hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,318 Commits 1,672 Branches 157 Tags
0ffe9ab8d5abe99e033a00bbf6af026d1043039f
Commit Graph

8797 Commits

Author SHA1 Message Date
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Erik Krogh Kristensen
cfb273ae01 Merge pull request #12799 from erik-krogh/oneColumn 
JS: use 1-based column locations for diagnostics
 2023-04-12 14:48:20 +02:00
Asger F
b819f55203 Merge pull request #12792 from asgerf/js/redux-model-perf 
JS: add getForwardingFunction and use to sharpen useSelector model
 2023-04-12 14:09:59 +02:00
erik-krogh
d3cc1d6991 update expected output of diagnostics test 2023-04-12 13:42:05 +02:00
Erik Krogh Kristensen
8cb54b748b Merge pull request #12787 from tyage/add-router-sink 
JS: Add New XSS sink - Next.js router.push/replace
 2023-04-12 13:30:21 +02:00
erik-krogh
fe5e4845b1 use 1-based column locations for diagnostics 2023-04-12 08:14:15 +02:00
Asger F
aef0fa3c8a JS: Expand QLDoc 2023-04-11 14:16:36 +02:00
Asger F
d702c7b990 Merge pull request #12759 from asgerf/js/getset-in-pattern 
JS: Fix parsing of 'get' or 'set' pattern with a default value
 2023-04-11 14:03:00 +02:00
Asger F
2c65a49d7c JS: Add getForwardingFunction() to API graphs 2023-04-11 14:00:30 +02:00
Asger F
4ce03d4dc4 JS: Restrict useSelector steps to local callbacks 2023-04-11 13:33:46 +02:00
Asger F
3cc931306f JS: Add test for selector nodes with multiple access paths 2023-04-11 13:33:27 +02:00
tyage
40d475863d Add change note 2023-04-08 18:36:50 +09:00
tyage
320cb99dbf Add replace method test 2023-04-08 18:31:48 +09:00
tyage
668e1accaa Remove unnecessary whiteline 2023-04-08 18:24:31 +09:00
tyage
7f9b8557ac Add Next.js router push as XSS sink 2023-04-08 18:18:34 +09:00
Henry Mercer
e1b3807dfc Merge remote-tracking branch 'origin/rc/3.9' into henrymercer/merge-back-3.9 2023-04-05 14:57:57 +01:00
github-actions[bot]
ac426b1302 Post-release preparation for codeql-cli-2.12.6 2023-04-04 16:49:26 +00:00
Asger F
5cc7380bcd JS: Change note 2023-04-04 16:49:14 +02:00
Asger F
621e2e71c8 JS: Don't try to parse "get=" as a method prop 2023-04-04 16:37:28 +02:00
Asger F
eb8046daef JS: Add trap test showing parse error 2023-04-04 16:33:13 +02:00
erik-krogh
0b4f239ab5 only set the file in the diagnostics message if the file is within the source root 2023-04-03 13:49:29 +01:00
erik-krogh
a7c2892af4 only set the file in the diagnostics message if the file is within the source root 2023-04-03 12:38:10 +02:00
Asger F
53de9ae580 Merge pull request #12729 from asgerf/js/crypto-modernize 
JS: Modernize crypto libraries
 2023-04-03 12:16:22 +02:00
Jeroen Ketema
17bd9c12d7 JS: Fix qhelp after file rename 2023-04-03 09:25:19 +02:00
Erik Krogh Kristensen
1e1a692ee6 Merge pull request #12686 from erik-krogh/backtick-parse-error 
JS: add backticks around the concrete parse error
 2023-03-31 14:56:38 +02:00
Asger F
64cf27ab87 JS: Modernize crypto libraries 2023-03-31 14:49:23 +02:00
Asger F
40530ae14d JS: Simplfy with set literal 2023-03-31 12:04:56 +02:00
Asger F
4a06b81429 JS: Use API graphs in CryptoJS 2023-03-31 12:03:14 +02:00
Asger F
dec1e4dfd6 Merge pull request #12666 from smiddy007/improve-insufficient-pw-hash-query 
JS: Improve insufficient pw hash query
 2023-03-31 11:58:41 +02:00
github-actions[bot]
0a3218676c Release preparation for version 2.12.6 2023-03-30 19:25:06 +00:00
Alex Ford
62fcea030a Merge pull request #12718 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-30 15:50:56 +01:00
Erik Krogh Kristensen
b382465078 Merge pull request #12679 from ctbellanti/improved-certificate-validation 
JS: Improved coverage for disabled certificate validation
 2023-03-30 16:24:33 +02:00
github-actions[bot]
e87ce62f95 Post-release preparation for codeql-cli-2.12.5 2023-03-30 13:48:58 +00:00
erik-krogh
47783326c2 add test for https.createServer in DisablingCertificateValidation.ql 2023-03-30 14:15:25 +02:00
Asger F
43174cfe3a Merge pull request #12668 from asgerf/js/jquery-callback-sinks 
JS: fix handling of jQuery sinks involving callback
 2023-03-30 12:42:53 +02:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
Asger F
2ef1743bf4 Merge pull request #11615 from asgerf/js/extension-docs 
JS: docs for customizing library models with data extensions
 2023-03-29 10:20:53 +02:00
smiddy007
0eb61d39d3 formatting 2023-03-28 11:28:32 -04:00
smiddy007
fe3b0a56ca Removed unnecessary field 2023-03-28 11:27:23 -04:00
smiddy007
8e9f2185c8 Merge branch 'main' into improve-insufficient-pw-hash-query 2023-03-28 11:15:10 -04:00
smiddy007
123eb1e57b Update javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-03-28 11:14:28 -04:00
Erik Krogh Kristensen
13c0effbd2 change to minor change 2023-03-28 15:27:16 +02:00
erik-krogh
4b3a419509 just use quoteWithBackticks 2023-03-28 15:23:15 +02:00
Erik Krogh Kristensen
451f6f01bb Merge pull request #12633 from erik-krogh/more-global-flow 
JS: better callgraph support for global variables
 2023-03-28 15:19:50 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Asger F
61a7ee9387 JS: Use getABoundFunctionValue instead of type-tracking 2023-03-28 12:56:03 +02:00
erik-krogh
70dfa6e15c use StringUtil.quoteWithBackticks instead of manually quoting with a single backtick 2023-03-28 12:34:44 +02:00
erik-krogh
e5e20ab42c add backticks around the concrete parse error 2023-03-28 10:57:13 +02:00
Asger F
04b28c5118 Merge branch 'main' into js/extension-docs 2023-03-28 10:12:22 +02:00
smiddy007
2caab8748e Merge branch 'improve-insufficient-pw-hash-query' of https://github.com/smiddy007/codeql into improve-insufficient-pw-hash-query 2023-03-27 15:20:24 -04:00