hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 00:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
62,873 Commits 1,731 Branches 164 Tags
543e183d997d737fa98cba41d0970e55dbbebe20
Commit Graph

1644 Commits

Author SHA1 Message Date
Asger F
543e183d99 JS: Describe 1-step aliasing rule 2024-02-13 09:29:15 +01:00
Asger F
baa3c35d6f JS: Refactor aliasing relation 2024-02-13 09:24:00 +01:00
Asger F
8d3a19aaad JS: Fix termination criteria 
Previously it was theoretically possible to create a cycle of preferred predecessors, since badness had higher precedence than depth. We now require the preferred predecessor to have lower depth.

With this criteria we can remove the arbitray cap on badness.
 2024-02-12 11:44:52 +01:00
Asger F
0fbe530d9e JS: Fix some broken comments 2024-02-12 11:39:40 +01:00
Asger F
6d01ba67f7 JS: Check isPrivateLike in isExported instead 2024-02-12 11:39:29 +01:00
Asger F
8a2485a22f JS: Address some comments 2024-02-01 20:54:27 +01:00
Asger F
aa5cccdddd JS: Make sinkHasPrimaryName public 2024-01-31 20:39:25 +01:00
Asger F
19ba9fed99 Handle externs 2024-01-30 17:13:02 +01:00
Asger F
1737ba1a6b JS: Add library for naming endpoints 2024-01-30 16:36:51 +01:00
Asger F
8930ce74af JS: Do not view packages as nested in a private package 2024-01-30 13:20:57 +01:00
Asger F
2d8d11fa78 JS: Restrict type-only exports in API graphs 2024-01-30 13:20:57 +01:00
Asger F
0e0fb0e52d JS: Remove API graph edge causing ambiguity 2024-01-30 13:20:56 +01:00
Asger F
e441dd472b JS: Expose hasBothNamedAndDefaultExports() 2024-01-30 13:20:55 +01:00
Asger F
96f8a02a72 JS: Treat private-field methods as private 2024-01-15 13:00:39 +01:00
Asger F
59c9ac735a Merge pull request #15295 from asgerf/js/type-model-export 
JS: Include sink nodes as base-case when resolving types
 2024-01-11 20:47:32 +01:00
Erik Krogh Kristensen
d782bd9b1f Merge pull request #13624 from jorgectf/seclab/dotjs 
JS: Add `dot.js` support
 2024-01-11 14:57:19 +01:00
Asger F
82cee61999 JS: Include sink nodes as base-case when resolving types 2024-01-11 13:41:21 +01:00
Erik Krogh Kristensen
3000b4b9b3 rename PropsTaintStep to PropsFlowStep 
Co-authored-by: Asger F <asgerf@github.com>
 2024-01-10 09:45:29 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
Jorge
f8cfd698fa Merge branch 'main' into seclab/dotjs 2023-12-19 10:44:52 +01:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Remco Vermeulen
133a243298 Add support for XML attributes in the data flow graph 2023-12-14 11:33:53 -08:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Tom Hvitved
28373e0fdf JS: Adapt to changes in shared code 2023-12-10 11:25:43 +01:00
erik-krogh
e8f9e366d5 remove redundant imports for JS 2023-12-08 16:56:54 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Jorge
8abd1d9855 Merge branch 'main' into seclab/dotjs 2023-11-30 19:42:18 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
erik-krogh
43c76468c9 add change-note 2023-11-23 21:17:33 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad
999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
erik-krogh
dde9a7cd7e Merge branch 'main' into ts53-ts 2023-11-20 20:31:00 +01:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
c858e4974d fix Sqlite and BetterSqlite3 issues according to Review 2023-11-06 14:57:40 +01:00
Arthur Baars
01e7d57dba Add changenote 2023-11-06 13:38:33 +01:00
Arthur Baars
5cc94e1105 Express.js: add req.path as remote input source 2023-10-31 12:44:26 +01:00
Chris Smowton
79e1aa0498 Merge pull request #14634 from github/post-release-prep/codeql-cli-2.15.2 
Post-release preparation for codeql-cli-2.15.2
 2023-10-31 10:24:53 +00:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00