hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 21:20:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,206 Commits 1,679 Branches 158 Tags
30e07817781f06efc88ddd554bde213b86fa7e5d
Commit Graph

324 Commits

Author SHA1 Message Date
Maiky
d0cf2a978c Merge branch 'main' into maikypedia/javascript-cors 2024-06-27 20:24:42 +02:00
Erik Krogh Kristensen
db768960f4 Merge pull request #15060 from am0o0/amammad-js-envinjection 
JS: Env Injection query
 2024-06-20 21:27:21 +02:00
Erik Krogh Kristensen
555d7e5958 Merge pull request #14293 from am0o0/amammad-js-CodeInjection_dynamic_import 
JS: Dynamic import as code injection sink
 2024-06-20 21:19:57 +02:00
am0o0
4e1f7a930d fix invalid js file sample in qlhelp 2024-06-14 13:47:01 +02:00
am0o0
bb03a9faba format the query file 2024-06-13 14:54:29 +02:00
am0o0
84b9d4d1ac fix qlhelp errors 2024-06-13 14:32:41 +02:00
Maiky
8ba7ac678d Update javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-06-12 19:38:13 +02:00
Maiky
4be5cf4e78 Update javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-06-12 19:38:02 +02:00
am0o0
9db334d02f update select statement, update test cases 2024-06-07 21:26:20 +02:00
am0o0
5e0a78c4c7 make predicate for env key and value nodes, use propertyRead/Write instead of API nodes to find env key and value assignments, fix a bug thanks to @erik-krogh 2024-06-07 21:15:30 +02:00
am0o0
b9e3b3310e update the remote flow based query thanks to @erik-krogh, update tests and separate the local and remote query tests 2024-06-07 06:01:49 +02:00
Am
af016f9416 Merge branch 'github:main' into amammad-js-JWT 2024-06-06 15:33:26 +03:30
am0o0
8258e377dd use PascalCase for URLConstructorLabel 2024-06-06 14:00:56 +02:00
am0o0
d27a378008 change query-id to avoid duplicate ids 2024-06-06 13:59:58 +02:00
Am
e3e59e02e5 Merge branch 'github:main' into amammad-js-CodeInjection_dynamic_import 2024-06-04 16:22:06 +04:00
maikypedia
e96c3a36ad Move Apollo to experimental 2024-05-27 12:24:48 +02:00
am0o0
1fc481ce81 v2: it is basically the first stable version :)) 2024-05-25 20:43:36 +02:00
am0o0
14daf58767 update tests, add test cases for query with local sources 2024-05-25 18:17:56 +02:00
am0o0
b397f57357 change queries id according to new naming 2024-05-25 13:53:33 +02:00
am0o0
300c82a8ff use Verification instead of validation in files name 2024-05-25 13:52:32 +02:00
am0o0
76beffb04a change dir name 2024-05-25 13:49:34 +02:00
am0o0
f1533f40b6 change query files name 2024-05-25 13:49:01 +02:00
am0o0
d2d945c66d merge all JWT pkgs into one 2024-05-25 13:47:43 +02:00
am0o0
4af4040bd6 change duplicate query IDs 2024-05-25 13:29:16 +02:00
am0o0
f905ac10c4 add jsonWebToken library file to remove duplicate predicate declrations 2024-05-25 13:28:13 +02:00
am0o0
c470c078dc move to experimental 2024-05-21 22:42:16 +02:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
erik-krogh
f2d6640003 fix ambiguous import. It could refer both to a module or a file 2024-03-12 15:15:50 +01:00
erik-krogh
c1fd7a6190 autoformat 2024-03-12 15:09:45 +01:00
maikypedia
699d8d4719 x 2024-03-07 18:15:22 +01:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
maikypedia
78e7793e01 Move to experimental 2024-01-09 01:11:58 +01:00
Maiky
191766a47b Use config.getCorsConfiguration().getOrigin()) 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-18 12:38:39 +01:00
amammad
18d0b28024 v1 2023-12-10 20:27:21 +01:00
amammad
1547cd0546 added inline tests, move to experimental dir 2023-12-05 18:59:46 +01:00
Maiky
4ef4c92e2c Move Customizations and Query 2023-11-23 21:29:09 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
Maiky
c0e6d7c049 Merge branch 'github:main' into maikypedia/javascript-cors 2023-10-11 12:20:42 +02:00
amammad
32859eb057 move to experimental 2023-10-10 22:46:44 +02:00
amammad
4198f61c16 fix a qldoc isuse 2023-10-10 22:21:43 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
amammad
3f41a42c38 remove unused classes 2023-10-08 11:08:05 +02:00
amammad
15671682c5 remove unused flowLable, update path query alert message 2023-10-08 11:06:13 +02:00
amammad
41e7b91d78 fix flowLabels 2023-10-08 11:00:07 +02:00
amammad
aff6f00450 comments improvement,separate module file, fix tests 2023-10-07 12:02:39 +02:00
amammad
5a49f6bb9b fix tests 2023-10-06 22:10:57 +02:00
amammad
eef8137166 add Dice package, add global taint steps by SharedTaintStep, use getASuccessor 2023-10-06 10:58:26 +02:00
amammad
faaddd4dfe updates for FormParsers and ReadableStream modules, add separate module for Readable Streams, BusBoy RemoteFlowSources is covering more sources now!, modularize 2023-10-05 21:46:58 +02:00