codeql

mirror of https://github.com/github/codeql.git synced 2026-04-21 23:14:03 +02:00

Author	SHA1	Message	Date
Napalys Klicius	fa47174013	CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0	2025-10-22 11:32:33 +00:00
Owen Mansel-Chan	cf614a596d	Fix cwe tags to include leading zero	2025-04-30 16:43:03 +01:00
erik-krogh	2f1bd75ee9	remove redundant cast	2025-01-21 09:51:14 +01:00
erik-krogh	17afab7d0f	support that two `indexOf()` calls use the same string-concatenation in `getAnEquivalentIndexOfCall()`	2025-01-21 09:43:57 +01:00
erik-krogh	d5529e3a7e	ensure an `indexOf` call is equivalent with itself. (`getAUse()` is used later to find matching `indexOf` calls)	2025-01-21 09:42:30 +01:00
Asger F	d52bc971b8	Merge branch 'main' into js/shared-dataflow-merge-main	2024-11-20 14:05:03 +01:00
Napalys Klicius	5e8b1b061f	Update javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-11-05 10:29:22 +01:00
Napalys	ccee34d6d3	Added support for matchAll in CWE-020 including new test cases	2024-11-05 08:51:24 +01:00
Asger F	c408ab9e6a	Merge branch 'main' into js/shared-dataflow	2024-05-02 19:43:34 +02:00
erik-krogh	baa31e1469	delete outdated deprecations	2024-04-25 22:19:28 +02:00
Asger F	8e95a90d03	JS: Port UntrustedDataToExternalAPI	2023-10-13 13:15:04 +02:00
Kasper Svendsen	67950c8e6b	JS: Make implicit this receivers explicit	2023-05-03 15:31:00 +02:00
Anders Schack-Mulligen	8d97fe9ed3	JavaScript: Autoformat	2023-03-10 09:41:20 +01:00
Erik Krogh Kristensen	cedc9c0bff	Merge pull request #11582 from erik-krogh/heuristics JS: Add experimental variants of common security queries with more sources	2023-01-04 10:46:19 +01:00
erik-krogh	442749bb7f	JS: add heuristic variants of queries that use RemoteFlowSource	2022-12-19 12:01:22 +01:00
erik-krogh	35e8d6afd4	move getACommonTld into a utility module without parameters	2022-12-18 17:23:45 +01:00
erik-krogh	26c5480ee6	share {js,rb}/regex/missing-regexp-anchor	2022-12-18 17:23:41 +01:00
erik-krogh	355499ea52	move `getACommonTld` to the shared pack	2022-12-17 17:26:18 +01:00
erik-krogh	f67d0bc8c0	put the shared HostnameRegexp code in the shared regex pack	2022-12-17 17:26:18 +01:00
erik-krogh	6b5cd9abc3	use RegExpTreeView insteaed of RegexTreeView in JS	2022-11-22 12:55:48 +01:00
erik-krogh	e18ceba49e	port the JS regex/redos queries to use the shared pack	2022-11-15 17:14:38 +01:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
Erik Krogh Kristensen	a4262f8d91	add some more references to the overly-large-range qhelp	2022-07-13 11:20:24 +02:00
Erik Krogh Kristensen	a49d34cf0f	Merge branch 'main' into missDocParam	2022-07-13 09:58:04 +02:00
Erik Krogh Kristensen	220ff3cb2e	convert tabs to spaces in qhelp	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
Erik Krogh Kristensen	a343ceaf8b	add suspicious-regexp-range query	2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen	ed907f6f63	add CWE-940 to js/missing-origin-check	2022-05-25 14:15:48 +02:00
Erik Krogh Kristensen	d58fe8e193	add explicit this	2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen	58db9226dc	add missing word in qhelp	2022-05-05 14:24:45 +02:00
Erik Krogh Kristensen	2d7c7ff372	apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-05-05 13:03:35 +02:00
Erik Krogh Kristensen	0a26e891a2	include startsWith/endsWith checks in js/missing-origin-check	2022-04-25 15:28:50 +02:00
Erik Krogh Kristensen	fe3d71ebc2	fix qhelp: the window, not the origin, is sending the message Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-04-25 14:07:01 +02:00
Erik Krogh Kristensen	bca4d14129	rename files	2022-04-12 14:37:43 +02:00
Erik Krogh Kristensen	591fcda862	various improvements to the js/missing-origin-verification query	2022-04-12 14:20:41 +02:00
Erik Krogh Kristensen	18532bae54	move js/missing-postmessageorigin-verification out of experimental	2022-04-12 10:39:27 +02:00
Arthur Baars	15c54f6100	Merge pull request #8354 from aibaars/incomplete-url-string-sanitization Incomplete url string sanitization	2022-03-31 10:59:51 +02:00
Erik Krogh Kristensen	cf94c93b1a	Merge pull request #8481 from erik-krogh/schemeChain JS: recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check	2022-03-25 11:13:10 +01:00
Arthur Baars	bf888f0f0b	Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization Conflicts: config/identical-files.json javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll	2022-03-18 16:09:20 +01:00
Arthur Baars	4a27928728	Ruby/JS add missing ^ in qhelp	2022-03-18 14:00:10 +01:00
Erik Krogh Kristensen	235aa9c24e	recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check	2022-03-18 10:37:20 +01:00
Erik Krogh Kristensen	efba220b45	JS: fix most `ql/missing-parameter-qldoc` issues	2022-03-16 22:56:52 +01:00
Arthur Baars	ab93b3784b	Merge remote-tracking branch 'upstream/main' into incomplete-hostname	2022-03-16 12:31:12 +01:00
Arthur Baars	cf4b834536	Address comments	2022-03-11 14:25:34 +01:00
Erik Krogh Kristensen	69353bb014	patch upper-case acronyms to be PascalCase	2022-03-11 11:10:33 +01:00
Arthur Baars	747c7f6b5e	JS/Ruby: share implementation of IncompleteUrlSubstringSanitization query	2022-03-09 12:11:14 +01:00
Erik Krogh Kristensen	4734f1916e	Merge pull request #7598 from erik-krogh/fieldOnlyUsedInCharPred QL: field only used in charPred	2022-03-08 11:25:57 +01:00
Arthur Baars	98f56f4d60	Js/Ruby: Share IncompleteHostnameRegExp.ql	2022-03-07 16:10:08 +01:00
Arthur Baars	9e8930c192	Ruby: IncompleteHostnameRegExp.ql	2022-03-07 16:10:08 +01:00

1 2 3

139 Commits