hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

8165 Commits

Author SHA1 Message Date
erik-krogh
ccae0933c7 try to parse JS files without using the supported extensions 2022-09-19 12:20:20 +02:00
erik-krogh
a16233aa7d add failing parse test 2022-09-19 12:16:45 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Asger F
ab296d4d62 Merge pull request #10396 from asgerf/js/regexp-always-matches-fp 
JS: Fix FP in js/regexp/always-matches
 2022-09-19 09:32:00 +02:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Philip Ginsbach
d1df2aa457 remove upper-case variable names 2022-09-15 18:08:50 +01:00
erik-krogh
e7aef17d30 don't report every non-ascii range in js/overly-large-range 2022-09-13 20:43:52 +02:00
Henry Mercer
bc2de7ed4b Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.3 2022-09-13 15:15:56 +01:00
github-actions[bot]
b40def71b9 JS: Bump version of ML-powered library and query packs to 0.3.4 2022-09-13 14:11:16 +00:00
github-actions[bot]
e08e22ac32 JS: Bump patch version of ML-powered library and query packs 2022-09-13 14:06:57 +00:00
Erik Krogh Kristensen
46751e515c Merge pull request #10388 from erik-krogh/exportNew 
JS: recognize returning an instance of a class as exporting that class
 2022-09-13 13:45:16 +02:00
Asger F
d3d47a261c JS: Accept test output again 2022-09-13 11:56:51 +02:00
Erik Krogh Kristensen
2739b9cfd8 Merge pull request #10390 from erik-krogh/unmentionedGuard 
QL: add unmentioned guard class query
 2022-09-13 11:04:13 +02:00
Erik Krogh Kristensen
86417cec34 Merge pull request #10381 from erik-krogh/protoList 
JS: recognize a list of bad strings as a sanitizer for `js/prototype-polluting-assignment`
 2022-09-13 11:00:29 +02:00
Asger F
87ab16a7af JS: Update test expectations 2022-09-13 10:59:12 +02:00
Asger F
eca2632a3e JS: Add change note 2022-09-13 10:17:34 +02:00
Asger F
f411798101 JS: Fix typo in alert message 2022-09-13 10:13:34 +02:00
Asger F
b4e6fb781a JS: Consider empty regexp to be obviously empty 2022-09-13 10:13:03 +02:00
Erik Krogh Kristensen
dd5da79e46 recognize setters and getters of a class as exported 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-13 10:04:02 +02:00
erik-krogh
dd5db2e6d7 add to isSanitizerGuard 2022-09-13 07:27:51 +02:00
erik-krogh
3eb7675292 rename to DenyListInclusionGuard 2022-09-13 07:27:31 +02:00
erik-krogh
a567c132c1 fix all ql/unmentioned-guard 2022-09-12 22:42:46 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
erik-krogh
87fb01d55b apply another suggestion from doc review 2022-09-12 15:36:02 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
erik-krogh
98243118b2 recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment 2022-09-12 13:41:07 +02:00
erik-krogh
afcb767f8d Merge branch 'main' into js-followMsg 2022-09-12 13:21:16 +02:00
erik-krogh
6ec03d4738 apply suggestions from doc review 2022-09-12 13:16:39 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
Erik Krogh Kristensen
3384521fb6 Merge pull request #10357 from erik-krogh/typos 
make a shared library of the typo database
 2022-09-12 11:24:03 +02:00
Erik Krogh Kristensen
cb95e8f263 Merge pull request #10351 from erik-krogh/moreMains 
JS: find a main module in more cases
 2022-09-12 11:01:17 +02:00
erik-krogh
5010f89683 move resolveMainPath into a separate helper predicate 2022-09-09 14:26:07 +02:00
erik-krogh
6a2fa2e37d add -dev to the codeql/typos version 2022-09-09 12:33:43 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9893650f7c Merge pull request #8604 from erik-krogh/httpNode 
JS: refactor most library models away from AST nodes
 2022-09-09 10:04:17 +02:00
erik-krogh
1ec77136ec depend on an explicit version of the typo database 2022-09-09 08:37:38 +02:00
erik-krogh
aee72357b8 find a main module in more cases 2022-09-08 20:21:31 +02:00
erik-krogh
88f295fbb1 make a shared library of the typo database 2022-09-08 15:49:43 +02:00
erik-krogh
a21a4275f3 add taint-step in js/insecure-randomness for selecting a random element 2022-09-08 15:00:00 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
erik-krogh
a35fe1ffab Merge branch 'main' into js-followMsg 2022-09-08 13:09:15 +02:00
Erik Krogh Kristensen
57bf92a70c Merge pull request #10347 from erik-krogh/mermaid 
JS: add a markdown step through the `mermaid` library
 2022-09-08 12:41:58 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Erik Krogh Kristensen
9534f31eac Merge pull request #10343 from erik-krogh/spreadFunction 
JS: recognize calls to `Function` when spread arguments are used
 2022-09-08 09:25:10 +02:00
erik-krogh
0407198dd2 add a markdown step through the mermaid library 2022-09-08 09:23:45 +02:00
Asger F
ada72b865f Merge pull request #10332 from asgerf/js/type-confusion-bugfix 
JS: bugfixes in TypeThroughThroughParameterTampering
 2022-09-08 09:02:16 +02:00
erik-krogh
6447234428 recognize calls to Function where spread arguments are used 2022-09-07 22:55:51 +02:00
erik-krogh
e829387cdb add failing test for call the Function with a spread argument 2022-09-07 22:54:21 +02:00
Asger F
6806bc1da4 JS: Expand test case 2022-09-07 14:18:01 +02:00
Asger F
6b2ebcce3a Merge pull request #10276 from asgerf/mad-typedef-entry-points 
Add TypeModel hook for adding MaD type-defs from CodeQL
 2022-09-07 14:14:48 +02:00