hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,215 Commits 1,671 Branches 157 Tags
53c235dfd5fdc8c86c66a32cc9a30dc2ad796eca
Commit Graph

11051 Commits

Author SHA1 Message Date
Asger F
1324c11044 Merge pull request #19012 from asgerf/js/api-graph-array-element 
JS: Make API graphs use steps from summaries
 2025-03-18 18:03:43 +01:00
Asger F
53ba588993 JS: Use ArrayElement instead of AnyMember 
The use of AnyMember was a workaround until the bugfix in this PR landed.
 2025-03-18 09:26:02 +01:00
Asger F
1516029cf5 JS: Avoid generating ArrayElement edges for extend-like patterns 2025-03-17 13:48:27 +01:00
Asger F
125e732c4c JS: Fix bad join order 2025-03-17 13:44:33 +01:00
Napalys Klicius
749a0560b4 Merge pull request #19027 from Napalys/js/escape 
JS: Add support for `escape`
 2025-03-17 10:48:44 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Napalys Klicius
9134f79fd2 Merge pull request #18984 from Napalys/js/extractor_error_handler 
JS: Extractor handle error instead of exiting.
 2025-03-17 10:11:26 +01:00
Asger F
cd3909245d JS: Bugfix in Array constructor summary 2025-03-14 23:08:22 +01:00
Asger F
fe1bdf2468 JS: Update a test 2025-03-14 23:08:20 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Asger F
4c1c0b79a6 JS: Make API-graphs use Content internally, and use steps from flow summaries 2025-03-14 23:08:16 +01:00
Asger F
cc95c77cbc JS: Add failing test 2025-03-14 23:04:10 +01:00
Napalys
c93be70053 Rename validation methods for type expressions and added recursive call for type validation. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 14:58:27 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Napalys
4c77ee2f4f Added change note. 2025-03-14 14:27:14 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys
d40ef0ddae Changed from taint to value steps. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-14 13:48:15 +01:00
Napalys
1468e81c55 Ensure interface extends valid expr. 2025-03-14 13:41:37 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Napalys
c4b717b86c Added test case for escape. 2025-03-14 11:40:23 +01:00
Napalys
66737402c2 Updated test ouput with fixes from main. 2025-03-14 10:50:10 +01:00
Napalys Klicius
908f48a22f Merge branch 'main' into js/vue_tanstack_model 2025-03-14 10:45:42 +01:00
Asger F
9a8cb1a55b Merge pull request #19007 from asgerf/js/api-graph-awaited-return 
JS: Fix bug in API graphs getPromised() missing async function returns
 2025-03-14 10:36:16 +01:00
Napalys
0df2069575 Added change note. 2025-03-13 13:47:46 +01:00
Napalys
de5c7efd63 Added test case for unescape. 2025-03-13 13:47:42 +01:00
Asger F
08ee51cbc4 JS: Move some promise-related store steps into PromiseFlow::storeStep 
API graphs calls PromiseFlow::storeStep to propagate promises, which means it missed a store steps added elsewhere in the old promise library model.

We want API graphs to rely on type-tracking steps in general, like in Ruby, but for now just fixing the bug.
 2025-03-13 12:53:04 +01:00
Napalys
5dff23de6b Added change note. 2025-03-13 12:45:27 +01:00
Napalys
3640e5e425 Added model for tanstack-react useQueries 2025-03-13 12:45:26 +01:00
Napalys
03330ef24d Added test cases for tanstack-react useQueries. 2025-03-13 12:45:25 +01:00
Napalys
6c9aa0e872 Added modeling of tanstack-vue useQueries. 2025-03-13 12:45:23 +01:00
Napalys
4917d64ce7 Added test cases for tanstack-vue useQueries. 2025-03-13 12:45:05 +01:00
Napalys
0c0158899e Added tanstack-vue useQuery modeling 2025-03-13 12:25:07 +01:00
Napalys
7712ca368a Added useQuery tanstack-vue test case 2025-03-13 12:25:05 +01:00
Asger F
89410d07b3 JS: Add failing test 2025-03-13 11:59:23 +01:00
Napalys Klicius
40903a9643 Merge pull request #18975 from Napalys/js/tanstack_angular 
JS: Update Angular Client Request's with API graph and `Tanstack` Angular modeling
 2025-03-12 15:30:26 +01:00
Napalys
f867e0fae8 Added angular-query so when it is released it would be still modeled. 2025-03-12 14:00:44 +01:00
Napalys Klicius
bf24f7794f Update javascript/ql/lib/change-notes/2025-03-11-tanstack-angular.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-12 13:58:09 +01:00
Napalys Klicius
86bd3b8d26 Merge pull request #18986 from Napalys/js/remove_dedundant_stats 
JS: Removed auto generated stats file
 2025-03-12 12:51:26 +01:00
Napalys
8a8defd48f Removed redundant stats file genarated from check-db-upgrades-javascript 2025-03-12 11:57:27 +01:00
Napalys
09986bc26c Added change note. 2025-03-12 11:54:57 +01:00
Napalys
770920e738 Add new model configuration for @tanstack/angular-query-experimental. 2025-03-12 11:54:55 +01:00
Napalys
184d23df46 Add test cases for @tanstack/angular-query-experimental injectQuery 2025-03-12 11:54:53 +01:00
Asger F
b4016c144b Merge pull request #18973 from asgerf/js/vue-fix 
JS: Fix attributes nodes missing an enclosing callable
 2025-03-12 11:23:25 +01:00
Napalys
979a5b4587 Updated stats file with intersection, subtraction and quoted_string. 2025-03-12 09:02:53 +01:00
Asger F
356b9e68c3 JS: Change note 2025-03-11 16:51:51 +01:00
Asger F
8599ab2503 JS: Fix attributes nodes missing an enclosing callable 2025-03-11 16:47:48 +01:00
Asger F
6499e5458b JS: Restore line lost in merge 
'Accept incoming changes' in vscode somehow deleted this line.
 2025-03-11 13:19:29 +01:00
Asger F
e8c5e4d006 Merge branch 'main' into js/test-suite 2025-03-11 13:17:08 +01:00
Napalys Klicius
a4f2264f17 Merge pull request #18899 from Napalys/js/ecma-2024-regex 
JS: Add ECMAScript 2024 `v` Flag Operators for Regex Parsing
 2025-03-11 12:50:44 +01:00