hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,346 Commits 1,697 Branches 161 Tags
54bfde9b7af86accf055d64d4bc485d0aedbb531
Commit Graph

2178 Commits

Author SHA1 Message Date
Asger F
ea0a80a06a JS: Un-deprecate Actions.qll for now as we have some internal queries that use it. 2025-06-23 16:38:04 +02:00
Asger F
0d3bb89195 JS: Deprecate Actions.qll 2025-06-23 14:36:15 +02:00
Asger F
93c891a987 Merge pull request #19822 from Fdawgs/patch-1 
JS: Update Fastify tld
 2025-06-23 12:49:42 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
c1b2fd86b2 Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-06-20 14:29:51 +02:00
Frazer Smith
094b67f88c JS: Update Fastify tld 2025-06-19 16:22:46 +01:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
0d5f5104d1 Updated UriEncodingSanitizer comment 2025-06-16 13:08:16 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
eca69e1654 JS: remove serialize-javascript from JsonParsers.qll as it is not a parser 2025-06-16 12:59:36 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Asger F
e848aa747b JS: Clarifying comment on commonStep 2025-06-11 10:24:21 +02:00
Asger F
2aa5fa17f7 JS: Add comment and examples in FlowImpl doc 2025-06-11 10:21:24 +02:00
Asger F
72cc439125 JS: Normalize a few more extensions 2025-06-10 17:36:56 +02:00
Asger F
18f9133715 JS: Rename and clarify comment for trackFunctionType 2025-06-10 16:14:46 +02:00
Asger F
a6488cbad9 Update javascript/ql/lib/semmle/javascript/internal/NameResolution.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-06-10 16:06:42 +02:00
Asger F
57fad7e6c9 JS: Add SatisfiesExpr 2025-06-04 22:17:40 +02:00
Asger F
853ba49212 Update javascript/ql/lib/semmle/javascript/internal/TypeResolution.qll 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-06-04 10:17:25 +02:00
Asger F
9ea4410592 Merge pull request #19587 from asgerf/js/angular2-client-side 
JS: Mark AngularJS $location as client-side remote flow source
 2025-06-03 13:40:01 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Asger F
076e4a49d5 JS: Mark AngularJS $location as client-side remote flow source 2025-05-27 09:47:43 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Asger F
9bcc62002d JS: Fix regression from global declare vars 2025-05-20 13:20:35 +02:00
Asger F
b8dc1b3125 JS: Remove redundant casts 2025-05-20 13:20:27 +02:00
Asger F
fbafd6fff1 JS: Update to avoid deprecations after import resolution change 2025-05-20 13:20:26 +02:00
Asger F
e07a03619d JS: Mark type-annotated nodes as SourceNode 2025-05-20 13:20:24 +02:00
Asger F
167f752301 JS: Also propagate through promise types 2025-05-20 13:20:21 +02:00
Asger F
500291dd54 JS: Hide shadowed inherited members 2025-05-20 13:20:20 +02:00
Asger F
307715a5cd JS: Use type resolution for CG augmentation 2025-05-20 13:20:17 +02:00
Asger F
989402d7b7 JS: Remove some dependencies on type extraction 2025-05-20 13:20:14 +02:00
Asger F
4e44fdaa7b JS: Use hasUnderlyingStringOrAnyType in Nest model 2025-05-20 13:20:12 +02:00
Asger F
6fdd7feed4 JS: Use sanitizing primitive type in Nest model 2025-05-20 13:20:10 +02:00
Asger F
2d21074598 JS: Use sanitizing primitive types in ViewComponentInput 2025-05-20 13:20:09 +02:00
Asger F
9fd85c9688 JS: Update jQuery model 2025-05-20 13:20:07 +02:00
Asger F
cca48c09b9 JS: Use in TypeAnnotation.getClass and hasUnderlyingType predicates 2025-05-20 13:20:06 +02:00
Asger F
b923eac9be JS: Use underlying types in DataFlow::Node 2025-05-20 13:20:04 +02:00
Asger F
fc580a5f78 JS: Add TypeResolution.qll 2025-05-20 13:20:03 +02:00
Asger F
d61f576324 JS: Add UnderlyingTypes.qll 2025-05-20 13:20:01 +02:00
Asger F
1533e134a5 JS: Add NameResolution.qll 2025-05-20 13:20:00 +02:00
Asger F
4bfb0483a8 JS: Resolve JSDocLocalTypeAccess to a variable in scope 2025-05-20 13:19:57 +02:00
Asger F
9566265356 JS: Add helper for getting local type names 2025-05-20 13:19:56 +02:00
Asger F
4cd6f45572 JS: Avoid accidental recursion with API graphs 2025-05-20 13:19:54 +02:00
Asger F
b5a4fc0041 JS: Make Closure concepts based on AST instead 2025-05-20 13:19:52 +02:00
Asger F
9fc0b8c9cc JS: Add ImportSpecifier.getImportDeclaration() 2025-05-20 13:19:50 +02:00
Asger F
1e8a49f311 JS: More efficient nested package naming 2025-05-19 12:53:18 +02:00
Napalys Klicius
f6a8909bfe Merge pull request #19356 from Napalys/js/merge_classes 
JS: Merge `ES6Class` to `FunctionStyleClass`
 2025-05-16 10:31:33 +02:00
Asger F
169ae19015 Merge pull request #19391 from asgerf/js/typescript-path-resolution 
JS: Overhaul import resolution
 2025-05-13 15:46:38 +02:00