hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,441 Commits 1,724 Branches 164 Tags
851315fb93085b07f64be09fb874b2a57590fb59
Commit Graph

2711 Commits

Author SHA1 Message Date
Asger F
821cc0e875 JS: Address PR review comments 
- Fix misplaced semicolons in test files (was inside comment, moved before it)
- Update QLdoc comments to reference new browser source kind names
- Update docs to list browser source kinds and fix outdated 'only remote' note

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-13 14:58:04 +01:00
Asger F
4a001f960f JS: Add tests in request forgery queries 2026-03-11 13:53:25 +01:00
Asger F
c9fa7fa283 Merge pull request #21369 from asgerf/js/this-bindings 
JS: Emit variables for 'this'
 2026-03-05 13:36:38 +01:00
Owen Mansel-Chan
99a4fe4828 Update expected test output column numbers 2026-03-04 15:02:53 +00:00
Owen Mansel-Chan
ea30f02271 js: Inline expectation should have space before $ 2026-03-04 13:11:35 +00:00
Owen Mansel-Chan
0eccd902c2 js: Inline expectation should have space after $ 
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
 2026-03-04 12:45:03 +00:00
Asger F
47895b3334 JS: Update test for UniquePropertyNames test 
This query now reports the alert previously found by DuplicateProperty
 2026-02-27 13:37:29 +01:00
Asger F
71fb6bf915 JS: Mark corresponding lost result for the getter 2026-02-27 13:35:43 +01:00
Asger F
c673bd9151 JS: Document a missing alert due to limitation in structural comparison 2026-02-27 13:34:55 +01:00
Asger F
2892ab61ae JS: Make sure a file is not seen as minified 2026-01-14 11:40:01 +01:00
Asger F
84f6b6f67a JS: Accept test change due to file no longer being extracted 2026-01-14 11:40:01 +01:00
Asger F
e430aa97f3 Merge pull request #20916 from asgerf/js/next-folders2 
JS: Handle Next.js files named 'page' or 'route'
 2026-01-14 11:10:57 +01:00
Asger F
ca52fe59e8 Merge pull request #20918 from asgerf/js/response-default-content-type 
JS: Handle default 'content-type' header in Response() objects
 2026-01-13 10:34:40 +01:00
tesseractjh
2e840dcd5f Add use cache directives 2025-12-09 08:59:16 +01:00
Asger F
7c0243fc6d Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-27 13:18:11 +01:00
Asger F
cc7bf4e880 JS: Handle default 'content-type' header in Response() objects 2025-11-26 13:49:48 +01:00
Asger F
037f354abf JS: Update another expected file 2025-11-26 11:42:39 +01:00
Asger F
f0ecf1599c JS: Add test with file named 'page' 2025-11-26 11:16:12 +01:00
Asger F
e54789d1bd JS: Recognise route.ts outside api folder 2025-11-26 11:16:11 +01:00
Asger F
f52f5b63e6 JS: Add test with route.ts outside 'api' 2025-11-26 11:16:09 +01:00
Asger F
5b4e114955 JS: Add test 2025-11-25 16:04:30 +01:00
Asger F
8d49f26f3d Merge pull request #20397 from asgerf/js/build-artifact-leak-fp 
JS: Fix FP in js/build-artifact-leak when keys come from an array of constants
 2025-10-28 06:40:13 +01:00
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Napalys Klicius
d88bc8e408 JS: Add test case for GraphQLObjectType 2025-09-19 14:23:40 +02:00
Napalys Klicius
4f8166a661 Merge pull request #20450 from Napalys/js/graph-ql-ench 
JS: Improve graphql flow
 2025-09-17 16:32:01 +02:00
Napalys Klicius
7affcf40c2 JS: Add variableValues to the previous summaryModel to enchance the flow. 2025-09-17 12:24:14 +02:00
Napalys Klicius
6c18b4de40 JS: Add test case for graph ql variableValues injection 2025-09-17 12:21:21 +02:00
Napalys Klicius
4282005e32 JS: Add summary model for graphql's rootValue 2025-09-17 11:48:44 +02:00
Napalys Klicius
a6d728a66d JS: Add test case with missing alert using graphql 2025-09-17 11:23:49 +02:00
Napalys Klicius
ca667b5131 JS: fix test expectations from rebasing 2025-09-17 10:24:45 +02:00
Napalys Klicius
9ca4773227 Added modeling for CreatePreparedStatementCommand 2025-09-17 10:21:10 +02:00
Napalys Klicius
872b6d8bee Added test case for CreatePreparedStatementCommand 2025-09-17 10:21:01 +02:00
Napalys Klicius
b89e70b5a0 Added test cases for aws sources 2025-09-17 10:20:52 +02:00
Napalys Klicius
5b31350e83 Added tests and modeling of database-access-result 2025-09-17 10:20:01 +02:00
Napalys Klicius
e5f02852e1 Added modeling of rds v2 and v3 for sql injections 2025-09-17 10:19:22 +02:00
Napalys Klicius
5b5c17100c Added test cases for client-rds-data for sql injections 2025-09-17 10:19:10 +02:00
Napalys Klicius
0e6bac73a7 Added modeling of athena v2 and v3 for sql injections 2025-09-17 10:18:58 +02:00
Napalys Klicius
af97b0edc2 Added test cases for athena v2 and v3 for sql injections 2025-09-17 10:16:38 +02:00
Napalys Klicius
ee1af432fe Added modeling of client-s3 v2 and v3 2025-09-17 10:16:25 +02:00
Napalys Klicius
5e6118ef3f Added test cases for client-s v2 and v3 sql injection 2025-09-17 10:15:43 +02:00
Napalys Klicius
06ab918985 Added modeling for V2 of dynamoDB 2025-09-17 10:15:19 +02:00
Napalys Klicius
ae2e8b1292 Added modeling of dynamodb v3 for sql injections 2025-09-17 10:13:24 +02:00
Napalys Klicius
0a3343a07d Added test cases for v2 and v3 sql injection of dynamodb 2025-09-17 10:11:31 +02:00
Napalys Klicius
97a11de1e3 Merge pull request #20435 from Napalys/js/promisification_modeling 
JS: Promisification library modeling and enhance flow
 2025-09-16 14:07:53 +02:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00