hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,268 Commits 1,671 Branches 157 Tags
5b4e11495502b750bf396c1d966da3f4fa36b9c2
Commit Graph

11918 Commits

Author SHA1 Message Date
Napalys Klicius
7b6720ce2c JS: Align DOM XSS query severity with other XSS queries 2025-10-22 11:30:34 +00:00
Asger F
d7cf5ef645 Merge pull request #20647 from asgerf/js/type-resolution-cache 
JS: Avoid magic and improve a join in type resolution
 2025-10-20 11:50:23 +02:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
Asger F
c6577c8590 JS: Avoid magic and improve a join in type resolution 2025-10-15 11:54:28 +02:00
Napalys Klicius
45e8164f14 JS: remove quality tag from SyntaxError query 2025-10-15 09:07:11 +02:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Asger F
10c9b747a5 Merge pull request #20586 from asgerf/js/api-graphs-block-this 
JS: Restrict receiver-flow in API graphs
 2025-10-08 08:41:56 +02:00
Asger F
587ad5c600 JS: Refine criteria so that explicit this-passing is not affected 2025-10-06 11:43:18 +02:00
Asger F
4d33190241 JS: Restrict this-argument passing in API graphs 2025-10-06 11:42:36 +02:00
Asger F
84c788a027 JS: Add API graph test for explicit 'this' passing 2025-10-06 11:40:40 +02:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Florin Coada
ba520c60d2 Update 2.1.0.md 2025-09-26 10:11:03 +01:00
Florin Coada
09833e2541 Update CHANGELOG for query promotion and acknowledgment 
Promote 'Permissive CORS configuration' query to default suite and acknowledge contributor.
 2025-09-26 10:09:30 +01:00
Florin Coada
2f96e32ec9 Update 2.1.0.md 2025-09-26 10:08:31 +01:00
Simon Friis Vindum
26aa938acc Merge pull request #20452 from paldepind/rust/mad-source-parameter 
Rust, shared: Support `Parameter` in source MaD models
 2025-09-24 09:37:25 +02:00
Asger F
2e8091f0fb Merge pull request #20419 from asgerf/js/express-json-send 
JS: Model Express json and jsonp methods
 2025-09-24 09:25:32 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Napalys Klicius
3a6a537986 JS: Add change note 2025-09-19 14:47:58 +02:00
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Napalys Klicius
d88bc8e408 JS: Add test case for GraphQLObjectType 2025-09-19 14:23:40 +02:00
Napalys Klicius
4f8166a661 Merge pull request #20450 from Napalys/js/graph-ql-ench 
JS: Improve graphql flow
 2025-09-17 16:32:01 +02:00
Ian Lynagh
c653d939d9 Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1 
Post-release preparation for codeql-cli-2.23.1
 2025-09-17 13:00:14 +01:00
Michael Nebel
6d330891db Merge pull request #20395 from michaelnebel/javascript/code-quality-extended 
JS: Add most `medium` precision queries to the `code-quality-extended` suite.
 2025-09-17 13:47:02 +02:00
Napalys Klicius
7affcf40c2 JS: Add variableValues to the previous summaryModel to enchance the flow. 2025-09-17 12:24:14 +02:00
Napalys Klicius
6c18b4de40 JS: Add test case for graph ql variableValues injection 2025-09-17 12:21:21 +02:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Napalys Klicius
6d461d6b50 JS: Add change note 2025-09-17 11:48:49 +02:00
Napalys Klicius
4282005e32 JS: Add summary model for graphql's rootValue 2025-09-17 11:48:44 +02:00
Napalys Klicius
a6d728a66d JS: Add test case with missing alert using graphql 2025-09-17 11:23:49 +02:00
Napalys Klicius
ca667b5131 JS: fix test expectations from rebasing 2025-09-17 10:24:45 +02:00
Napalys Klicius
4df8db0d7e Renamed AWS-V3-Common to @aws-sdk/client.Client 2025-09-17 10:21:29 +02:00
Napalys Klicius
10f3a83fcb Fixed model type names 
Co-authored-by: asgerf <asgerf@users.noreply.github.com>
 2025-09-17 10:21:23 +02:00
Napalys Klicius
9ca4773227 Added modeling for CreatePreparedStatementCommand 2025-09-17 10:21:10 +02:00
Napalys Klicius
872b6d8bee Added test case for CreatePreparedStatementCommand 2025-09-17 10:21:01 +02:00
Napalys Klicius
b89e70b5a0 Added test cases for aws sources 2025-09-17 10:20:52 +02:00
Napalys Klicius
801a34f6a1 Moved typeModel at the start of the file 2025-09-17 10:20:24 +02:00
Napalys Klicius
9beac51586 Unified aws-db modeling into singular file 2025-09-17 10:20:10 +02:00
Napalys Klicius
5b31350e83 Added tests and modeling of database-access-result 2025-09-17 10:20:01 +02:00
Napalys Klicius
93d9ae73b7 Updated change note 2025-09-17 10:19:52 +02:00
Napalys Klicius
e5f02852e1 Added modeling of rds v2 and v3 for sql injections 2025-09-17 10:19:22 +02:00
Napalys Klicius
5b5c17100c Added test cases for client-rds-data for sql injections 2025-09-17 10:19:10 +02:00
Napalys Klicius
0e6bac73a7 Added modeling of athena v2 and v3 for sql injections 2025-09-17 10:18:58 +02:00
Napalys Klicius
af97b0edc2 Added test cases for athena v2 and v3 for sql injections 2025-09-17 10:16:38 +02:00
Napalys Klicius
ee1af432fe Added modeling of client-s3 v2 and v3 2025-09-17 10:16:25 +02:00
Napalys Klicius
5e6118ef3f Added test cases for client-s v2 and v3 sql injection 2025-09-17 10:15:43 +02:00
Napalys Klicius
1149617f7b Added change note 2025-09-17 10:15:32 +02:00
Napalys Klicius
06ab918985 Added modeling for V2 of dynamoDB 2025-09-17 10:15:19 +02:00