hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 07:53:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,853 Commits 1,693 Branches 160 Tags
5973f3fadc8781859b25079fa7e6af6764739342
Commit Graph

283 Commits

Author SHA1 Message Date
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
GitHub Security Lab
df10a7e7f0 Merge branch 'main' into amammad-js-bombs 2024-01-25 11:23:38 +01:00
amammad
1547cd0546 added inline tests, move to experimental dir 2023-12-05 18:59:46 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad
32859eb057 move to experimental 2023-10-10 22:46:44 +02:00
amammad
4198f61c16 fix a qldoc isuse 2023-10-10 22:21:43 +02:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
amammad
aff6f00450 comments improvement,separate module file, fix tests 2023-10-07 12:02:39 +02:00
amammad
5a49f6bb9b fix tests 2023-10-06 22:10:57 +02:00
amammad
eef8137166 add Dice package, add global taint steps by SharedTaintStep, use getASuccessor 2023-10-06 10:58:26 +02:00
amammad
faaddd4dfe updates for FormParsers and ReadableStream modules, add separate module for Readable Streams, BusBoy RemoteFlowSources is covering more sources now!, modularize 2023-10-05 21:46:58 +02:00
amammad
e81a4fc330 remove CLI sources Library file and local sources for lower FPs 2023-10-01 05:44:13 +10:00
amammad
77dcd68a86 v2 2023-08-31 21:26:25 +10:00
amammad
d06444e639 upgrade additional steps 2023-08-30 05:03:19 +10:00
amammad
369bc50709 fix comments 2023-08-30 04:53:58 +10:00
Asger F
094302a27b JS: Replace sanitizing prefix edge with node 2023-07-11 14:48:13 +02:00
amammad
516fdf627a update stream pipe 2023-06-28 00:09:39 +10:00
amammad
c7a7594821 merge all ql files into one 2023-06-27 01:56:23 +10:00
amammad
8a80a734d8 fix an accident :) 2023-06-26 20:20:00 +10:00
amammad
3bd45a8536 fix query identifier 2023-06-26 03:01:19 +10:00
amammad
effb8024a4 fix yargs bug 2023-06-25 23:30:24 +10:00
amammad
c16a2827d7 fix format warnings/errors 2023-06-25 23:24:12 +10:00
amammad
307187f6c1 V1 2023-06-23 06:06:37 +10:00
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Nate Johnson
78229bb264 Moved into experimental 2023-04-18 21:59:14 -04:00
jarlob
a8a6913512 Simplify exists according to the warning 2023-04-13 23:10:16 +02:00
jarlob
72b66ffe97 Fix comment. 2023-04-07 10:01:14 +02:00
jarlob
39ff3c72a2 Remove label sanitizer because it is prone to race conditions 2023-04-03 23:28:31 +02:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
erik-krogh
66be8cda06 remove more of the implementation into ConditionalBypassQuery.qll 2022-12-19 14:37:19 +01:00
erik-krogh
442749bb7f JS: add heuristic variants of queries that use RemoteFlowSource 2022-12-19 12:01:22 +01:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
erik-krogh
2eb6b1adb3 JS: fix two typos 2022-11-23 14:38:12 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Daniel Santos
64da2cec50 removed unnecessary getACall and fixed formatting 2022-10-26 12:02:55 -05:00
Daniel Santos
f7ace6f801 Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-25 14:27:03 -05:00
Daniel Santos
5b080481aa TokenBuiltFromUuid formatting 2022-10-25 09:51:48 -05:00
Daniel Santos
375edf7455 TokenAssignmentValueSink refactor 2022-10-25 09:50:04 -05:00
Daniel Santos
a2ad924376 Minor formatting fixes 2022-10-24 09:38:17 -05:00
Daniel Santos
066ffb7520 Tokens built from predictable UUIDs 2022-10-22 11:15:43 -05:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Asger F
df44076435 JS: Remove Portal-based flow summary implementation 2022-09-22 11:28:31 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Erik Krogh Kristensen
9cb7522bc1 change RouteSetup to a DataFlow::Node 2022-09-05 15:45:31 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Erik Krogh Kristensen
a404a8c61a use more set literals instead of big disjunctions 2022-05-24 11:09:10 +02:00