codeql

mirror of https://github.com/github/codeql.git synced 2026-03-02 13:53:42 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	4bd4937e65	Merge pull request #18547 from erik-krogh/suffixCheck JS: Fix FPs with js/incorrect-suffix-check	2025-01-22 21:13:27 +01:00
erik-krogh	04bbd5919a	add change-note	2025-01-22 10:16:11 +01:00
Asger F	0b9187d76c	JS: Add change note	2025-01-21 14:17:35 +01:00
erik-krogh	2f1bd75ee9	remove redundant cast	2025-01-21 09:51:14 +01:00
erik-krogh	17afab7d0f	support that two `indexOf()` calls use the same string-concatenation in `getAnEquivalentIndexOfCall()`	2025-01-21 09:43:57 +01:00
erik-krogh	d5529e3a7e	ensure an `indexOf` call is equivalent with itself. (`getAUse()` is used later to find matching `indexOf` calls)	2025-01-21 09:42:30 +01:00
github-actions[bot]	fbb7f0a0c6	Post-release preparation for codeql-cli-2.20.2	2025-01-20 21:11:14 +00:00
github-actions[bot]	a0512a50f2	Release preparation for version 2.20.2	2025-01-20 21:11:12 +00:00
Asger F	8fe622f572	JS: Update PrototypePollutingFunction.ql	2025-01-20 11:20:29 +01:00
Asger F	fd763a0883	JS: Auto-patch diff informed queries	2025-01-20 11:20:27 +01:00
Asger F	7b3727b874	JS: Add change note	2025-01-17 10:27:02 +01:00
Asger F	6cd9752289	Merge pull request #18467 from github/js/shared-dataflow-branch JS: Migrate to shared data flow library (targeting main!) 🚀	2025-01-16 11:28:57 +01:00
Erik Krogh Kristensen	70a1a6454d	Merge pull request #18452 from asgerf/js/import-spec-strings JS: Fix crash in case of string literal in export specifier	2025-01-09 15:50:40 +01:00
Asger F	a7fbfb2c2d	JS: Change note	2025-01-09 10:48:52 +01:00
github-actions[bot]	fb20f6ca63	Post-release preparation for codeql-cli-2.20.1	2025-01-07 22:07:40 +00:00
github-actions[bot]	88b6f1e79a	Release preparation for version 2.20.1	2025-01-07 20:50:36 +00:00
Dave Bartolomeo	72a53c4b23	Revert "Release preparation for version 2.20.1"	2025-01-07 13:32:23 -05:00
github-actions[bot]	fbf9f2fff8	Release preparation for version 2.20.1	2025-01-07 17:20:13 +00:00
Dave Bartolomeo	22e030584c	Revert "Release preparation for version 2.20.1"	2025-01-07 12:14:27 -05:00
github-actions[bot]	a121c5a5d0	Release preparation for version 2.20.1	2025-01-06 18:20:22 +00:00
Asger F	0cdda87161	JS: Restrict AP length in prototype-polluting function	2025-01-06 14:33:41 +01:00
Asger F	3acd4814de	Merge branch 'main' into js/shared-dataflow-merge-main	2024-12-19 10:14:38 +01:00
Asger F	947b785d47	JS: Remove reference to deprecated step relation that's empty anyway	2024-12-16 15:35:53 +01:00
Asger F	079294e55f	JS: Mass rename to node1,state1,node2,state2 naming convention	2024-12-16 15:35:46 +01:00
Asger F	73af3f3536	JS: Migrate PrototypePollutingFunction	2024-12-16 15:35:40 +01:00
Asger F	ebe596f227	JS: Migrate CorsPermissiveConfiguration	2024-12-16 15:35:39 +01:00
Asger F	d83ddfabaa	JS: Migrate an experimental CodeInjection query	2024-12-16 15:35:38 +01:00
Asger F	a398599bfb	JS: Rename an experimental query Having the same name as a standard query is just confusing	2024-12-16 15:35:36 +01:00
Asger F	4e25036cdc	JS: Follow naming convention in InsecureModuleFlow module	2024-12-13 11:09:59 +01:00
github-actions[bot]	cf71a1525b	Post-release preparation for codeql-cli-2.20.0	2024-12-04 18:36:17 +00:00
github-actions[bot]	96564b7128	Release preparation for version 2.20.0	2024-12-04 16:01:14 +00:00
Henry Mercer	963f084d87	Merge branch 'main' into henrymercer/merge-back-rc-3.16	2024-12-04 13:39:10 +00:00
Asger F	b3461989b1	JS: Remove use of SanitizerGuardNode in experimental SSRF query Makes a quick effort attempt to restore the original behaviour, though it is not exactly the same due to lack of recursion.	2024-12-03 14:30:36 +01:00
Asger F	a574ff1669	JS: Remove use of MakeLegacyBarrierGuard in experimental SSRF	2024-12-03 14:30:28 +01:00
Asger F	75ab4856b8	Remove unsupported features from PoI	2024-12-03 14:30:25 +01:00
Asger F	04a3a6707f	JS: Update a reference to AdditionalSanitizerGuardNode Unlike most other references to this class, we're not subclassing it here, we're just trying to reuse some standard barrier guards but with a different flow state.	2024-12-03 14:30:22 +01:00
Asger F	834d35bc42	JS: Port experimental DecompressionBombs to ConfigSig	2024-12-03 14:30:21 +01:00
Asger F	871bc3b84a	JS: Port experimental CorsPermissiveConfiguration to ConfigSig The tests show a new (source, sink) pair for an already-flagged sink. Not sure why it was not flagged originally since the data flow path seems valid, given the steps provided by our models.	2024-12-03 14:30:20 +01:00
Asger F	f5a6485ef2	JS: Port experimental decodeJwtWithoutVerificationLocalSource	2024-12-03 14:30:19 +01:00
Asger F	72e522631d	JS: Port experimental jwtDecodeWithoutVerification to ConfigSig	2024-12-03 14:30:18 +01:00
Asger F	7e162f5451	JS: Port experimental EnvValueInjection to ConfigSig	2024-12-03 14:30:17 +01:00
Asger F	4f839070a0	JS: Port experimental EnvValueAndKeyInjection to ConfigSig	2024-12-03 14:30:16 +01:00
Asger F	8887ca1722	JS: Port an experimental CodeInjection variant to ConfigSig	2024-12-03 14:30:15 +01:00
Napalys	9d4e737bc2	JS: follow proper code standards for get predicates Co-authored-by: asgerf <asgerf@github.com>	2024-11-29 11:32:10 +01:00
Napalys	3171f38cdd	JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects	2024-11-29 11:14:45 +01:00
Napalys	98fd97799c	JS: imcomplete sanization now handles properly maybe global	2024-11-28 11:26:50 +01:00
Napalys	1ae174849f	JS: incomplete sanitization now also works with RegExp objects	2024-11-28 11:26:48 +01:00
Napalys Klicius	d6372aebc7	Update javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-11-25 12:12:12 +01:00
Napalys	e38b63ebcd	JS: previously js/case-sensitive-middleware-path was not taking into consideration unknown flags	2024-11-25 11:56:06 +01:00
Alexander Eyers-Taylor	c0474c4e45	Revert "Revert "Post-release preparation for codeql-cli-2.19.4""	2024-11-21 15:37:52 +00:00

1 2 3 4 5 ...

6108 Commits