codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Eliav2	69ba764e9d	Merge branch 'main' into 20823-globalVarRef-document-defaultView	2025-11-26 23:26:26 +02:00
Asger F	5b4e114955	JS: Add test	2025-11-25 16:04:30 +01:00
Asger F	a91969b7e1	JS: Change note	2025-11-25 15:58:11 +01:00
Asger F	e95b3590f0	JS: Fix project layout detection for Next.js apps Some parts of the code did not handle case where 'pages' was located at 'app/pages'.	2025-11-25 15:54:45 +01:00
Eliav2	6df789d114	Merge branch 'main' into 20823-globalVarRef-document-defaultView	2025-11-20 15:18:15 +02:00
eliav	91451b73ef	javascript: Update expected results for global variable references	2025-11-20 15:15:06 +02:00
Asger F	613895e0c0	Merge pull request #20424 from asgerf/js/overlay-manual-v4 JS: Add overlay annotations	2025-11-20 11:10:46 +01:00
eliav	08dfb95155	javascript: Add change note for `document.defaultView` aliasing `window` Introduced a new change note detailing that `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, enhancing the modeling of data flows involving `history` in queries.	2025-11-20 00:17:14 +02:00
Asger F	efa438a352	JS: Move identityFunctionStep back into CachedSteps module	2025-11-19 13:47:30 +01:00
Asger F	8fef60464e	JS: Remove out-commented code	2025-11-19 13:46:10 +01:00
Asger F	a0965f33e3	JS: Also discard JSON, YAML, and XML	2025-11-18 13:29:00 +01:00
github-actions[bot]	5ee45af3aa	Post-release preparation for codeql-cli-2.23.6	2025-11-18 09:53:12 +00:00
github-actions[bot]	18fa6799ce	Release preparation for version 2.23.6	2025-11-17 16:38:07 +00:00
Asger F	4b57b4418f	JS: Factor out some code	2025-11-17 10:48:15 +01:00
Asger F	a405b7b3e0	JS: Add discard predicates for locations	2025-11-17 10:47:37 +01:00
eliav	8047450668	javascript: Update property access for `document.defaultView as getAPropertyRead Changed the method for accessing `defaultView` from `getAPropertyReference` to `getAPropertyRead` to improve accuracy in data flow analysis for global variable references.	2025-11-17 01:05:58 +02:00
eliav	bd18e862eb	javascript: add change note	2025-11-17 01:02:21 +02:00
eliav	30cc91421d	javascript: Add support for `document.defaultView` in global variable references Updated the data flow analysis to include `document.defaultView` as a source node for global variable references. Added a new test file `tst4.js` and updated existing tests to verify the inclusion of `defaultView` and its properties in the expected results.	2025-11-17 00:52:06 +02:00
Asger F	c7341f295d	JS: Fix bad join in BarrierGuards.qll	2025-11-13 09:46:27 +01:00
Asger F	578355ac27	JS: Fix bad join in CallGraphs.qll	2025-11-13 09:46:25 +01:00
Asger F	46b1387846	JS: Make isAssignedInUniqueFile global, as it should be	2025-11-13 09:46:20 +01:00
Asger F	6498cd1b07	JS: Remove obsolete overlay[global] annotations	2025-11-13 09:46:18 +01:00
Asger F	0594f84dfc	JS: Improve join orders related to getABooleanValue()	2025-11-13 09:46:16 +01:00
Asger F	4645f327a5	JS: Avoid more bad joins due to locality	2025-11-13 09:46:14 +01:00
Asger F	269489e817	JS: Avoid bad join in shared predicate induced by 'forex'. Use manual recursion instead.	2025-11-13 09:46:12 +01:00
Asger F	5dd87e379b	JS: Add overlay[local] to restore magic in unwrap() predicate In this case we actually want magic to apply, but was prevented by locality.	2025-11-13 09:46:10 +01:00
Asger F	ac3913e7db	JS: Fix bad join in DuplicateProperty.ql	2025-11-13 09:46:08 +01:00
Asger F	e72232fd1d	JS: Add more overlay[caller?] annotations	2025-11-13 09:46:06 +01:00
Asger F	66febb263d	JS: Add some overlay[caller] and a pragma[nomagic] annotations	2025-11-13 09:46:05 +01:00
Taus	889209719b	JS: Overlay annotations for some failing tests Locally these seem to get rid of the compilation warnings, but of course CI is the true arbiter here.	2025-11-13 09:46:03 +01:00
Asger F	c09563f775	JS: Make more general-purpose data flow things local	2025-11-13 09:46:01 +01:00
Asger F	b1418e1d70	JS: Add overlay[local?] to new summaries after rebasing	2025-11-13 09:46:00 +01:00
Asger F	2b338fc1d9	JS: Fix getRawEnclosingStmt call	2025-11-13 09:45:58 +01:00
Asger F	23e42c89ee	JS: Overlay annotations for AST layer	2025-11-13 09:45:56 +01:00
Paolo Tranquilli	82435218dc	Javascript: fix compilation error after scripted replacement	2025-11-11 12:44:33 +01:00
Paolo Tranquilli	9d51932124	Merge branch 'main' into redsun82/update-rules_java	2025-11-11 12:43:05 +01:00
Napalys Klicius	d122534398	Merge pull request #20671 from github/napalys/adjust_query_severity Adjust query severity ratings	2025-11-11 12:37:31 +01:00
Paolo Tranquilli	ff62c65cdf	Javascript: avoid null pointer exception on boolean values	2025-11-11 12:11:49 +01:00
Paolo Tranquilli	6ef314ed03	Javascript: fix errors from upcoming `rules_java` update	2025-11-11 11:53:07 +01:00
github-actions[bot]	4014df9a6e	Post-release preparation for codeql-cli-2.23.4	2025-11-04 17:57:52 +00:00
Asger F	6790684767	Merge pull request #20752 from asgerf/actions/dont-fail-if-no-js Actions: don't fail if no JS/TS code was found	2025-11-04 12:19:54 +00:00
github-actions[bot]	64fcdd1f2f	Release preparation for version 2.23.4	2025-11-03 14:52:23 +00:00
Asger F	c583b480af	JS: Add pragma[nomagic] just to be safe The DIL is unchanged	2025-10-30 15:31:51 +01:00
Asger F	1f7671cf5e	JS: Ensure integration test contains one valid file	2025-10-30 15:31:51 +01:00
Asger F	0acfacefbf	JS: Recursively delete source archive so emptiness detection works	2025-10-30 15:31:51 +01:00
Asger F	a5819a14be	JS: Fix bad join order in getNextToken()	2025-10-30 15:31:51 +01:00
Asger F	39f74d808b	JS: Add compileForOverlayEval	2025-10-30 15:31:51 +01:00
Nora Dimitrijević	a0975e7e19	Constrain location overrides to actual sources/sinks	2025-10-28 09:42:20 +01:00
Nora Dimitrijević	bb80d83276	JS/SSRF javascript/ql/src/experimental/Security/CWE-918/SSRF.ql	2025-10-28 09:40:19 +01:00
Nora Dimitrijević	bcdbe0b50a	JS/PolynomialReDoSQuery javascript/ql/src/Performance/PolynomialReDoS.ql	2025-10-28 09:40:16 +01:00

1 2 3 4 5 ...

11925 Commits