11726 Commits

Author	SHA1	Message	Date
github-actions[bot]	0bfa93828b	Release preparation for version 2.23.0	2025-09-02 11:09:32 +00:00
Asger F	19fa29d527	Merge pull request #20307 from asgerf/js/overlay-extract-and-discard-only ... JS: Add overlay support to extractor	2025-09-02 11:24:11 +02:00
Henry Mercer	d71991fdc0	Merge pull request #20320 from github/henrymercer/default-queries ... Specify default queries in `codeql-extractor.yml`	2025-09-01 15:52:47 +01:00
Anders Schack-Mulligen	09b2c5abf0	BasicBlock: Replace entryBlock predicate with subclass.	2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen	f459ddc40a	Languages: Adapt to api changes.	2025-09-01 11:26:33 +02:00
Anders Schack-Mulligen	bb3abc815f	SSA: Update input to use member predicates.	2025-09-01 11:19:48 +02:00
Asger F	67a1c2ffef	Update javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-01 10:20:17 +02:00
Asger F	0d0eaa21a1	Merge pull request #20302 from asgerf/js/simpler-locations ... JS: Remove synthetic locations	2025-09-01 09:46:13 +02:00
Henry Mercer	55869f28c3	Specify default queries in codeql-extractor.yml	2025-08-29 17:34:45 +01:00
Asger F	cc8fe10801	JS: Update locations in expected files	2025-08-29 12:03:11 +02:00
Napalys Klicius	bafe22c50c	Merge pull request #20048 from Napalys/js/xml_bomb_sinks ... JS: Exclude patched libraries from `xml-bomb` sink	2025-08-29 08:10:55 +02:00
Asger F	d117c52d2f	JS: Use the LHS as the location for SsaExplicitDefinition	2025-08-28 11:35:15 +02:00
Asger F	4437f47a7b	Merge pull request #20297 from asgerf/js/simpler-summary-pruning ... JS: Change pruning to not rely on Import	2025-08-28 11:20:14 +02:00
Asger F	4a687a1222	JS: Add deprecated alias ... The old DbLocation class was public, hence the alias	2025-08-27 11:21:18 +02:00
Asger F	dcf63fc434	JS: Remove synthetic locations	2025-08-27 11:20:24 +02:00
Asger F	be32579cab	JS: Change pruning to not rely on Import	2025-08-27 10:44:23 +02:00
Asger F	6783456213	JS: Add discard predicates	2025-08-19 09:20:00 +02:00
Asger F	ba585b8af5	JS: Add upgrade/downgrade scripts	2025-08-19 09:19:58 +02:00
Asger F	30baf0acec	JS: Add overlayChangedFiles	2025-08-19 09:19:57 +02:00
Asger F	c1df8a95cb	JS: Overlay extraction support	2025-08-19 09:19:55 +02:00
Asger F	6872f51725	JS: Add metadata to dbscheme and stats	2025-08-19 09:19:54 +02:00
github-actions[bot]	42e3d31c49	Post-release preparation for codeql-cli-2.22.4	2025-08-18 14:42:42 +00:00
github-actions[bot]	90d29994c8	Release preparation for version 2.22.4	2025-08-18 14:06:09 +00:00
Napalys Klicius	b19d1e0f57	Merge pull request #20151 from Napalys/js/command-line-libs ... JS: Enhance command injection detection for CLI argument parsing libraries	2025-08-18 09:32:29 +02:00
Napalys Klicius	b2346183d6	Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model ... JS: Exclude environment variables from `js/regex-injection` query by default	2025-08-18 09:32:15 +02:00
Tom Hvitved	874f951727	Merge pull request #20172 from hvitved/shared/concepts-final-aliases ... Shared: Use `final` aliases in `ConcentsShared.qll`	2025-08-11 10:14:55 +02:00
Tom Hvitved	eb3c054b0f	JS: Generate legacy flow steps for all flow summaries	2025-08-06 09:38:49 +02:00
Tom Hvitved	11dcd90435	Shared: Use final aliases in ConcentsShared.qll	2025-08-05 14:53:52 +02:00
github-actions[bot]	fb4b0aac53	Post-release preparation for codeql-cli-2.22.3	2025-08-04 17:18:08 +00:00
github-actions[bot]	fd82aeb1f8	Release preparation for version 2.22.3	2025-08-04 15:47:57 +00:00
Napalys Klicius	881ea7631e	Added change note	2025-08-01 14:34:25 +02:00
Napalys Klicius	ae4077db72	add taint flow for arg/command-line-args with custom argv option	2025-08-01 13:34:08 +02:00
Napalys Klicius	d6508f34b6	Add taint flow for Commander.js direct property access and action callbacks	2025-08-01 13:24:19 +02:00
Napalys Klicius	39170f327c	Added couple more test cases for commander js	2025-08-01 13:14:39 +02:00
Napalys Klicius	6b4e34dd39	Added a step from parse to opts for commander js	2025-08-01 13:12:43 +02:00
Napalys Klicius	e980798ede	Added step through yargs/yargs constructor and chained methods.	2025-08-01 12:01:30 +02:00
Napalys Klicius	e8eb9be3f6	Add command injection tests for CLI argument parsing libraries	2025-08-01 11:02:59 +02:00
Napalys Klicius	3f9061abdb	Added change note	2025-07-31 13:20:38 +02:00
Napalys Klicius	d28a6e6352	Added new test cases for regexp injection with enviromental variable threat model enabled	2025-07-31 13:20:37 +02:00
Napalys Klicius	8583257574	Created new folder for test with threat models disabled	2025-07-31 13:20:30 +02:00
Napalys Klicius	5f538209c9	Exlucde environmental variables from default detection in regexp injection	2025-07-31 12:09:30 +02:00
Anders Schack-Mulligen	3b8234ecec	SSA: Update data flow integration and BarrierGuard interface to use GuardValue.	2025-07-28 11:29:12 +02:00
Geoffrey White	4f6b698ca3	Merge branch 'main' into moresensitive2	2025-07-23 08:50:25 +01:00
github-actions[bot]	37cc78255a	Post-release preparation for codeql-cli-2.22.2	2025-07-22 14:22:20 +00:00
github-actions[bot]	997547b8ef	Release preparation for version 2.22.2	2025-07-22 14:04:14 +00:00
Nick Rolfe	825c813095	Revert "Release preparation for version 2.22.2"	2025-07-22 14:33:45 +01:00
github-actions[bot]	c8632b70b7	Release preparation for version 2.22.2	2025-07-21 16:45:45 +00:00
Nick Rolfe	ad9b637bec	Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" ... This reverts commit e5b4a15e35, reversing changes made to 33e63109bb.	2025-07-21 15:18:59 +01:00
Michael Nebel	2f29459cda	Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck ... Ql4ql: Quality query tagging.	2025-07-17 14:53:14 +02:00
Jeroen Ketema	acc66c7b58	Merge pull request #19984 from jketema/jketema/sec-shared ... Make a proper shared library out of the concept related libraries	2025-07-17 13:25:33 +02:00