hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,144 Commits 1,671 Branches 157 Tags
15bc417a17b0c968408b45793cabd3446119119d
Commit Graph

9940 Commits

Author SHA1 Message Date
github-actions[bot]
255f55cf1a Release preparation for version 2.19.2 2024-10-15 10:29:25 +00:00
Tom Hvitved
d0ca39fb03 JS: Update expected test output 2024-10-04 08:35:33 +02:00
github-actions[bot]
e97878ed63 Post-release preparation for codeql-cli-2.19.1 2024-09-30 19:49:00 +00:00
github-actions[bot]
455c8c5953 Release preparation for version 2.19.1 2024-09-30 17:59:48 +00:00
Sid Gawri
e8c68fff7f resolve id conflict with dom based xss test ql 2024-09-25 10:01:59 -04:00
github-actions[bot]
79be301984 Post-release preparation for codeql-cli-2.19.0 2024-09-16 14:09:32 +00:00
Chris Smowton
be02864281 Copyedit 2024-09-16 12:25:49 +01:00
github-actions[bot]
acdafd9646 Release preparation for version 2.19.0 2024-09-16 10:56:10 +00:00
Dave Bartolomeo
485fc04029 Initial merge from main 2024-09-15 08:55:31 -04:00
Asger F
07bd854868 Merge pull request #17401 from pwntester/js/actions/secrets-in-artifacts 
Javascript: Query to detect GITHUB_TOKEN leaked in artifacts
 2024-09-11 15:54:36 +02:00
Sid Shankar
bc70d5ceb1 Adds change note 2024-09-11 00:52:21 +00:00
Sid Shankar
3516117215 Adds test for arbitrary specifiers in TS files 
Adds test for arbitrary identifiers used in imports and exports
 2024-09-11 00:37:49 +00:00
Sid Shankar
785af12f1c Renames test file 2024-09-11 00:28:44 +00:00
Sid Shankar
aa787a9cb1 Handles arbitrary module identifiers 
This commit enables support for arbitrary names for identifier and namespace imports and exports
 2024-09-11 00:27:42 +00:00
Sid Shankar
2c74b5ee50 Updates TS extractor dependency to 5.6.2 2024-09-11 00:22:17 +00:00
Alvaro Muñoz
061d58ae4a Update javascript/ql/src/change-notes/2024-09-06-new-actions-artifact-leak-query.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-09-10 22:18:04 +02:00
github-actions[bot]
97edff3f70 Post-release preparation for codeql-cli-2.18.4 2024-09-09 18:45:46 +00:00
github-actions[bot]
91537cdf9a Release preparation for version 2.18.4 2024-09-09 16:08:48 +00:00
Alvaro Muñoz
d34a0ba306 Add change note 2024-09-06 23:28:57 +02:00
Alvaro Muñoz
5d1da861a2 fix: Use YamlScalar for booleans 2024-09-06 23:21:41 +02:00
Alvaro Muñoz
5df3af2272 Fix alert message 2024-09-06 23:06:57 +02:00
Alvaro Muñoz
d9e8792d33 [javascript] Query to detect GITHUB_TOKEN leaked in artifacts 2024-09-06 22:55:58 +02:00
erik-krogh
e2b16bd8f9 add some change-notes 2024-09-03 22:06:07 +02:00
erik-krogh
0fdd06fff5 use my script to delete outdated deprecations 2024-09-03 20:30:58 +02:00
Henry Mercer
3490067316 Merge branch 'main' into henrymercer/rc-3.15-mergeback 2024-08-29 19:48:01 +01:00
Cornelius Riemenschneider
b7b475d13b JS: Move all integration tests. 
We no longer need the platform-specific directories, so simplify the test organization.
If you don't want this change, just skip merging this PR.
It's purely optional.

The PR also deletes a spurious qlpack.yml that I missed when converting the tests to pytest.
 2024-08-28 10:43:08 +02:00
Asger F
a1688f6a1a Merge pull request #17240 from knewbury01/knewbury01/fix-helmetrequiredsetting-model 
Update JS helmet model structure
 2024-08-22 11:59:28 +02:00
Asger F
09aca6b47e Merge pull request #17212 from mbaluda/main 
Add support for importing NPM modules in XSJS sources
 2024-08-22 10:54:33 +02:00
github-actions[bot]
0724fd7ce2 Post-release preparation for codeql-cli-2.18.3 2024-08-21 18:25:54 +00:00
github-actions[bot]
17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Asger F
7a7ab457a9 JS: Delete unneeded test code (and shift line numbers) 2024-08-16 14:38:54 +02:00
Asger F
9ee7599aeb JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query 
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
 2024-08-16 14:37:13 +02:00
Asger F
699d3a0a0a JS: Update a RegExp injection test 
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
 2024-08-16 14:20:34 +02:00
Asger F
467256d465 JS: Add change note 2024-08-16 11:06:59 +02:00
Asger F
2d264052b3 JS: Treat browser message events as client-side sources 2024-08-16 11:02:12 +02:00
Asger F
7dcdad066f Update javascript/ql/lib/semmle/javascript/frameworks/helmet/Helmet.qll 2024-08-16 09:44:53 +02:00
Kristen Newbury
81787a159e Add QL docs to helmet model 2024-08-15 16:32:37 -04:00
Kristen Newbury
e84dda4fa6 Update JS helmet model structure 2024-08-15 16:08:48 -04:00
Mauro Baluda
be0a60a7f6 Add support for importing NPM modules in XSJS sources 2024-08-13 14:45:03 +02:00
Tom Hvitved
0fcfb47423 Sync shared files 2024-08-13 13:34:45 +02:00
Alexander Eyers-Taylor
ffd811a55d Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
Erik Krogh Kristensen
41506fbfef Merge pull request #14666 from am0o0/amammad-js-hardcodedJWTKey 
JS: Extends CredentialsNode class mostly related to JWT authentication packages
 2024-08-08 10:20:45 +02:00
am0o0
b64cb4da09 remove a part of code related to debugging :) 2024-08-07 20:37:20 +02:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
erik-krogh
bef4fe627d make sure the new identifiers have end-locations 2024-08-07 10:25:22 +02:00
erik-krogh
b8187ed294 support arbitary export specifiers 2024-08-06 20:45:57 +02:00
erik-krogh
5f7f37f6c8 support arbitary import specifiers 2024-08-06 20:45:53 +02:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00