hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,891 Commits 1,703 Branches 162 Tags
8a00a45b32679ddced400ab256706c79c1169e38
Commit Graph

1359 Commits

Author SHA1 Message Date
Asger F
75a95ffcd1 Merge pull request #15602 from asgerf/js/block-logical-and-flow 
JS: Fix flow through &&
 2024-02-14 12:29:40 +01:00
Asger F
2172c4863f Merge pull request #15380 from asgerf/js/endpoint-naming 
JS: Add library for naming endpoints
 2024-02-14 10:48:13 +01:00
Asger F
7122a7502a JS: Fix flow through && 
This is a long-standing bug we've been unable to fix due to noise from type inference.
 2024-02-13 14:43:03 +01:00
Asger F
543e183d99 JS: Describe 1-step aliasing rule 2024-02-13 09:29:15 +01:00
Asger F
baa3c35d6f JS: Refactor aliasing relation 2024-02-13 09:24:00 +01:00
Asger F
8d3a19aaad JS: Fix termination criteria 
Previously it was theoretically possible to create a cycle of preferred predecessors, since badness had higher precedence than depth. We now require the preferred predecessor to have lower depth.

With this criteria we can remove the arbitray cap on badness.
 2024-02-12 11:44:52 +01:00
Asger F
0fbe530d9e JS: Fix some broken comments 2024-02-12 11:39:40 +01:00
Asger F
6d01ba67f7 JS: Check isPrivateLike in isExported instead 2024-02-12 11:39:29 +01:00
Asger F
8a2485a22f JS: Address some comments 2024-02-01 20:54:27 +01:00
Asger F
aa5cccdddd JS: Make sinkHasPrimaryName public 2024-01-31 20:39:25 +01:00
James Ockers
eb5e0123d6 exclude certification from maybeCertificate() regexes 2024-01-30 13:16:18 -08:00
Asger F
19ba9fed99 Handle externs 2024-01-30 17:13:02 +01:00
Asger F
1737ba1a6b JS: Add library for naming endpoints 2024-01-30 16:36:51 +01:00
Asger F
8930ce74af JS: Do not view packages as nested in a private package 2024-01-30 13:20:57 +01:00
Asger F
2d8d11fa78 JS: Restrict type-only exports in API graphs 2024-01-30 13:20:57 +01:00
Asger F
0e0fb0e52d JS: Remove API graph edge causing ambiguity 2024-01-30 13:20:56 +01:00
Asger F
e441dd472b JS: Expose hasBothNamedAndDefaultExports() 2024-01-30 13:20:55 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Asger F
96f8a02a72 JS: Treat private-field methods as private 2024-01-15 13:00:39 +01:00
Asger F
59c9ac735a Merge pull request #15295 from asgerf/js/type-model-export 
JS: Include sink nodes as base-case when resolving types
 2024-01-11 20:47:32 +01:00
Erik Krogh Kristensen
d782bd9b1f Merge pull request #13624 from jorgectf/seclab/dotjs 
JS: Add `dot.js` support
 2024-01-11 14:57:19 +01:00
Asger F
82cee61999 JS: Include sink nodes as base-case when resolving types 2024-01-11 13:41:21 +01:00
Erik Krogh Kristensen
3000b4b9b3 rename PropsTaintStep to PropsFlowStep 
Co-authored-by: Asger F <asgerf@github.com>
 2024-01-10 09:45:29 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Jorge
f8cfd698fa Merge branch 'main' into seclab/dotjs 2023-12-19 10:44:52 +01:00
Remco Vermeulen
133a243298 Add support for XML attributes in the data flow graph 2023-12-14 11:33:53 -08:00
Tom Hvitved
a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Tom Hvitved
28373e0fdf JS: Adapt to changes in shared code 2023-12-10 11:25:43 +01:00
erik-krogh
e8f9e366d5 remove redundant imports for JS 2023-12-08 16:56:54 +01:00
Jorge
8abd1d9855 Merge branch 'main' into seclab/dotjs 2023-11-30 19:42:18 +01:00
erik-krogh
abb8d65483 Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad
999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
c858e4974d fix Sqlite and BetterSqlite3 issues according to Review 2023-11-06 14:57:40 +01:00
Arthur Baars
5cc94e1105 Express.js: add req.path as remote input source 2023-10-31 12:44:26 +01:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00
Max Schaefer
abef8483bd Merge pull request #14600 from github/max-schaefer/express-rate-limit 
JavaScript: Add support for importing `express-rate-limit` using a named import.
 2023-10-26 15:15:22 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
aff848b038 Update javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-10-26 13:06:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
amammad
e3dbdc3887 add custom query builder and active record querybuilder support 2023-10-22 21:39:59 +02:00
flyboss
ee813c1e61 Update UnsafeHtmlConstructionQuery.qll 
add a deprecated alias in case anyone depends on the misspelled name.
 2023-10-20 17:57:23 +08:00
flyboss
86336565eb fix typo 2023-10-19 02:34:31 +00:00
Arthur Baars
0e3369f93f Merge pull request #14484 from aibaars/ts53-js 
JS: Support import attributes
 2023-10-16 10:47:49 +02:00
Arthur Baars
a9a21aa313 Rename DynamicImportExpr::getImport{Attributes => Options} 2023-10-12 13:00:39 +02:00
Arthur Baars
c28004f2a6 Rename 'getImportAssertion()' to 'getImportAttributes()' in QL library 2023-10-12 13:00:39 +02:00