hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-19 21:57:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
78,486 Commits 1,759 Branches 167 Tags
190dfce9c5febca5ea6668b505da412f9a31448d
Commit Graph

2652 Commits

Author SHA1 Message Date
Asger F
ec4b3ef202 JS: Stop resolving imports from TS symbols 2025-04-23 14:27:20 +02:00
Asger F
abfbc2e294 JS: Also check contextual type 2025-04-23 14:27:15 +02:00
Asger F
69077ff9b6 JS: Remove some dependencies on type extraction 2025-04-23 14:27:13 +02:00
Asger F
05212e6042 JS: Use hasUnderlyingStringOrAnyType in Nest model (TODO: refactor) 2025-04-23 14:27:10 +02:00
Asger F
0109ab6a70 JS: Use sanitizing primitive type in Nest model 2025-04-23 14:27:09 +02:00
Asger F
9978657a1c JS: Use sanitizing primitive types in ViewComponentInput 2025-04-23 14:27:07 +02:00
Asger F
6ed900504c JS: Update jQuery model 2025-04-23 14:27:06 +02:00
Asger F
da7387ee63 JS: Use in TypeAnnotation.getClass and hasUnderlyingType predicates 2025-04-23 14:27:05 +02:00
Asger F
406754c646 JS: Resolve JSDocLocalTypeAccess to a variable in scope 2025-04-23 14:27:04 +02:00
Asger F
52c729b161 JS: Use underlying types in DataFlow::Node 2025-04-23 14:27:02 +02:00
Asger F
21f4349cc6 Create TypeResolution.qll 2025-04-23 14:27:01 +02:00
Asger F
a374b04f0f Create UnderlyingTypes.qll 2025-04-23 14:27:00 +02:00
Asger F
45ed331115 Create NameResolution.qll 2025-04-23 14:26:59 +02:00
Asger F
f8be64b313 JS: Add helper for getting local type names 2025-04-23 14:26:55 +02:00
Asger F
0f981b4a1e JS: Avoid accidental recursion with API graphs 2025-04-23 14:26:54 +02:00
Asger F
bcf26ef537 JS: Make Closure concepts based on AST instead 2025-04-23 14:26:52 +02:00
Asger F
f18335da5b JS: Add ImportSpecifier.getImportDeclaration() 2025-04-23 14:26:50 +02:00
Asger F
c2cab184ac Merge pull request #19283 from asgerf/js/rest-pattern-fix 
JS: Fix missing flow into rest pattern lvalue
 2025-04-22 10:37:36 +02:00
github-actions[bot]
d78736b1bf Post-release preparation for codeql-cli-2.21.1 2025-04-15 16:33:15 +00:00
github-actions[bot]
b961c5961d Release preparation for version 2.21.1 2025-04-14 09:53:06 +00:00
Napalys Klicius
86313715a4 Merge pull request #19184 from Napalys/js/request_handlers 
JS: Support for `Request` and `NextRequest`
 2025-04-14 08:07:24 +02:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Napalys
2c4b3527b4 Added change note 2025-04-11 09:42:12 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Asger F
719456e27d JS: Fix missing flow into rest pattern lvalue 2025-04-11 08:37:09 +02:00
Napalys Klicius
43bf0beae9 Merge pull request #19263 from Napalys/js/make-dir-lib 
JS: Add support for `make-dir` package
 2025-04-10 15:09:43 +02:00
Napalys
86b64afa13 Added NextResponse to the ResponseCall class it models similar near idential behaviour. 2025-04-10 15:06:44 +02:00
Napalys
63a3953b0c Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. 2025-04-10 14:48:17 +02:00
Asger F
eac14b9837 Merge pull request #19200 from asgerf/js/web-response 
JS: Add sinks for calls to 'new Response()'
 2025-04-10 14:41:32 +02:00
Napalys
5243f90c90 Brought back old methods and marked them as deprecated 2025-04-09 14:56:24 +02:00
Napalys
5ec71ab9af Added change note 2025-04-09 14:42:34 +02:00
Napalys
ce2fc25cdb Added make-dir model as data 2025-04-09 14:42:29 +02:00
Napalys Klicius
2dca95af92 Update javascript/ql/lib/change-notes/2025-04-07-websocket.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-09 14:26:00 +02:00
Napalys
0c52b5ad95 Added summary flow for StringFromCharCode 2025-04-09 14:24:43 +02:00
Napalys Klicius
f02783a9c6 Merge pull request #19210 from Napalys/js/mkdirp 
JS: Modeling of `mkdirp` functions
 2025-04-09 13:43:37 +02:00
Napalys
a3e4e62eac Removed taint from ArrayBuffer constructor as it accepts length 2025-04-09 13:27:13 +02:00
Napalys
4bc3e9e736 Addressed comments 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-04-09 12:31:45 +02:00
Napalys
4a4d78bbde Added change note 2025-04-08 08:12:42 +02:00
Napalys
b8802a29f4 Added open package model as data. 2025-04-08 08:12:30 +02:00
Napalys
873db7c121 Added change note 2025-04-07 18:15:24 +02:00
Napalys
b97c61864e Add flow summaries and entry points for TextDecoder 2025-04-07 18:15:19 +02:00
Napalys
f4277204b7 Add flow summaries and entry points for ArrayBuffer and SharedArrayBuffer 2025-04-07 18:12:35 +02:00
Napalys
ff07ec8d8c Add flow summaries for TypedArray methods set and subarray 2025-04-07 18:06:40 +02:00
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00