hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

6853 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
7ce87a7118 remove stray import 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
c8c7a1f772 remove the body field from StaticInitializer and relax the valuye type on MemberDefinition 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
e3ed6c2523 refactor StaticInitializer into it's own class 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
23e28ae5d4 fix typo in comment 
Co-authored-by: Asger F <asgerf@github.com>
 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
2a03a84315 remove TODO comment 
Co-authored-by: Asger F <asgerf@github.com>
 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
ffd51e725f add getter for static initializer blocks 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
9585481d0b add support for static initializer blocks in TypeScript 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
59f15eb4eb add tests for TypeScript 4.4 types 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
02a0eed8ee add basic support for TypeScript 4.4 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
3b6c8c5191 Merge branch 'main' into clipBoard 2021-09-14 20:21:37 +02:00
CodeQL CI
136d04390d Merge pull request #6695 from erik-krogh/js-add-cwes 
Approved by esbena
 2021-09-14 11:19:35 -07:00
Erik Krogh Kristensen
b936a04826 add some fitting CWEs to existing queries 2021-09-14 14:59:24 +02:00
Erik Krogh Kristensen
6d12c4aab1 use the correct cwe tags 2021-09-14 14:42:23 +02:00
Tom Hvitved
57b5b2af2e JavaScript: DB upgrade script 2021-09-14 10:25:53 +02:00
Tom Hvitved
25e1da0150 JavaScript: Update expected test output 2021-09-14 10:25:42 +02:00
Tom Hvitved
63e28c57cd JavaScript: Drop redundant columns from files and folders relations 2021-09-14 10:25:37 +02:00
Erik Krogh Kristensen
b889674486 add change note 2021-09-13 20:45:35 +02:00
Erik Krogh Kristensen
8569d261f7 add test 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
8e98dcefb1 add clipboard data as a RemoteFlowSource 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
3983aceb48 recognize types of the form "HTML%Element" as dom values 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
bac80bf686 delete ClipboardXss.ql experimental query 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
05cc6bcf8a adjust regexp libraries to how unpaired surrogate are parsed now 2021-09-13 14:02:05 +01:00
Chris Smowton
f24d7c4212 Acknowledge new FPs due to the extractor using U+FFFD for unpaired surrogates 
These were already misinterpreted, but the ReDoS code ignored them as they previously appeared to be `?` characters.
 2021-09-13 14:02:05 +01:00
Chris Smowton
487ebdf173 Add test for Javascript literal with an unpaired surrogate character 2021-09-13 14:02:05 +01:00
CodeQL CI
e8fc3c8ead Merge pull request #5888 from erik-krogh/casting 
Approved by asgerf
 2021-09-10 09:11:39 -07:00
CodeQL CI
27f2d417c1 Merge pull request #6652 from asgerf/js/type-tracking-through-callback 
Approved by erik-krogh
 2021-09-10 04:11:14 -07:00
Erik Krogh Kristensen
a756ffa3a6 use the new instanceof syntax for NodeJSClientRequest 2021-09-10 09:30:37 +02:00
rhysd
97ed9edd32 JS: Detect untrusted inputs in 'discussion' and 'discussion_comment' payloads 2021-09-10 10:42:58 +09:00
CodeQL CI
cd26d97dd7 Merge pull request #6549 from erik-krogh/moreDom 
Approved by asgerf
 2021-09-08 05:10:47 -07:00
Asger Feldthaus
db1de18cc2 JS: Support transitive callback-passing 2021-09-08 13:08:16 +02:00
Asger Feldthaus
ceaf2b3727 JS: Rename FlowSteps::callback -> exploratoryCallbackStep 2021-09-08 13:08:12 +02:00
Asger Feldthaus
7c94dd94e9 JS: Add type-tracking steps through callback args 2021-09-08 13:08:05 +02:00
Asger Feldthaus
1f6df4e70d JS: Add callback type tracking test 2021-09-08 13:08:04 +02:00
CodeQL CI
5b229e9392 Merge pull request #6574 from asgerf/js/vue-api-graphs 
Approved by erik-krogh
 2021-09-07 05:53:30 -07:00
Erik Krogh Kristensen
85e1c87d14 use the new non-extending-subtypes syntax 2021-09-06 11:19:50 +02:00
Erik Krogh Kristensen
8d4af3ad81 convert field based range pattern to casting based range pattern 2021-09-06 11:05:23 +02:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Asger Feldthaus
7149ad8ac4 JS: Also mark uses of the exports object as an export in PackageExports 2021-09-03 13:35:30 +02:00
Nati Pesaresi
629efb85fb ternary operator 2021-09-02 17:55:09 -03:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Erik Krogh Kristensen
1ad204d89e make after and TState private in ReDoSUtil 2021-09-02 09:15:43 +02:00
Asger Feldthaus
cc838326e1 JS: Remove old bulk export access getAnExportedModule 2021-09-01 13:28:54 +02:00
Asger Feldthaus
7daa6481e3 JS: Check property name in NodeJSModule.getABulkExportedNode 2021-09-01 13:25:14 +02:00
Asger Feldthaus
4b1f918feb JS: Extend getABulkExportedNode and use it in PackageExports 2021-09-01 13:24:23 +02:00
Asger Feldthaus
cce3c0256e JS: Update some comments in Vue 2021-09-01 13:04:40 +02:00
Erik Krogh Kristensen
537450606e use a consistent comment about the ignore case flag 2021-09-01 12:46:50 +02:00
Erik Krogh Kristensen
ff74fe1e03 rename hasChildThatMatchesIgnoringCasing to hasChildThatMatchesIgnoringCasingFlags 2021-09-01 12:45:20 +02:00
Erik Krogh Kristensen
75a3f34e86 use if-else in ReDoSUtil::getCanonicalizationFlags 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 12:44:02 +02:00
Erik Krogh Kristensen
f8d46677b9 add RequestExpr as an alias to NodeJSLib::RequestExpr in Connect.qll 2021-09-01 10:11:05 +02:00
Erik Krogh Kristensen
98d018ce26 remove redundant extends clause 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 10:09:40 +02:00