codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Asger F	4b57b4418f	JS: Factor out some code	2025-11-17 10:48:15 +01:00
Asger F	a405b7b3e0	JS: Add discard predicates for locations	2025-11-17 10:47:37 +01:00
Asger F	c7341f295d	JS: Fix bad join in BarrierGuards.qll	2025-11-13 09:46:27 +01:00
Asger F	578355ac27	JS: Fix bad join in CallGraphs.qll	2025-11-13 09:46:25 +01:00
Asger F	46b1387846	JS: Make isAssignedInUniqueFile global, as it should be	2025-11-13 09:46:20 +01:00
Asger F	6498cd1b07	JS: Remove obsolete overlay[global] annotations	2025-11-13 09:46:18 +01:00
Asger F	0594f84dfc	JS: Improve join orders related to getABooleanValue()	2025-11-13 09:46:16 +01:00
Asger F	4645f327a5	JS: Avoid more bad joins due to locality	2025-11-13 09:46:14 +01:00
Asger F	269489e817	JS: Avoid bad join in shared predicate induced by 'forex'. Use manual recursion instead.	2025-11-13 09:46:12 +01:00
Asger F	5dd87e379b	JS: Add overlay[local] to restore magic in unwrap() predicate In this case we actually want magic to apply, but was prevented by locality.	2025-11-13 09:46:10 +01:00
Asger F	ac3913e7db	JS: Fix bad join in DuplicateProperty.ql	2025-11-13 09:46:08 +01:00
Asger F	e72232fd1d	JS: Add more overlay[caller?] annotations	2025-11-13 09:46:06 +01:00
Asger F	66febb263d	JS: Add some overlay[caller] and a pragma[nomagic] annotations	2025-11-13 09:46:05 +01:00
Taus	889209719b	JS: Overlay annotations for some failing tests Locally these seem to get rid of the compilation warnings, but of course CI is the true arbiter here.	2025-11-13 09:46:03 +01:00
Asger F	c09563f775	JS: Make more general-purpose data flow things local	2025-11-13 09:46:01 +01:00
Asger F	b1418e1d70	JS: Add overlay[local?] to new summaries after rebasing	2025-11-13 09:46:00 +01:00
Asger F	2b338fc1d9	JS: Fix getRawEnclosingStmt call	2025-11-13 09:45:58 +01:00
Asger F	23e42c89ee	JS: Overlay annotations for AST layer	2025-11-13 09:45:56 +01:00
Napalys Klicius	d122534398	Merge pull request #20671 from github/napalys/adjust_query_severity Adjust query severity ratings	2025-11-11 12:37:31 +01:00
github-actions[bot]	4014df9a6e	Post-release preparation for codeql-cli-2.23.4	2025-11-04 17:57:52 +00:00
Asger F	6790684767	Merge pull request #20752 from asgerf/actions/dont-fail-if-no-js Actions: don't fail if no JS/TS code was found	2025-11-04 12:19:54 +00:00
github-actions[bot]	64fcdd1f2f	Release preparation for version 2.23.4	2025-11-03 14:52:23 +00:00
Asger F	c583b480af	JS: Add pragma[nomagic] just to be safe The DIL is unchanged	2025-10-30 15:31:51 +01:00
Asger F	1f7671cf5e	JS: Ensure integration test contains one valid file	2025-10-30 15:31:51 +01:00
Asger F	0acfacefbf	JS: Recursively delete source archive so emptiness detection works	2025-10-30 15:31:51 +01:00
Asger F	a5819a14be	JS: Fix bad join order in getNextToken()	2025-10-30 15:31:51 +01:00
Asger F	39f74d808b	JS: Add compileForOverlayEval	2025-10-30 15:31:51 +01:00
Nora Dimitrijević	a0975e7e19	Constrain location overrides to actual sources/sinks	2025-10-28 09:42:20 +01:00
Nora Dimitrijević	bb80d83276	JS/SSRF javascript/ql/src/experimental/Security/CWE-918/SSRF.ql	2025-10-28 09:40:19 +01:00
Nora Dimitrijević	bcdbe0b50a	JS/PolynomialReDoSQuery javascript/ql/src/Performance/PolynomialReDoS.ql	2025-10-28 09:40:16 +01:00
Nora Dimitrijević	94343254e3	JS/ShellCommandInjectionFromEnvironmentQuery javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql	2025-10-28 09:40:14 +01:00
Nora Dimitrijević	71cf042607	JS/IndirectCommandInjectionQuery javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql	2025-10-28 09:40:11 +01:00
Nora Dimitrijević	2a30ea923a	JS/CommandInjectionQuery javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql javascript/ql/src/Security/CWE-078/CommandInjection.ql	2025-10-28 09:40:09 +01:00
Asger F	8d49f26f3d	Merge pull request #20397 from asgerf/js/build-artifact-leak-fp JS: Fix FP in js/build-artifact-leak when keys come from an array of constants	2025-10-28 06:40:13 +01:00
Tom Hvitved	eb9df008b0	JS: Remove two invalid QHelp links	2025-10-24 08:45:12 +02:00
Napalys Klicius	9c70ae04fb	Add change note	2025-10-22 11:48:16 +00:00
Napalys Klicius	fa47174013	CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0	2025-10-22 11:32:33 +00:00
Napalys Klicius	7b6720ce2c	JS: Align DOM XSS query severity with other XSS queries	2025-10-22 11:30:34 +00:00
Asger F	d7cf5ef645	Merge pull request #20647 from asgerf/js/type-resolution-cache JS: Avoid magic and improve a join in type resolution	2025-10-20 11:50:23 +02:00
Owen Mansel-Chan	66f95bcbcd	Merge pull request #20603 from owen-mc/update-broken-algo-qhelp Many languages: Update broken algo qhelp	2025-10-17 12:30:43 +01:00
Asger F	c6577c8590	JS: Avoid magic and improve a join in type resolution	2025-10-15 11:54:28 +02:00
Napalys Klicius	45e8164f14	JS: remove quality tag from SyntaxError query	2025-10-15 09:07:11 +02:00
github-actions[bot]	6dd07790ac	Post-release preparation for codeql-cli-2.23.3	2025-10-14 11:16:33 +00:00
github-actions[bot]	33542f7d40	Release preparation for version 2.23.3	2025-10-14 09:30:24 +00:00
Owen Mansel-Chan	0bcdb91639	Improve qhelp for broken crypto algo queries Previously it focussed too much on the risk of data being decrypted, and didn't explain why using weak algorithms is a problem in other contexts.	2025-10-08 14:10:54 +01:00
Asger F	10c9b747a5	Merge pull request #20586 from asgerf/js/api-graphs-block-this JS: Restrict receiver-flow in API graphs	2025-10-08 08:41:56 +02:00
Asger F	587ad5c600	JS: Refine criteria so that explicit this-passing is not affected	2025-10-06 11:43:18 +02:00
Asger F	4d33190241	JS: Restrict this-argument passing in API graphs	2025-10-06 11:42:36 +02:00
Asger F	84c788a027	JS: Add API graph test for explicit 'this' passing	2025-10-06 11:40:40 +02:00
github-actions[bot]	a7a4e43991	Post-release preparation for codeql-cli-2.23.2	2025-09-29 15:10:19 +00:00

1 2 3 4 5 ...

11905 Commits