hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,525 Commits 1,673 Branches 157 Tags
1cd8922ab5d39f9b9707598afdd6a7cb3a00a2d3
Commit Graph

8366 Commits

Author SHA1 Message Date
Asger F
c8af28c2ca Merge pull request #13700 from asgerf/js/path-join-spread 
JS: Recognize 'fs/promises' alias and handle spread arguments in path.join()
 2023-07-11 15:31:13 +02:00
Asger F
8234b8f175 JS: Change note 2023-07-10 13:19:44 +02:00
Asger F
27085b1fd0 JS: Fix whitespace 2023-07-10 12:07:13 +02:00
Asger F
fe90146a16 JS: Add test for path.join with spread argument 2023-07-10 12:07:07 +02:00
Asger F
06bc0f6957 JS: Add test for fs/promises 2023-07-10 12:05:03 +02:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
Asger F
965ca169e5 JS: Recognise fs/promises 2023-07-07 14:14:49 +02:00
Asger F
d49359a95c JS: Add step through spread arg to path.join() 2023-07-07 14:10:50 +02:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Erik Krogh Kristensen
b2a60bf3d1 Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
Chuan-kai Lin
6912f7ed3a Merge pull request #13638 from cklin/remove-pragma-assume-small-delta 
Remove pragma[assume_small_delta]
 2023-07-03 07:00:36 -07:00
Asger F
4c9501eba5 Merge pull request #13529 from jorgectf/seclab/webix-modeling 
JS: Add models for `webix`
 2023-07-03 12:03:18 +02:00
erik-krogh
f9eee906cf fix FP by requiring that the regular expression mention on of the chars important in the prefix 2023-07-01 20:30:09 +02:00
erik-krogh
bd400be6ec add FP for incomplete-multi-char-sanitization 2023-07-01 20:28:31 +02:00
Chuan-kai Lin
ce464a7d69 Remove pragma[assume_small_delta] 2023-06-30 11:09:29 -07:00
github-actions[bot]
668aaa2dc8 Post-release preparation for codeql-cli-2.13.5 2023-06-30 08:51:48 +00:00
Jorge
e210b0d0a7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-29 16:06:34 +02:00
github-actions[bot]
9d7987f822 Release preparation for version 2.13.5 2023-06-29 09:26:18 +00:00
jorgectf
2ac334bf15 Adapt Webix modeling to support HTML use-cases 2023-06-28 15:26:30 +02:00
Kasper Svendsen
ab5e241310 Javascript: Enable implicit this warnings for remaining packs 2023-06-27 11:56:29 +02:00
jorgectf
1e663b8889 Update HeuristicSourceCodeInjection.expected 2023-06-26 13:32:20 +02:00
jorgectf
bb67a9000e Fix WebixTemplateSink 2023-06-26 13:32:00 +02:00
Jorge
5bd044211e Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-26 13:27:23 +02:00
Rasmus Wriedt Larsen
0121263e03 Merge branch 'main' into python/enable-summaries-from-models 2023-06-26 11:34:12 +02:00
Jorge
08b9a5e2b2 Add missing ; 2023-06-23 23:10:06 +02:00
Jorge
3c980db93a Format webix.js 2023-06-23 18:08:01 +02:00
Jorge
8ff525933e Merge branch 'main' into seclab/webix-modeling 2023-06-23 18:06:26 +02:00
yoff
26856a82a6 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-23 10:15:20 +02:00
Kevin Stubbings
3605269e13 Add webix copy function 2023-06-22 22:16:28 -07:00
jorgectf
7e7e2aaac7 Remove non-existing import 2023-06-22 01:15:08 +02:00
jorgectf
868129c7e7 Add change note 2023-06-22 01:14:06 +02:00
jorgectf
6947e99c15 Add models for webix 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-06-22 01:07:33 +02:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
Adrien Pessu
e332a4348d Update javascript/ql/src/Security/CWE-798/HardcodedCredentials.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-06-21 12:55:33 +01:00
Adrien Pessu
4d1bbe36a9 Merge branch 'main' into main 2023-06-21 09:11:57 +01:00
Adrien Pessu
7dfb404fd7 clean examples 2023-06-21 08:11:39 +00:00
Adrien Pessu
e85987bfc5 remove useless phrase 2023-06-21 07:59:24 +00:00
Erik Krogh Kristensen
12b3913a4b Merge pull request #13511 from tspascoal/patch-1 
JS: Single quote was preventing the shell from expanding the BODY variable in Expression injection in Actions example
 2023-06-21 09:57:20 +02:00
Adrien Pessu
9cb12cdcbe Merge branch 'main' of https://github.com/adrienpessu/codeql 2023-06-20 17:28:28 +00:00
Adrien Pessu
2a2f6de78c fixed text not in a tag 2023-06-20 17:27:37 +00:00
Adrien Pessu
77077da20c Merge branch 'main' into main 2023-06-20 18:24:44 +01:00
Adrien Pessu
36cb60c746 Add fixed proposition for NodeJS 2023-06-20 17:22:56 +00:00
Jami
5259a6ecfc Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation 
Shared: share MaD kind validation across languages
 2023-06-20 11:56:12 -04:00
Tiago Pascoal
150854603b Single quote was preventing the shell from expanding the BODY variable 
While this prevents the attack highlighted in the query help it also prevents it from working.

Double quotes will allow the expansion of the variable while still preventing the attack
 2023-06-20 11:38:27 +01:00
github-actions[bot]
18b678e69e Post-release preparation for codeql-cli-2.13.4 2023-06-20 10:20:05 +00:00
Adrien Pessu
eb28266bcb improv example the help file 2023-06-19 17:00:52 +00:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00