hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-09 07:31:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
55,898 Commits 1,754 Branches 167 Tags
369bc507096c999be8112718c89cc4614c01635f
Commit Graph

221 Commits

Author SHA1 Message Date
amammad
369bc50709 fix comments 2023-08-30 04:53:58 +10:00
amammad
516fdf627a update stream pipe 2023-06-28 00:09:39 +10:00
amammad
c7a7594821 merge all ql files into one 2023-06-27 01:56:23 +10:00
amammad
8a80a734d8 fix an accident :) 2023-06-26 20:20:00 +10:00
amammad
3bd45a8536 fix query identifier 2023-06-26 03:01:19 +10:00
amammad
effb8024a4 fix yargs bug 2023-06-25 23:30:24 +10:00
amammad
c16a2827d7 fix format warnings/errors 2023-06-25 23:24:12 +10:00
amammad
307187f6c1 V1 2023-06-23 06:06:37 +10:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
Nate Johnson
78229bb264 Moved into experimental 2023-04-18 21:59:14 -04:00
jarlob
a8a6913512 Simplify exists according to the warning 2023-04-13 23:10:16 +02:00
jarlob
72b66ffe97 Fix comment. 2023-04-07 10:01:14 +02:00
jarlob
39ff3c72a2 Remove label sanitizer because it is prone to race conditions 2023-04-03 23:28:31 +02:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
erik-krogh
2eb6b1adb3 JS: fix two typos 2022-11-23 14:38:12 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Daniel Santos
64da2cec50 removed unnecessary getACall and fixed formatting 2022-10-26 12:02:55 -05:00
Daniel Santos
f7ace6f801 Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-25 14:27:03 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00
Daniel Santos
066ffb7520 Tokens built from predictable UUIDs 2022-10-22 11:15:43 -05:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
a404a8c61a use more set literals instead of big disjunctions 2022-05-24 11:09:10 +02:00
Erik Krogh Kristensen
4bef451156 Merge pull request #9021 from erik-krogh/actions 
JS: promote `js/actions/injection` out of experimental
 2022-05-12 14:38:38 +02:00
Erik Krogh Kristensen
53b26eba17 Merge pull request #8724 from erik-krogh/postMessage 
JS: promote the `js/missing-origin-verification` query
 2022-05-09 12:28:58 +02:00
Erik Krogh Kristensen
1f00ba812a move YAMLMappingLikeNode to the standard library 2022-05-05 10:22:52 +02:00
Erik Krogh Kristensen
2a65d1d3ec move js/actions/injection out of experimental 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
9db67d4988 move the Actions API out of experimental 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
8fb54c3f32 move js/resource-exhaustion out of experimental 2022-04-12 15:51:36 +02:00
Erik Krogh Kristensen
18532bae54 move js/missing-postmessageorigin-verification out of experimental 2022-04-12 10:39:27 +02:00
Erik Krogh Kristensen
a1c5724be7 fix most ql-for-ql warnings in JS 2022-02-11 17:57:37 +01:00
Erik Krogh Kristensen
de633940fe promote the js/jwt-missing-verification query out of exeprimental 2022-01-26 09:35:54 +01:00
CodeQL CI
b02f1c87a1 Merge pull request #7679 from erik-krogh/ql-doc-style 
Approved by esbena
 2022-01-20 23:43:44 -08:00
Erik Krogh Kristensen
5780161b2c fix most issues found by ql/class-doc-style in JS 2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
Erik Krogh Kristensen
f0c5a80d1a apply the explicit this patch to new code 2021-11-13 21:03:54 +01:00
CodeQL CI
2895428d5b Merge pull request #6714 from valeria-meli/javascript/ssrf 
Approved by asgerf
 2021-11-04 03:10:27 -07:00
luciaromeroML
e50938588e formatting qll file 2021-11-03 10:30:35 -03:00
Erik Krogh Kristensen
7a96b8e9e1 Merge branch 'main' into ldap 2021-11-02 12:47:28 +01:00
CodeQL CI
d5e2026a26 Merge pull request #6934 from erik-krogh/more-instanceof 
Approved by MathiasVP, esbena, yoff
 2021-11-02 03:46:23 -07:00
Erik Krogh Kristensen
6858acc6a9 port experimental cookie models to non-experimental 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
26a24a3895 prepare move to non-experimental 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
44db920f10 refactor, cleanup, and improvements in experimental cookie queries 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
dbd1148bd6 apply range pattern patch to javascript 2021-10-25 19:38:00 +02:00
Erik Krogh Kristensen
bcf4626fd0 remove ldap examples from experimental folder 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
2b286a856c naively move ldap into the SQL injection query 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
94e2676c0f naive conversion of ldapjs model to API node 2021-10-01 09:00:10 +02:00