codeql

mirror of https://github.com/github/codeql.git synced 2026-02-07 10:41:06 +01:00

Author	SHA1	Message	Date
Arthur Baars	33b97f3e0c	Update synchronized files	2022-02-02 13:30:45 +01:00
Stephan Brandauer	b7690e5e6b	Merge pull request #7734 from kaeluka/js-add-node-prefix-to-module-import js: add support for the 'node:' prefix for importing internal modules	2022-01-26 10:15:08 +01:00
Erik Krogh Kristensen	cc527bdecd	Merge pull request #7721 from erik-krogh/CWE-1275 JS: add a js/samesite-none-cookie cookie	2022-01-25 13:28:08 +01:00
Erik Krogh Kristensen	caaee5e4e5	make a utility predicate for extracting sameSite values	2022-01-25 12:32:04 +01:00
Stephan Brandauer	9825136e58	add support for the 'node:' prefix for importing internal modules	2022-01-25 10:55:34 +01:00
Stephan Brandauer	35cc5ff0e2	Merge pull request #7715 from kaeluka/recognize-fs-extra-path-args JS: add a predicate to recognize path arguments in calls to the fs-extra lib	2022-01-25 09:36:59 +01:00
CodeQL CI	8d1e22bc38	Merge pull request #7632 from erik-krogh/CWE-862 Approved by esbena, felicitymay	2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen	d4bac887cf	add a js/samesite-none-cookie cookie	2022-01-24 21:39:41 +01:00
Stephan Brandauer	02db472209	consistent notation	2022-01-24 10:58:06 +01:00
Stephan Brandauer	8be58fe01e	Fix comment to avoid summarizing implementation Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2022-01-24 10:47:28 +01:00
Stephan Brandauer	b277731312	add a predicate to recognize path arguments in calls to the fs-extra lib	2022-01-24 09:40:22 +01:00
Erik Krogh Kristensen	a235f8f023	remove redundant inline type casts	2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen	f500bccbe4	add explicit this to member call	2022-01-21 11:46:33 +01:00
CodeQL CI	b02f1c87a1	Merge pull request #7679 from erik-krogh/ql-doc-style Approved by esbena	2022-01-20 23:43:44 -08:00
CodeQL CI	2287b6e549	Merge pull request #7675 from erik-krogh/move-url-sink-to-customizations Approved by esbena	2022-01-20 23:43:15 -08:00
Erik Krogh Kristensen	15c1ce722a	Merge pull request #7678 from erik-krogh/use-set JS: use more set literals	2022-01-20 21:03:48 +01:00
Erik Krogh Kristensen	3155114e36	use more set literals	2022-01-20 16:06:34 +01:00
Erik Krogh Kristensen	5780161b2c	fix most issues found by ql/class-doc-style in JS	2022-01-20 15:10:16 +01:00
Erik Krogh Kristensen	7167e856fe	move electron sink to the customizations file	2022-01-20 14:07:23 +01:00
Erik Krogh Kristensen	4e8e3a7420	simplify expressions that could be type-casts	2022-01-20 10:41:35 +01:00
Erik Krogh Kristensen	ef2eacebce	add a js/empty-password-in-configuration-file query	2022-01-19 10:48:45 +01:00
Ian Lynagh	22dc24629f	Fix a couple of typos: clases / clasess	2022-01-14 14:28:29 +00:00
Stephan Brandauer	40ad88ba53	Merge pull request #7474 from kaeluka/db-reads-as-taint-sources JS: DB reads as taint sources	2022-01-13 12:06:48 +01:00
Erik Krogh Kristensen	89bab6ae12	Merge pull request #7097 from erik-krogh/railsReDoS JS/PY/RB: support a limited number of ranges for ReDoS analysis	2022-01-13 11:04:36 +01:00
Stephan Brandauer	93507a2d71	combine two implementations for database-accesses as remote flow sources	2022-01-13 10:53:58 +01:00
Stephan Brandauer	63aaf24063	base implementation of Sequelize model on models-as-data	2022-01-13 09:41:25 +01:00
Stephan Brandauer	09a28c428c	base implementation of Spanner model on models-as-data	2022-01-12 17:07:16 +01:00
Stephan Brandauer	132e0bf4b7	add database accesses as additional (heuristic) remote flow sources	2022-01-11 11:38:41 +01:00
Erik Krogh Kristensen	f7a63d5ea0	remove duplicated line	2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen	1a8b6d7414	recognize ranges without upper bounds	2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen	acaf294bee	support a limited number of regexp ranges	2022-01-07 18:36:30 +01:00
Asger F	c9fcdb8261	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-01-06 11:51:27 +01:00
Asger Feldthaus	a7698b8727	JS: Fix double space	2022-01-05 14:35:02 +01:00
Asger Feldthaus	486beda2fa	JS: Factor out common regexp in AccessPathToken	2022-01-05 14:35:02 +01:00
Asger Feldthaus	21928bee6c	JS: Rename padded -> inversePad	2022-01-05 14:35:01 +01:00
Asger Feldthaus	1989d51942	JS: Update documentation in Impl.qll	2022-01-05 14:35:01 +01:00
Asger Feldthaus	3ced5c9269	JS: Resolve first N tokens instead of constructing each prefix	2022-01-05 14:35:01 +01:00
Asger Feldthaus	772681d249	JS: Initial support for models as data	2022-01-05 14:34:52 +01:00
Erik Krogh Kristensen	b9964799f3	Merge pull request #7458 from erik-krogh/modelling QL: add "modelling/modeling" to `ql/non-us-spelling`	2022-01-04 13:33:54 +01:00
Alex Ford	3da98ecb73	Bump a date	2021-12-22 16:38:16 +00:00
Alex Ford	a2104de8a0	Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll	2021-12-22 16:38:15 +00:00
Alex Ford	f16d77615d	Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll	2021-12-22 16:38:15 +00:00
Alex Ford	d3af687767	Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames Strong encryption algorithms: ARIA, IDEA, SEED, SM4 Strong block modes: CBC, CFB, CTR, OFB	2021-12-22 16:38:15 +00:00
Alex Ford	bdb2d8ba16	Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version	2021-12-22 16:38:15 +00:00
Erik Krogh Kristensen	8019b52838	run the non-us patch with "modelled/modeled"	2021-12-20 17:47:15 +01:00
Erik Krogh Kristensen	d17879e1f9	run the non-us patch	2021-12-20 16:24:41 +01:00
Nick Rolfe	28912c508f	Fix non-US spelling of 'behavior'	2021-12-17 15:29:31 +00:00
CodeQL CI	de4b655ddb	Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation Approved by erik-krogh	2021-12-17 14:07:57 +00:00
CodeQL CI	39ec7132af	Merge pull request #7049 from asgerf/js/routing-trees Approved by erik-krogh	2021-12-17 12:26:38 +00:00
Asger Feldthaus	89775428b4	JS: Autoformat	2021-12-17 10:32:02 +01:00

1 2 3 4 5 ...

299 Commits