hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,757 Commits 1,697 Branches 161 Tags
3083360032b689c04cba3d73b464f2bb44ef63c2
Commit Graph

10852 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
e6884cf705 Merge pull request #18959 from erik-krogh/faster-routing 
JS: ensure the result from getPathFromFork is unique (to avoid a blowup)
 2025-03-10 21:45:14 +01:00
Asger F
73c0a93fc4 Merge pull request #18963 from asgerf/js/disable-tainted-nodes 
JS: Remove TaintedNodes.ql from default meta query suite
 2025-03-10 20:49:46 +01:00
Erik Krogh Kristensen
b945466b9f Merge pull request #18892 from asgerf/js/membership-regexp-test 
JS: Sharpen up EnumerationRegExp
 2025-03-10 16:21:54 +01:00
Asger F
4d02993efa JS: Remove TaintedNodes.ql from default meta query suite 2025-03-10 16:15:13 +01:00
Asger F
08c9f6fa1e Merge pull request #18798 from erik-krogh/ts58 
JS: upgrade TypeScript to 5.8
 2025-03-10 14:48:03 +01:00
Asger F
d84368eb54 Merge pull request #18858 from Napalys/js/react-relay 
JS: React-relay support
 2025-03-10 14:33:23 +01:00
erik-krogh
b70643b1a1 ensure the result from getPathFromFork is unique (to avoid a blowup) 2025-03-10 12:53:51 +01:00
Napalys
d077d6807a Applied changes from comments 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-10 12:24:45 +01:00
Erik Krogh Kristensen
8eb69079b7 fix typo from copy-pasted change-note 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-03-10 09:41:48 +01:00
erik-krogh
752fc64f42 bump to stable 5.8 release 2025-03-10 09:21:25 +01:00
erik-krogh
b641caa508 update TypeScript version to 5.8.1-RC 2025-03-10 09:20:29 +01:00
Napalys
c12c12c416 Added modeling for react-relay functions that retrieve data. 2025-03-06 18:30:21 +01:00
Napalys
5a1991bb69 Added test cases for react-relay functions that retrieve data 2025-03-06 18:10:27 +01:00
Napalys
0166e76cca Add change note 2025-03-06 18:10:24 +01:00
Napalys
1443f314a1 Added react-relay useFragment as threat model source. 2025-03-06 18:10:23 +01:00
Napalys
1e3b8625e6 Added a test case where useFragment from react-relay should be marked as a source but isn't 2025-03-06 18:10:21 +01:00
Anders Schack-Mulligen
c6761db2fc SSA: Replace the Guards interface in the SSA data flow integration. 2025-03-05 13:29:31 +01:00
Asger F
2e32e441b8 Update javascript/ql/src/change-notes/2025-02-28-membership-regexp-test.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-28 14:25:56 +01:00
Asger F
c8a89c4203 JS: Change note 2025-02-28 14:04:40 +01:00
Asger F
c3ad805fe8 JS: Sharpen up EnumerationRegExp 2025-02-28 13:58:11 +01:00
Asger F
d97d67359b JS: Add test case showing lack of flow through non-sanitising regexp 2025-02-28 13:58:08 +01:00
Asger F
ff36d1916f Merge pull request #18810 from asgerf/js/test-related-locations 
Test: Add support for RelatedLocation tag and use in a JS query
 2025-02-25 16:40:41 +01:00
Asger F
baa7e35589 Merge pull request #18834 from Napalys/js/tanstack 
JS: Support 'response' threat model and @tanstack/react-query
 2025-02-25 16:16:06 +01:00
Napalys
3360829a58 Updated change note with response threat model info. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 15:22:14 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Anders Schack-Mulligen
b2a595596b JS: Remove irrelevant comment. 2025-02-25 11:33:16 +01:00
Anders Schack-Mulligen
449150e6b5 JS: Accept fixed FP flow. 2025-02-25 10:42:21 +01:00
Anders Schack-Mulligen
57c4fd6f25 JS: Combine phi reads and ssa input nodes into SynthReadNode class. 2025-02-25 09:23:53 +01:00
Anders Schack-Mulligen
1af753cd0c JS: Use shared barrier guard for falsy check. 2025-02-24 13:00:06 +01:00
Anders Schack-Mulligen
09b2aeb53a SSA: Replace use-use step implementation in data-flow integration. 2025-02-24 10:58:14 +01:00
Anders Schack-Mulligen
4e515bc2f5 JS: Remove reference to isInputInto 2025-02-21 14:48:24 +01:00
Asger F
cd2c4d5e3a JS: Use post-processed inline test in MissingCsrfMiddleware 
This query flags the cookie-parsing middleware in order to consolidate huge numbers of alerts into a single alert, which is more manageable. But simply annotating the cookie-parsing middleware with 'Alert' isn't a very useful, we want to annotate which middlewares are vulnerable.
 2025-02-21 14:44:46 +01:00
Napalys
3587ba593a Add change note and added tanstack to supported framework list 2025-02-21 13:47:48 +01:00
Napalys
ab0241c1de Added missing doc strings for Tanstack queries 2025-02-21 13:32:49 +01:00
Napalys
1227a7eedc Add Tanstack framework support and enhance data flow tracking for fetch responses 2025-02-21 13:24:00 +01:00
Napalys
05690c21ed Added a test for tanstack/react-query useQuery 2025-02-21 13:24:00 +01:00
Chris Smowton
4567e02b8c Regularise extractor pack licenses to all cite the MIT license that covers the whole CodeQL repository 2025-02-20 18:55:55 +00:00
Asger F
a1b7096125 Merge pull request #18783 from asgerf/js/downward-calls 
JS: Resolve calls downward in class hierarchy
 2025-02-20 09:01:58 +01:00
Asger F
a5fde9c3df Merge pull request #18807 from asgerf/js/vue-without-tsconfig-fixup 
JS: Extract TS snippets with no tsconfig.json file
 2025-02-19 13:31:08 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00
Asger F
ad4522c781 JS: Make 'typeStrongerThan' transitive 2025-02-18 16:04:48 +01:00
Asger F
e40ee821c2 JS: Update a qldoc comment 2025-02-18 16:02:47 +01:00
Asger F
b3f7cd988b JS: Extract TS snippets with no tsconfig.json file 2025-02-18 12:43:13 +01:00
Asger F
24e7aad6ba JS: Overriden -> Overridden 2025-02-18 09:51:13 +01:00
Asger F
82a4b17218 JS: Change note 2025-02-18 09:43:08 +01:00
Asger F
e610683377 JS: Linter fix 2025-02-18 09:25:23 +01:00