:56:41 -04:00 |
|
Josh Soref
|
52a3e3c2fd
|
spelling: heuristic
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-13 10:56:41 -04:00 |
|
Josh Soref
|
5d94733078
|
spelling: ambiguously
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-13 10:51:25 -04:00 |
|
Erik Krogh Kristensen
|
10aab81f42
|
Merge pull request #10799 from jsoref/spelling-nfautils
ReDoS: Spelling nfautils
|
2022-10-12 23:09:06 +02:00 |
|
Josh Soref
|
09c8a98761
|
spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 15:20:26 -04:00 |
|
Josh Soref
|
bb1ce8973a
|
spelling: repeatable
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 15:20:24 -04:00 |
|
Josh Soref
|
adb8860b9b
|
spelling: pattern
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 15:20:24 -04:00 |
|
Josh Soref
|
c7ae0728f3
|
spelling: javascript
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 15:02:00 -04:00 |
|
Josh Soref
|
98b317d1a5
|
spelling: escape
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 15:02:00 -04:00 |
|
Josh Soref
|
370da943dc
|
spelling: abcdefghijklmnopqrstuvwxyz
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 15:02:00 -04:00 |
|
Josh Soref
|
08a79531cf
|
spelling: response
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-12 04:40:26 -04:00 |
|
Alvaro Muñoz
|
2ab34c85b2
|
Deprecate previous version
|
2022-10-11 12:46:01 +02:00 |
|
Alvaro Muñoz
|
15f641893e
|
Deprecate previous version
|
2022-10-11 12:44:46 +02:00 |
|
Alvaro Muñoz
|
d5520d93c8
|
Deprecate previous version
|
2022-10-11 12:43:20 +02:00 |
|
Alvaro Muñoz
|
30958f7cde
|
Deprecate previous version
|
2022-10-11 12:42:40 +02:00 |
|
Alvaro Muñoz
|
2a1b2db4c3
|
Deprecate previous version
|
2022-10-11 12:40:32 +02:00 |
|
Alvaro Muñoz
|
5c412b9363
|
Use Pascal convention
|
2022-10-11 11:24:07 +02:00 |
|
Alvaro Muñoz
|
ad80642b18
|
Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities
|
2022-10-11 11:13:17 +02:00 |
|
Josh Soref
|
0a4c724b69
|
spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-11 00:23:36 -04:00 |
|
Asger F
|
9bbbece8a7
|
Merge pull request #10670 from tyage/property-stringify
JS: Improve detection of XSS when JSON.stringify()
|
2022-10-10 18:16:09 +02:00 |
|
Asger F
|
ecf7ed38e0
|
JS: Performance tweak
|
2022-10-10 16:08:21 +02:00 |
|
Asger F
|
67cef92f94
|
JS: Rewrite to use DataFlow::Node API and restrict context
|
2022-10-10 16:08:21 +02:00 |
|
github-actions[bot]
|
b8ef9e0ddc
|
Post-release preparation for codeql-cli-2.11.1
|
2022-10-07 15:59:45 +00:00 |
|
erik-krogh
|
368f84785b
|
fix some more style-guide violations in the alert-messages
|
2022-10-07 11:22:22 +02:00 |
|
github-actions[bot]
|
a02dcdc5e1
|
Release preparation for version 2.11.1
|
2022-10-07 02:20:28 +00:00 |
|
tyage
|
7205903a36
|
Using implicit this
|
2022-10-04 18:06:30 +09:00 |
|
tyage
|
f47c02431a
|
Merge branch 'main' into property-stringify
|
2022-10-04 09:57:54 +01:00 |
|
tyage
|
9df0720da9
|
refactoring
|
2022-10-04 17:05:49 +09:00 |
|
tyage
|
8a7f23a8ea
|
support VarRef
|
2022-10-04 14:45:39 +09:00 |
|
Tom Hvitved
|
dc432c7774
|
Sync shared files
|
2022-09-30 14:56:56 +02:00 |
|
Nick Rolfe
|
ef8ec0878a
|
Merge pull request #10641 from github/nickrolfe/a_an
JS/Python/Ruby: s/a HTML/an HTML/
|
2022-09-30 12:17:15 +01:00 |
|
Nick Rolfe
|
ed74e0aad1
|
JS/Python/Ruby: s/a HTML/an HTML/
|
2022-09-30 10:37:52 +01:00 |
|
Henti Smith
|
476960e699
|
Merge pull request #10625 from github/henti/ql_jobrunson
Added job.getRunsOn
|
2022-09-30 10:19:14 +01:00 |
|
Henti Smith
|
074fac8f2f
|
Ran autoformatter on Actions.qll
|
2022-09-30 09:24:12 +01:00 |
|
erik-krogh
|
0a5ff1b79a
|
recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
|
2022-09-29 21:25:40 +02:00 |
|
Henti Smith
|
700eaf5e41
|
Added JobRunson
|
2022-09-29 14:19:02 +01:00 |
|
tyage
|
b95566b02a
|
make json stringify tainted with arg's property
|
2022-09-29 17:46:09 +09:00 |
|
Asger F
|
24f2a3cdff
|
Sync ApiGraphModels.qll
|
2022-09-28 12:17:44 +02:00 |
|
Dave Bartolomeo
|
3bd456e52d
|
Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0
Post-release preparation for codeql-cli-2.11.0
|
2022-09-23 18:13:59 -04:00 |
|
github-actions[bot]
|
6cef0af5df
|
Post-release preparation for codeql-cli-2.11.0
|
2022-09-23 21:01:40 +00:00 |
|
Asger F
|
11ba0f0bbe
|
Merge pull request #10253 from asgerf/js/type-defs-squashed
JS: Add generated typings to SQL models
|
2022-09-23 11:34:01 +02:00 |
|
github-actions[bot]
|
f5cf8cffa3
|
Release preparation for version 2.11.0
|
2022-09-22 20:14:12 +00:00 |
|