hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,806 Commits 1,672 Branches 157 Tags
38a3476d37e61bb452c2bc0e8702aecd33ffad12
Commit Graph

5408 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
a404a8c61a use more set literals instead of big disjunctions 2022-05-24 11:09:10 +02:00
Erik Krogh Kristensen
d58fe8e193 add explicit this 2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen
d1ad08ecb5 fix misspellings in predicate names 2022-05-24 10:57:13 +02:00
Erik Krogh Kristensen
aadbc989ce fix typo in comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-23 15:07:29 +02:00
Erik Krogh Kristensen
7a3bbede1b remove support for passport in the session-fixation query 2022-05-23 12:55:11 +02:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Erik Krogh Kristensen
2550988006 change @id from js/actions/injection to js/actions/command-injection 2022-05-17 09:25:05 +02:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Erik Krogh Kristensen
23981cb323 Merge pull request #7626 from erik-krogh/CWE-377 
JS: add query for detecting insecure temporary files
 2022-05-16 15:25:17 +02:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
2ed42c327c JS: fix typos in comments 2022-05-12 16:02:19 +01:00
Erik Krogh Kristensen
4bef451156 Merge pull request #9021 from erik-krogh/actions 
JS: promote `js/actions/injection` out of experimental
 2022-05-12 14:38:38 +02:00
Erik Krogh Kristensen
fef4455ccc apply suggestion from doc review 
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
 2022-05-12 13:28:45 +02:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Erik Krogh Kristensen
53b26eba17 Merge pull request #8724 from erik-krogh/postMessage 
JS: promote the `js/missing-origin-verification` query
 2022-05-09 12:28:58 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 
Post-release preparation for codeql-cli-2.9.1
 2022-05-06 13:15:17 +01:00
github-actions[bot]
1a25457178 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:50 +00:00
Erik Krogh Kristensen
58db9226dc add missing word in qhelp 2022-05-05 14:24:45 +02:00
Erik Krogh Kristensen
2d7c7ff372 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-05-05 13:03:35 +02:00
Erik Krogh Kristensen
0c0e280637 update the qhelp to mention that the GITHUB_TOKEN only sometimes has write-access 2022-05-05 12:12:29 +02:00
Erik Krogh Kristensen
c0152a46bc rename getAReferencedExpression to getASimpleReferenceExpression and add examples of what it can parse 2022-05-05 11:02:47 +02:00
Erik Krogh Kristensen
1f00ba812a move YAMLMappingLikeNode to the standard library 2022-05-05 10:22:52 +02:00
Erik Krogh Kristensen
8425eaf919 Merge pull request #8549 from erik-krogh/unreachableJoin 
JS: fix bad join in js/unreachable-method-overloads
 2022-05-04 16:28:06 +02:00
Erik Krogh Kristensen
8e2b00d209 make the big disjunctions more readable by using a set literal 2022-05-04 16:15:17 +02:00
Erik Krogh Kristensen
31a4de902e add missing security severity 2022-05-04 16:15:17 +02:00
Erik Krogh Kristensen
d8cc82bdb1 add change-note 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
df4bfef8c7 expand the qhelp for js/actions/injection 2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen
48fb01f9f7 set js/actions/injection as a high precision warning query 2022-05-04 16:14:54 +02:00
Erik Krogh Kristensen
2a65d1d3ec move js/actions/injection out of experimental 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
bc470b89f1 leave a deprecated alias for Actions.qll 2022-05-04 16:14:19 +02:00
Erik Krogh Kristensen
9db67d4988 move the Actions API out of experimental 2022-05-04 16:14:19 +02:00
Stephan Brandauer
3f13a5e082 fix a FN for prototype polluting function query 2022-04-28 22:00:09 +02:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00
Erik Krogh Kristensen
d389012b75 Merge branch 'main' into redundantImport 2022-04-26 14:24:51 +02:00
Mathias Vorreiter Pedersen
aca4c8727f Merge pull request #8802 from github/post-release-prep/codeql-cli-2.9.0 
Post-release preparation for codeql-cli-2.9.0
 2022-04-25 22:52:55 +01:00
Erik Krogh Kristensen
0a26e891a2 include startsWith/endsWith checks in js/missing-origin-check 2022-04-25 15:28:50 +02:00
Erik Krogh Kristensen
fe3d71ebc2 fix qhelp: the window, not the origin, is sending the message 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-04-25 14:07:01 +02:00
CodeQL CI
06e5962da7 Merge pull request #8791 from asgerf/js/static-accessors 
Approved by erik-krogh
 2022-04-22 13:39:32 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Khang. Võ Vĩ
f4581ae866 fix PrototypePollutingAssignment examples 2022-04-22 11:55:45 +07:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
Asger Feldthaus
c6e66edb97 JS: Change note 2022-04-21 08:32:01 +02:00
Erik Krogh Kristensen
6799232009 fix typo in qldoc 2022-04-19 11:09:27 +02:00
Erik Krogh Kristensen
8e5a7bcd76 add change-note 2022-04-19 10:53:48 +02:00
Erik Krogh Kristensen
2e5d435bea add CWE-400, and add a reference to DoS attacks 2022-04-14 18:37:50 +02:00
Erik Krogh Kristensen
41bdd8f4da minor fixes 2022-04-13 10:11:07 +02:00
Erik Krogh Kristensen
a2d2626c9c add security severity 2022-04-12 16:34:00 +02:00