codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
erik-krogh	bf22f4a870	update expected output	2024-02-22 13:21:11 +01:00
Asger F	75a95ffcd1	Merge pull request #15602 from asgerf/js/block-logical-and-flow JS: Fix flow through &&	2024-02-14 12:29:40 +01:00
Asger F	f5c437694c	Update UselessConditional.expected	2024-02-13 18:31:24 +01:00
erik-krogh	94b7bda3dc	exclude tagged template literals from `js/superfluous-trailing-arguments`	2024-02-06 09:36:30 +01:00
Sid Shankar	b1d7a635f5	Renames diagnostic query files and tests This commit renames the files relating to the diagnostic query that produces information on the number of files extracted. The files have been renamed from "SuccessfullExtractedFiles." to "ExtractedFiles.". All related tests and test files have been renamed too. The `@tags` and `@id` attributes of the queries have been left untouched, consistent with the `@tags` and `@id` for similar queries in other languages.	2024-01-29 20:19:20 +00:00
erik-krogh	396da117bb	remove an FP in overly-large-range for [@-Z]	2024-01-25 14:15:06 +01:00
Sid Shankar	2d71294f61	Merge pull request #15256 from sidshank/change/adjust-extracted-files-diagnostics Js/Py/Rb: Report any extracted file as successfully extracted	2024-01-17 11:04:06 -05:00
erik-krogh	1a8a70dc1b	mark the range [0-?] as good in the overly-large-range query	2024-01-17 13:11:57 +01:00
Sid Shankar	59098be8c4	Merge branch 'main' into change/adjust-extracted-files-diagnostics	2024-01-16 21:51:41 -05:00
Sid Shankar	e30a0d1e83	JS: Report any extracted file as successfully extracted	2024-01-08 22:19:33 +00:00
erik-krogh	a9f2b3fad6	promote `PropsTaintStep` to a `PreCallGraphStep`	2024-01-04 10:45:22 +01:00
Rafael	1a05c2e704	Added Django test	2023-11-29 08:26:49 +01:00
Max Schaefer	dfffa1e237	Apply suggestions from code review Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2023-11-21 10:07:11 +00:00
Max Schaefer	d147faba4e	Update qhelp for js/path-injection.	2023-11-20 11:58:00 +00:00
Rasmus Wriedt Larsen	43d9d2ceb7	Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.	2023-11-08 14:29:24 +01:00
erik-krogh	688afddaf2	Re-order expected test output of all JS tests	2023-10-31 16:38:22 +01:00
Max Schaefer	104700f6d3	Address review comment.	2023-10-27 10:19:28 +01:00
Max Schaefer	741735cc83	Port changes to JavaScript.	2023-10-26 14:47:24 +01:00
Max Schaefer	2c7291336d	Move test files into right directory.	2023-10-26 12:16:52 +01:00
Max Schaefer	bb146a1758	JavaScript: Add support for `rateLimit` export from `express-rate-limit` package.	2023-10-26 12:14:57 +01:00
Max Schaefer	e722e3288f	Merge pull request #13771 from github/max-schaefer/server-side-url-redirect-help JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.	2023-09-13 13:20:48 +01:00
Max Schaefer	a9e81672f0	Make suggestion to replace example.com more explicit.	2023-09-12 16:54:05 +01:00
Max Schaefer	a02f373e79	Use better sanitiser.	2023-09-06 14:06:16 +01:00
Max Schaefer	87364137df	Use more sensible validator in example.	2023-08-21 15:14:01 +01:00
erik-krogh	0bce42410a	support arbitrary codepoints in NfaUtils.qll	2023-08-08 22:14:51 +02:00
erik-krogh	92db7b047c	escape unicode chars in the output for the ReDoS queries	2023-08-08 00:15:54 +02:00
Max Schaefer	7823ff968c	JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.	2023-07-19 13:23:25 +01:00
Asger F	d57276ca35	Merge pull request #13719 from asgerf/js/barrier-inout JS: Replace barrier edges with barrier nodes	2023-07-13 16:36:52 +02:00
Asger F	944a2ca825	JS: Replace ClearTextLogging::isSanitizerEdge with a node	2023-07-11 14:20:17 +02:00
Asger F	27085b1fd0	JS: Fix whitespace	2023-07-10 12:07:13 +02:00
Asger F	fe90146a16	JS: Add test for path.join with spread argument	2023-07-10 12:07:07 +02:00
Asger F	06bc0f6957	JS: Add test for fs/promises	2023-07-10 12:05:03 +02:00
Erik Krogh Kristensen	b2a60bf3d1	Merge pull request #13642 from erik-krogh/san-script JS/RB: Fix FP in incomplete-multi-character-sanitization	2023-07-06 15:38:39 +02:00
erik-krogh	f9eee906cf	fix FP by requiring that the regular expression mention on of the chars important in the prefix	2023-07-01 20:30:09 +02:00
erik-krogh	bd400be6ec	add FP for incomplete-multi-char-sanitization	2023-07-01 20:28:31 +02:00
jorgectf	2ac334bf15	Adapt `Webix` modeling to support HTML use-cases	2023-06-28 15:26:30 +02:00
jorgectf	1e663b8889	Update `HeuristicSourceCodeInjection.expected`	2023-06-26 13:32:20 +02:00
Jorge	08b9a5e2b2	Add missing `;`	2023-06-23 23:10:06 +02:00
Jorge	3c980db93a	Format `webix.js`	2023-06-23 18:08:01 +02:00
Kevin Stubbings	3605269e13	Add webix copy function	2023-06-22 22:16:28 -07:00
jorgectf	6947e99c15	Add models for `webix` Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>	2023-06-22 01:07:33 +02:00
erik-krogh	3fd9f26b52	use consistent indentation in mongoose.js	2023-06-12 16:40:42 +02:00
erik-krogh	cd6f738f72	add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection	2023-06-12 16:38:11 +02:00
Asger F	76a8e9827e	Merge pull request #13283 from asgerf/js/restrict-regex-search-function JS: Be more conservative about flagging "search" call arguments as regex	2023-06-08 10:50:51 +02:00
Erik Krogh Kristensen	b78cd48954	Merge pull request #13329 from erik-krogh/sqlhelp JS: improve the sql-injection help page	2023-06-06 08:44:44 +02:00
erik-krogh	b343dcaadd	put string/object in the alert-message for sql-injection	2023-05-31 08:06:04 +02:00
Asger F	c637b6f59a	JS: Update test for RegExpAlwaysMatches	2023-05-26 14:10:26 +02:00
Asger F	9df9ca2916	JS: Update test and expectations for MissingRegExpAnchor	2023-05-26 14:07:34 +02:00
Asger F	40daa9c906	JS: Update RegExpInjection test and expectations	2023-05-26 14:05:36 +02:00
erik-krogh	f7419c9250	add expected output	2023-05-23 09:56:06 +02:00

1 2 3 4 5 ...

2080 Commits