hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,268 Commits 1,671 Branches 157 Tags
5b4e11495502b750bf396c1d966da3f4fa36b9c2
Commit Graph

11918 Commits

Author SHA1 Message Date
Napalys Klicius
ae2e8b1292 Added modeling of dynamodb v3 for sql injections 2025-09-17 10:13:24 +02:00
Napalys Klicius
0a3343a07d Added test cases for v2 and v3 sql injection of dynamodb 2025-09-17 10:11:31 +02:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Asger F
7670a2bd77 Merge pull request #20375 from asgerf/js/promise-try 
JS: Support Promise.try and Array.prototype.with
 2025-09-16 14:44:07 +02:00
Napalys Klicius
97a11de1e3 Merge pull request #20435 from Napalys/js/promisification_modeling 
JS: Promisification library modeling and enhance flow
 2025-09-16 14:07:53 +02:00
Asger F
edf79a3730 JS: Change note 2025-09-16 13:53:31 +02:00
Asger F
0b900711bf Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-16 13:48:26 +02:00
Napalys Klicius
49ccb8ce2b JS: Simplify exist clause to use Promisify::PromisifyAllCall instead of DataFlow::SourceNode 2025-09-16 13:13:15 +02:00
Asger F
429c4eac96 JS: Add support for Array.prototype.with 
Note: This was authored by Copilot
 2025-09-16 13:06:59 +02:00
Asger F
ee78b7dc96 JS: Add support for Promise.try 2025-09-16 13:06:57 +02:00
Asger F
45eff3dac8 Merge pull request #20399 from asgerf/js/default-interop2 
JS: Refactor handling of ambiguous default imports
 2025-09-16 13:02:22 +02:00
Asger F
78bfdfd931 Merge pull request #20390 from asgerf/post-update-consistency 
DataFlow: Permit local flow between post-update nodes
 2025-09-16 13:00:29 +02:00
Asger F
65102a073a Merge pull request #19770 from trailofbits/VF/async-package-improvements 
Improve data flow in the `async` package
 2025-09-16 08:55:52 +02:00
Asger F
f587273828 Merge pull request #19768 from trailofbits/VF/lodash-group-by 
Add lodash GroupBy as taint step
 2025-09-16 08:55:13 +02:00
Chris Smowton
c375f24598 Merge pull request #20423 from smowton/smowton/fix/length-comparison-off-by-one-fp 
JS: Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access
 2025-09-15 18:24:45 +01:00
Napalys Klicius
278a1efb4b JS: Add change note 2025-09-15 18:21:45 +02:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Napalys Klicius
22b61852a1 JS: Add modeling for thenify-all 2025-09-15 16:31:14 +02:00
Napalys Klicius
d6a14e63ba JS: Add test cases for promisification libraries. 2025-09-15 16:21:12 +02:00
Ian Lynagh
d0091e1b3c javascript: Fix spelling error in documentation 
Corrects the spelling of "occurrences" in the Incomplete Multi-Character
Sanitization documentation to improve clarity.
 2025-09-15 14:53:22 +01:00
Chris Smowton
db5c58180e Change note 2025-09-12 14:32:12 +01:00
Chris Smowton
f5780ae369 Amend docstring 2025-09-12 14:32:10 +01:00
Chris Smowton
4fb133a43d Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access 2025-09-12 14:32:07 +01:00
Asger F
132a8b8b53 JS: Model json and jsonp methods 2025-09-12 08:51:23 +02:00
Asger F
d729ab501b JS: Add test that calls .json or .jsonp 2025-09-12 08:51:21 +02:00
Asger F
ae4cf302f2 Remove failures from dataflow-consistency expectations 2025-09-11 14:49:58 +02:00
Asger F
7a2391f848 JS: Deprecate Portals and delete tests 
This is a super old attempt at model generation, from before MaD even existed. It's obsolete and just have to be removed.
 2025-09-11 11:05:36 +02:00
Asger F
d39263dcac Merge pull request #20317 from asgerf/js/xunit 
JS: Avoid overriding Expr predicates in xUnit.qll
 2025-09-10 13:41:21 +02:00
Asger F
dacc9e26e9 JS: Refactor 'default' import interop 2025-09-10 13:03:36 +02:00
Asger F
2a4d6830ec JS: An array of constants should be considered "filtered" 2025-09-10 11:07:32 +02:00
Asger F
602dae0592 JS: Add test showing FP 2025-09-10 10:58:34 +02:00
Asger F
36e18c2a89 JS: Enable inline expectations in BuildArtifactLeak 
The tests already have the annotations, it just seems to have been disable by accident
 2025-09-10 10:56:34 +02:00
Asger F
09edc29979 Merge pull request #20322 from asgerf/js/react-no-override 
JS: Do not override AST methods in React model
 2025-09-10 10:42:59 +02:00
Asger F
d575d3c9e4 Merge pull request #20374 from asgerf/js/typescript-5.9 
JS: Support TypeScript 5.9 and support 'import defer' syntax
 2025-09-09 20:50:04 +02:00
Michael Nebel
1c801bd856 JavaScript: Update integration test expected output. 2025-09-09 15:48:31 +02:00
Michael Nebel
58862f4ace JavaScript: Add some medium precision queries to the code-quality-extended suite. 2025-09-09 15:47:03 +02:00
Asger F
d8e943ea05 Update javascript/ql/lib/semmle/javascript/frameworks/React.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-09 08:36:25 +02:00
Asger F
0752dbea9b Merge pull request #20360 from asgerf/js/remove-angularjs-string-special-case 
JS: Remove special treatment of strings in AngularJS code
 2025-09-08 22:48:23 +02:00
Asger F
b5045b3407 Merge pull request #20363 from asgerf/js/remove-fallback-type 
JS: Remove unused getFallbackTypeAnnotation()
 2025-09-08 22:48:07 +02:00
Napalys Klicius
8c34b7eaea Merge pull request #20146 from Napalys/js/move-cors-query-from-experimental 
JS: Move cors-misconfiguration query from experimental to Security
 2025-09-08 09:32:38 +02:00
Napalys Klicius
b2feaaceea Merge branch 'main' into js/move-cors-query-from-experimental 2025-09-05 12:11:09 +02:00
Asger F
ef114c4a07 JS: Add change note 2025-09-05 12:04:53 +02:00
Asger F
a08878f419 JS: Add upgrade and downgrade scripts 2025-09-05 12:03:56 +02:00
Asger F
bab2a79055 JS: Add parsing support in JS parser 2025-09-05 11:57:34 +02:00