8165 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	ba844aa0ab	Merge branch 'main' into exportObj	2022-05-23 14:18:31 +02:00
Asger F	0929f5eb49	JS: Update test assertions to new syntax	2022-05-23 13:12:52 +02:00
Asger Feldthaus	33dac5e95f	JS: API graph support for accessors (and classes)	2022-05-23 13:12:52 +02:00
Erik Krogh Kristensen	7a3bbede1b	remove support for passport in the session-fixation query	2022-05-23 12:55:11 +02:00
Stephan Brandauer	cdceb66b07	add test for moduleSuffixes	2022-05-20 15:10:13 +02:00
Stephan Brandauer	cb4b2e983b	delete test of removed feature	2022-05-20 14:33:07 +02:00
Stephan Brandauer	813fbf27de	support for .mts and .cts file extensions	2022-05-20 13:33:52 +02:00
Alex Ford	fb53fc5373	Javascript: add missing import in ConceptsImports.qll	2022-05-19 15:51:25 +01:00
Alex Ford	d3662cf54a	Deprecate CryptographicOperation#isWeak and add a default implementation	2022-05-19 15:46:13 +01:00
Alex Ford	3d66905dc6	Share the CryptographicOperation and BlockMode concepts between dynamic langs	2022-05-19 15:46:03 +01:00
Stephan Brandauer	67697e1066	update meta information and release note for typescript 4.7 upgrade	2022-05-19 15:45:27 +02:00
Stephan Brandauer	0f3448dc24	update tests for typescript 4.7	2022-05-19 15:45:19 +02:00
Stephan Brandauer	b928ca518f	update dependency version to 4.7.1-rc	2022-05-19 10:47:08 +02:00
Erik Krogh Kristensen	215a6a72cc	Merge branch 'main' into useStringComp	2022-05-18 10:55:31 +02:00
Erik Krogh Kristensen	7245591468	Merge pull request #7763 from erik-krogh/unused-field ... QL: add unused-field query	2022-05-18 09:15:16 +02:00
Alex Ford	4bb6d1db3a	Add missing qldoc	2022-05-17 15:01:28 +01:00
Alex Ford	f92782d4e7	Ruby: fix some cases where we assume that a CryptographicOperation is using CBC when it is not	2022-05-17 14:57:11 +01:00
Erik Krogh Kristensen	86e97c32d6	fix all ql/use-string-compare	2022-05-17 14:11:05 +02:00
Erik Krogh Kristensen	bb289e29b9	sync typo fix to JS/RB	2022-05-17 12:26:31 +02:00
Mathias Vorreiter Pedersen	1280d43e36	Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 ... Post-release preparation for codeql-cli-2.9.2	2022-05-17 10:01:37 +01:00
Erik Krogh Kristensen	2550988006	change @id from js/actions/injection to js/actions/command-injection	2022-05-17 09:25:05 +02:00
Nick Rolfe	c518150b49	Merge pull request #9132 from github/nickrolfe/misspelling ... QL for QL: generalise non-US spelling query	2022-05-16 16:03:36 +01:00
Erik Krogh Kristensen	23981cb323	Merge pull request #7626 from erik-krogh/CWE-377 ... JS: add query for detecting insecure temporary files	2022-05-16 15:25:17 +02:00
Alex Ford	66736ebd9d	sync CryptoAlgorithmNames.qll (remove isWeakBlockMode predicate)	2022-05-13 21:26:01 +01:00
github-actions[bot]	b7cbd8fd75	Post-release preparation for codeql-cli-2.9.2	2022-05-12 18:21:38 +00:00
Nick Rolfe	1115227f9d	Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling	2022-05-12 16:10:27 +01:00
Nick Rolfe	2ed42c327c	JS: fix typos in comments	2022-05-12 16:02:19 +01:00
Erik Krogh Kristensen	762f7bf7fe	Merge pull request #9115 from erik-krogh/fileAndFolder ... JS: resolve main module when there is a folder with the same name as the main file	2022-05-12 14:55:28 +02:00
Joe Farebrother	59e400d2e0	Merge pull request #7723 from joefarebrother/redos ... Java: Add ReDoS queries	2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen	4bef451156	Merge pull request #9021 from erik-krogh/actions ... JS: promote `js/actions/injection` out of experimental	2022-05-12 14:38:38 +02:00
Nick Rolfe	234a36ff61	Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes ... Fix non-US spellings and the corresponding query	2022-05-12 12:29:14 +01:00
Erik Krogh Kristensen	fef4455ccc	apply suggestion from doc review ... Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>	2022-05-12 13:28:45 +02:00
github-actions[bot]	ee9980b31c	Release preparation for version 2.9.2	2022-05-12 10:17:28 +00:00
Tom Hvitved	0a7892797e	Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens ... Ruby: Introduce `With(out)Element` MaD input tokens	2022-05-12 11:49:51 +02:00
Erik Krogh Kristensen	9050f9999c	recognize functions that return object of methods as library input	2022-05-12 09:56:19 +02:00
Erik Krogh Kristensen	b1e8b3332c	resolve main module when there is a folder with the same name as the main file	2022-05-12 08:20:30 +02:00
Nick Rolfe	0af1976b74	JS: fix typos in qldoc comment	2022-05-11 17:42:43 +01:00
Tom Hvitved	5df87d526c	Sync files	2022-05-11 15:17:27 +02:00
Erik Krogh Kristensen	5e02a76dfd	add support for typed NextJS route-handlers	2022-05-11 09:45:34 +02:00
Erik Krogh Kristensen	e80ee46fe4	add model for the cash library	2022-05-09 21:01:07 +02:00
CodeQL CI	e099b94cc4	Merge pull request #9081 from asgerf/js/global-step-refactor ... Approved by erik-krogh	2022-05-09 06:30:37 -07:00
Erik Krogh Kristensen	53b26eba17	Merge pull request #8724 from erik-krogh/postMessage ... JS: promote the `js/missing-origin-verification` query	2022-05-09 12:28:58 +02:00
Erik Krogh Kristensen	fe1e47bc17	Merge pull request #8710 from bananabr/dragAndDrop ... JS: drag and drop API Xss sources	2022-05-09 12:22:28 +02:00
Erik Krogh Kristensen	611a412f2a	Merge pull request #8990 from bananabr/selection ... JS: Selection API DOM text source	2022-05-09 12:22:18 +02:00
Asger F	88b5bbe024	JS: Update test expectation	2022-05-09 11:55:07 +02:00
Mathias Vorreiter Pedersen	176e40f139	Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 ... Post-release preparation for codeql-cli-2.9.1	2022-05-06 13:15:17 +01:00
github-actions[bot]	1a25457178	Post-release preparation for codeql-cli-2.9.1	2022-05-05 19:05:50 +00:00
Erik Krogh Kristensen	58db9226dc	add missing word in qhelp	2022-05-05 14:24:45 +02:00
Erik Krogh Kristensen	2d7c7ff372	apply suggestions from doc review ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-05-05 13:03:35 +02:00
Asger F	c4d597d60f	JS: Enumerate type-tracking steps through global access paths	2022-05-05 12:59:10 +02:00