hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-19 13:48:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
78,486 Commits 1,760 Branches 167 Tags
190dfce9c5febca5ea6668b505da412f9a31448d
Commit Graph

11310 Commits

Author SHA1 Message Date
Asger F
190dfce9c5 JS: Ensure tsconfig.json files are extracted in qltest 
QLTests still use the Main.java entry point, which didn't extract tsconfig.json and didn't allow non-standard JSON syntax such as trailing commas that are allowed in tsconfig.json files.
 2025-04-23 14:27:21 +02:00
Asger F
ec4b3ef202 JS: Stop resolving imports from TS symbols 2025-04-23 14:27:20 +02:00
Asger F
a889e981ba JS: Add tests for multiple path replacements 2025-04-23 14:27:19 +02:00
Asger F
aa0f7d8ec3 JS: Add test for baseUrl and path mappings in tsconfig files 2025-04-23 14:27:18 +02:00
Asger F
ffe9d542f8 JS: Set TS mode to basic 2025-04-23 14:27:16 +02:00
Asger F
abfbc2e294 JS: Also check contextual type 2025-04-23 14:27:15 +02:00
Asger F
cada794cf1 JS: Some test updates 2025-04-23 14:27:14 +02:00
Asger F
69077ff9b6 JS: Remove some dependencies on type extraction 2025-04-23 14:27:13 +02:00
Asger F
fe06115180 JS: Use in MissingAwait 2025-04-23 14:27:11 +02:00
Asger F
05212e6042 JS: Use hasUnderlyingStringOrAnyType in Nest model (TODO: refactor) 2025-04-23 14:27:10 +02:00
Asger F
0109ab6a70 JS: Use sanitizing primitive type in Nest model 2025-04-23 14:27:09 +02:00
Asger F
9978657a1c JS: Use sanitizing primitive types in ViewComponentInput 2025-04-23 14:27:07 +02:00
Asger F
6ed900504c JS: Update jQuery model 2025-04-23 14:27:06 +02:00
Asger F
da7387ee63 JS: Use in TypeAnnotation.getClass and hasUnderlyingType predicates 2025-04-23 14:27:05 +02:00
Asger F
406754c646 JS: Resolve JSDocLocalTypeAccess to a variable in scope 2025-04-23 14:27:04 +02:00
Asger F
52c729b161 JS: Use underlying types in DataFlow::Node 2025-04-23 14:27:02 +02:00
Asger F
21f4349cc6 Create TypeResolution.qll 2025-04-23 14:27:01 +02:00
Asger F
a374b04f0f Create UnderlyingTypes.qll 2025-04-23 14:27:00 +02:00
Asger F
45ed331115 Create NameResolution.qll 2025-04-23 14:26:59 +02:00
Asger F
7586631934 JS: Add test 2025-04-23 14:26:57 +02:00
Asger F
f8be64b313 JS: Add helper for getting local type names 2025-04-23 14:26:55 +02:00
Asger F
0f981b4a1e JS: Avoid accidental recursion with API graphs 2025-04-23 14:26:54 +02:00
Asger F
bcf26ef537 JS: Make Closure concepts based on AST instead 2025-04-23 14:26:52 +02:00
Asger F
372606a93d JS: Do not ignore variables from ambient declarations 2025-04-23 14:26:51 +02:00
Asger F
f18335da5b JS: Add ImportSpecifier.getImportDeclaration() 2025-04-23 14:26:50 +02:00
Asger F
4443dec443 JS: Exclude externs from CallGraph meta-query 2025-04-23 14:26:48 +02:00
Asger F
6d58293478 Disable noisy meta query 2025-04-23 14:26:47 +02:00
Asger F
ae55f2c80f Add meta query 2025-04-23 14:26:45 +02:00
Asger F
c2cab184ac Merge pull request #19283 from asgerf/js/rest-pattern-fix 
JS: Fix missing flow into rest pattern lvalue
 2025-04-22 10:37:36 +02:00
github-actions[bot]
d78736b1bf Post-release preparation for codeql-cli-2.21.1 2025-04-15 16:33:15 +00:00
github-actions[bot]
b961c5961d Release preparation for version 2.21.1 2025-04-14 09:53:06 +00:00
Napalys Klicius
86313715a4 Merge pull request #19184 from Napalys/js/request_handlers 
JS: Support for `Request` and `NextRequest`
 2025-04-14 08:07:24 +02:00
Asger F
6c01709048 JS: Update more test output 2025-04-11 15:15:22 +02:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Napalys
2c4b3527b4 Added change note 2025-04-11 09:42:12 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Asger F
719456e27d JS: Fix missing flow into rest pattern lvalue 2025-04-11 08:37:09 +02:00
Asger F
7703b1fab5 JS: Add test for missing getALocalSource flow for rest pattern 2025-04-11 08:37:07 +02:00
Napalys Klicius
43bf0beae9 Merge pull request #19263 from Napalys/js/make-dir-lib 
JS: Add support for `make-dir` package
 2025-04-10 15:09:43 +02:00
Napalys
86b64afa13 Added NextResponse to the ResponseCall class it models similar near idential behaviour. 2025-04-10 15:06:44 +02:00
Napalys
8acb0243ad Added test cases for NextResponse and Response 2025-04-10 14:57:40 +02:00