5750 Commits

Author	SHA1	Message	Date
Jeroen Ketema	99e65df6ce	Merge remote-tracking branch 'upstream/rc/3.12' into mb12	2023-12-13 15:43:39 +01:00
erik-krogh	e8f9e366d5	remove redundant imports for JS	2023-12-08 16:56:54 +01:00
github-actions[bot]	92af5f5386	Post-release preparation for codeql-cli-2.15.4	2023-12-06 22:59:22 +00:00
github-actions[bot]	c04457e9e7	Release preparation for version 2.15.4	2023-12-06 21:11:50 +00:00
Felicity Chapman	4cb2f53223	Remove unwanted period from query name ... Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name	2023-11-30 14:31:17 +00:00
Rafael	0a74a3a765	Update javascript/ql/src/change-notes/2023-11-28-django-urls.md ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-11-29 08:23:02 +01:00
Rafael	0b0c9e3e48	Create 2023-11-28-django-urls.md	2023-11-28 22:29:53 +01:00
Rafael	286e3951bf	Detect Django template URLs ... Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)	2023-11-28 22:22:07 +01:00
erik-krogh	abb8d65483	Merge branch 'main' into amammad-js-SQLI	2023-11-23 21:17:58 +01:00
amammad	60b422a35c	fix second round of code review. improve documents, fix better-sqlite3 method	2023-11-23 14:01:38 +01:00
erik-krogh	dd1e71ace9	update the JS change notes to mention security severity instead of just severity	2023-11-23 10:28:22 +01:00
amammad	0328a2986d	move TypeORM library file and tests to experimental ... add inline tests :) Fix TypeORM fuzzy method according to Review	2023-11-21 19:59:06 +01:00
Max Schaefer	2c5ce3216e	Merge pull request #14846 from github/max-schaefer/js/path-injection ... Update qhelp for js/path-injection.	2023-11-21 13:50:41 +00:00
Max Schaefer	dfffa1e237	Apply suggestions from code review ... Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2023-11-21 10:07:11 +00:00
Max Schaefer	d147faba4e	Update qhelp for js/path-injection.	2023-11-20 11:58:00 +00:00
github-actions[bot]	bad499e360	Post-release preparation for codeql-cli-2.15.3	2023-11-17 14:35:41 +00:00
github-actions[bot]	6ec9b95072	Release preparation for version 2.15.3	2023-11-16 13:07:16 +00:00
Henry Mercer	de83929a60	Remove LoC metrics from the analysis summary	2023-11-16 11:36:44 +00:00
Remco Vermeulen	52540b42fc	Merge branch 'main' into rvermeulen/javascript-adjust-security-severity	2023-11-14 11:21:38 -08:00
Remco Vermeulen	6bd7047e41	Restore XssThroughDom.ql's severity	2023-11-14 11:20:51 -08:00
Rasmus Wriedt Larsen	43d9d2ceb7	Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link ... JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.	2023-11-08 14:29:24 +01:00
Geoffrey White	e8a466a02c	Update dead link.	2023-11-07 09:26:07 +00:00
github-actions[bot]	2b939fdf08	Post-release preparation for codeql-cli-2.15.2	2023-10-30 16:06:51 +00:00
github-actions[bot]	4641990021	Release preparation for version 2.15.2	2023-10-30 11:05:53 +00:00
erik-krogh	cf958f0828	lower the severity of js/identity-replacement to medium	2023-10-27 13:54:17 +02:00
Max Schaefer	104700f6d3	Address review comment.	2023-10-27 10:19:28 +01:00
Max Schaefer	abef8483bd	Merge pull request #14600 from github/max-schaefer/express-rate-limit ... JavaScript: Add support for importing `express-rate-limit` using a named import.	2023-10-26 15:15:22 +01:00
Max Schaefer	741735cc83	Port changes to JavaScript.	2023-10-26 14:47:24 +01:00
Max Schaefer	bb146a1758	JavaScript: Add support for rateLimit export from express-rate-limit package.	2023-10-26 12:14:57 +01:00
github-actions[bot]	8dcd8b9e5b	Post-release preparation for codeql-cli-2.15.1	2023-10-17 20:24:00 +00:00
github-actions[bot]	3b3c036626	Release preparation for version 2.15.1	2023-10-16 17:49:39 +00:00
Henry Mercer	1a370bfbbe	Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 ... Post-release preparation for codeql-cli-2.15.0	2023-10-11 17:39:04 +01:00
github-actions[bot]	ae6af17c74	Post-release preparation for codeql-cli-2.15.0	2023-10-11 14:19:20 +00:00
erik-krogh	ccd06c78b9	delete an .expected file outside the test directories	2023-10-10 21:35:19 +02:00
Remco Vermeulen	76e56cdac7	Adjust query severities	2023-10-09 12:52:09 -07:00
erik-krogh	c2942b37a7	JS: delete various outdated deprecations	2023-10-09 09:14:55 +02:00
Asger F	315272839d	JS: Change note	2023-10-05 08:13:43 +02:00
github-actions[bot]	9fe993bec3	Release preparation for version 2.15.0	2023-10-04 14:15:27 +00:00
Henry Mercer	da92da2204	Bump minor versions of packs we regularly release	2023-10-03 16:31:23 +01:00
Henry Mercer	f3847b3f51	Merge branch 'main' into henrymercer/rc-3.11-mergeback	2023-10-03 16:30:23 +01:00
amammad	97c27ac11b	revert SqlInjection.ql changes	2023-09-29 01:36:00 +10:00
amammad	0eb0c238f3	stash	2023-09-23 20:28:34 +10:00
github-actions[bot]	3acf5244b0	Post-release preparation for codeql-cli-2.14.6	2023-09-20 10:25:10 +00:00
github-actions[bot]	0a3670727f	Release preparation for version 2.14.6	2023-09-19 11:40:30 +00:00
Erik Krogh Kristensen	7e7852eff6	Merge pull request #13641 from erik-krogh/multi-char ... JS/RB: write qhelp for `incomplete-multi-character-sanitization`	2023-09-14 14:48:30 +02:00
Max Schaefer	e722e3288f	Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help ... JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.	2023-09-13 13:20:48 +01:00
Max Schaefer	a9e81672f0	Make suggestion to replace example.com more explicit.	2023-09-12 16:54:05 +01:00
Max Schaefer	7ddb7da65e	Apply suggestions from code review ... Co-authored-by: Felicity Chapman <felicitymay@github.com>	2023-09-12 16:47:23 +01:00
github-actions[bot]	d699880c86	Post-release preparation for codeql-cli-2.14.4	2023-09-08 21:17:52 +00:00
Chuan-kai Lin	1a575ef297	Merge pull request #14167 from asgerf/ts/tolerate-out-of-order-requests ... JS: tolerate out of order requests in TypeScript extractor	2023-09-08 12:33:44 -07:00