codeql

mirror of https://github.com/github/codeql.git synced 2026-01-26 04:43:00 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	0c6f28014c	Merge pull request #9821 from erik-krogh/jsQlFix JS: fix some QL-for-QL warnings in JS	2022-08-09 22:06:29 +02:00
Asger F	855d4c2ea1	Merge pull request #9718 from asgerf/js/case-sensitive-middleware JS: Add 'case sensitive middleware' query	2022-07-14 10:47:58 +02:00
Erik Krogh Kristensen	43a82004b2	Merge pull request #9798 from erik-krogh/backtrackers JS: use small steps in TypeBackTracker correctly	2022-07-14 10:28:07 +02:00
Erik Krogh Kristensen	ed80089d7c	fix some QL-for-QL warnings in JS	2022-07-14 09:45:44 +02:00
Asger F	18c5a8c8da	Merge branch 'main' into js/case-sensitive-middleware	2022-07-14 09:38:35 +02:00
Asger F	da8123072d	Apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-07-14 09:38:10 +02:00
Erik Krogh Kristensen	fd10947ca0	use small steps in TypeBackTracker correctly	2022-07-13 10:29:57 +02:00
Erik Krogh Kristensen	a49d34cf0f	Merge branch 'main' into missDocParam	2022-07-13 09:58:04 +02:00
Asger F	c1a2e2abe0	JS: Rename to `isLikelyCaseSensitiveRegExp`	2022-06-28 10:21:33 +02:00
Asger F	fd28397056	JS: Fix typo	2022-06-28 10:10:23 +02:00
Asger F	9cf48fc804	JS: Clarify that strings are case insensitive by default	2022-06-28 10:09:56 +02:00
Asger F	b1251f0c63	JS: invertCase -> toOtherCase	2022-06-28 10:07:57 +02:00
Asger F	17d139c87d	JS: Add qhelp	2022-06-27 16:14:30 +02:00
Asger F	d92430b0e7	JS: Fix FP from char class	2022-06-27 09:08:37 +02:00
Asger F	9e4116618a	JS: Add CaseSensitiveMiddlewarePath query	2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen	6cfd790cda	Merge pull request #9356 from erik-krogh/getRouting JS: rewrite js/sensitive-get-query to use routing trees	2022-05-31 11:08:54 +02:00
Erik Krogh Kristensen	adb40f9360	Merge pull request #9289 from erik-krogh/es2022 JS: Support the remaining of the finished ES2022 proposals	2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen	63e637503d	rewrite js/sensitive-get-query to use routing trees	2022-05-30 11:55:09 +02:00
Asger F	cc42f2f824	Merge pull request #8606 from asgerf/js/api-graph-api JS/Python/Ruby: Document how API graphs should be interpreted	2022-05-30 10:49:14 +02:00
Erik Krogh Kristensen	ed907f6f63	add CWE-940 to js/missing-origin-check	2022-05-25 14:15:48 +02:00
Erik Krogh Kristensen	82c6c22d50	make a model for hasOwnProperty calls and similar	2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen	2a97dd9f6f	add support for Object.hasOwn(obj, key)	2022-05-24 13:59:25 +02:00
Asger F	631527fe49	JS: Rename Node.{getASource -> asSource, getASink -> asSink}	2022-05-24 11:57:30 +02:00
Asger Feldthaus	19a5db9f89	JS: Rename getARhs -> getASink	2022-05-24 11:57:30 +02:00
Erik Krogh Kristensen	d58fe8e193	add explicit this	2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen	d1ad08ecb5	fix misspellings in predicate names	2022-05-24 10:57:13 +02:00
Erik Krogh Kristensen	aadbc989ce	fix typo in comment Co-authored-by: Asger F <asgerf@github.com>	2022-05-23 15:07:29 +02:00
Erik Krogh Kristensen	7a3bbede1b	remove support for passport in the session-fixation query	2022-05-23 12:55:11 +02:00
Erik Krogh Kristensen	2550988006	change @id from js/actions/injection to js/actions/command-injection	2022-05-17 09:25:05 +02:00
Nick Rolfe	c518150b49	Merge pull request #9132 from github/nickrolfe/misspelling QL for QL: generalise non-US spelling query	2022-05-16 16:03:36 +01:00
Erik Krogh Kristensen	23981cb323	Merge pull request #7626 from erik-krogh/CWE-377 JS: add query for detecting insecure temporary files	2022-05-16 15:25:17 +02:00
Nick Rolfe	1115227f9d	Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling	2022-05-12 16:10:27 +01:00
Nick Rolfe	2ed42c327c	JS: fix typos in comments	2022-05-12 16:02:19 +01:00
Erik Krogh Kristensen	4bef451156	Merge pull request #9021 from erik-krogh/actions JS: promote `js/actions/injection` out of experimental	2022-05-12 14:38:38 +02:00
Erik Krogh Kristensen	fef4455ccc	apply suggestion from doc review Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>	2022-05-12 13:28:45 +02:00
Erik Krogh Kristensen	53b26eba17	Merge pull request #8724 from erik-krogh/postMessage JS: promote the `js/missing-origin-verification` query	2022-05-09 12:28:58 +02:00
Erik Krogh Kristensen	58db9226dc	add missing word in qhelp	2022-05-05 14:24:45 +02:00
Erik Krogh Kristensen	2d7c7ff372	apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-05-05 13:03:35 +02:00
Erik Krogh Kristensen	0c0e280637	update the qhelp to mention that the GITHUB_TOKEN only sometimes has write-access	2022-05-05 12:12:29 +02:00
Erik Krogh Kristensen	c0152a46bc	rename getAReferencedExpression to getASimpleReferenceExpression and add examples of what it can parse	2022-05-05 11:02:47 +02:00
Erik Krogh Kristensen	8e2b00d209	make the big disjunctions more readable by using a set literal	2022-05-04 16:15:17 +02:00
Erik Krogh Kristensen	31a4de902e	add missing security severity	2022-05-04 16:15:17 +02:00
Erik Krogh Kristensen	df4bfef8c7	expand the qhelp for js/actions/injection	2022-05-04 16:14:59 +02:00
Erik Krogh Kristensen	48fb01f9f7	set js/actions/injection as a high precision warning query	2022-05-04 16:14:54 +02:00
Erik Krogh Kristensen	2a65d1d3ec	move js/actions/injection out of experimental	2022-05-04 16:14:19 +02:00
Stephan Brandauer	3f13a5e082	fix a FN for prototype polluting function query	2022-04-28 22:00:09 +02:00
Erik Krogh Kristensen	0a26e891a2	include startsWith/endsWith checks in js/missing-origin-check	2022-04-25 15:28:50 +02:00
Erik Krogh Kristensen	fe3d71ebc2	fix qhelp: the window, not the origin, is sending the message Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-04-25 14:07:01 +02:00
Erik Krogh Kristensen	ff73dbc35c	delete redundant imports	2022-04-22 12:55:28 +02:00
Khang. Võ Vĩ	f4581ae866	fix PrototypePollutingAssignment examples	2022-04-22 11:55:45 +07:00

1 2 3 4 5 ...

796 Commits