codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Napalys Klicius	8fc81f4263	Merge branch 'main' into js/remote-property-injection-update	2025-09-03 14:02:19 +02:00
Asger F	1ea843f23c	Merge pull request #20323 from asgerf/js/remove-totalorder JS: Remove totalorder()	2025-09-02 22:08:33 +02:00
Michael Nebel	31852985e5	Merge pull request #20335 from michaelnebel/shared/ql4ql Shared and Sync: Fix some Ql4Ql violations.	2025-09-02 14:37:34 +02:00
Arthur Baars	0bb7fdccf6	Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 Post-release preparation for codeql-cli-2.23.0	2025-09-02 14:14:03 +02:00
Anders Schack-Mulligen	f833fe0e6e	Merge pull request #20300 from aschackmull/cfg/successortype Shared: Add a shared SuccessorType implementation	2025-09-02 14:09:35 +02:00
Michael Nebel	7490d8ddd2	Shared and Sync: Fix some Ql4Ql violations.	2025-09-02 13:54:22 +02:00
github-actions[bot]	e8a2600a0c	Post-release preparation for codeql-cli-2.23.0	2025-09-02 11:46:23 +00:00
github-actions[bot]	0bfa93828b	Release preparation for version 2.23.0	2025-09-02 11:09:32 +00:00
Asger F	19fa29d527	Merge pull request #20307 from asgerf/js/overlay-extract-and-discard-only JS: Add overlay support to extractor	2025-09-02 11:24:11 +02:00
Henry Mercer	d71991fdc0	Merge pull request #20320 from github/henrymercer/default-queries Specify default queries in `codeql-extractor.yml`	2025-09-01 15:52:47 +01:00
Anders Schack-Mulligen	144e34c669	Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs.	2025-09-01 13:43:32 +02:00
Asger F	45b8158fe5	JS: Remove totalorder() This was once as input to the shared data flow library, but has since been removed from the input signature.	2025-09-01 13:39:54 +02:00
Anders Schack-Mulligen	09b2c5abf0	BasicBlock: Replace entryBlock predicate with subclass.	2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen	f459ddc40a	Languages: Adapt to api changes.	2025-09-01 11:26:33 +02:00
Anders Schack-Mulligen	bb3abc815f	SSA: Update input to use member predicates.	2025-09-01 11:19:48 +02:00
Asger F	67a1c2ffef	Update javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-01 10:20:17 +02:00
Asger F	0d0eaa21a1	Merge pull request #20302 from asgerf/js/simpler-locations JS: Remove synthetic locations	2025-09-01 09:46:13 +02:00
Henry Mercer	55869f28c3	Specify default queries in `codeql-extractor.yml`	2025-08-29 17:34:45 +01:00
Asger F	cc8fe10801	JS: Update locations in expected files	2025-08-29 12:03:11 +02:00
Napalys Klicius	bafe22c50c	Merge pull request #20048 from Napalys/js/xml_bomb_sinks JS: Exclude patched libraries from `xml-bomb` sink	2025-08-29 08:10:55 +02:00
Asger F	d117c52d2f	JS: Use the LHS as the location for SsaExplicitDefinition	2025-08-28 11:35:15 +02:00
Asger F	4437f47a7b	Merge pull request #20297 from asgerf/js/simpler-summary-pruning JS: Change pruning to not rely on Import	2025-08-28 11:20:14 +02:00
Napalys Klicius	e0916c8750	JS: add change note	2025-08-27 10:32:45 +00:00
Napalys Klicius	32606584ea	JS: add enumeration taint flow to Remote Property Injection query	2025-08-27 10:23:03 +00:00
Napalys Klicius	c39c04cb86	JS: added new test case for remote prop injection via `Object.keys`	2025-08-27 10:20:57 +00:00
Napalys Klicius	10c10c7d30	JS: fixed typo in folder name	2025-08-27 10:17:39 +00:00
Asger F	4a687a1222	JS: Add deprecated alias The old DbLocation class was public, hence the alias	2025-08-27 11:21:18 +02:00
Asger F	dcf63fc434	JS: Remove synthetic locations	2025-08-27 11:20:24 +02:00
Asger F	be32579cab	JS: Change pruning to not rely on Import	2025-08-27 10:44:23 +02:00
Asger F	6783456213	JS: Add discard predicates	2025-08-19 09:20:00 +02:00
Asger F	ba585b8af5	JS: Add upgrade/downgrade scripts	2025-08-19 09:19:58 +02:00
Asger F	30baf0acec	JS: Add overlayChangedFiles	2025-08-19 09:19:57 +02:00
Asger F	c1df8a95cb	JS: Overlay extraction support	2025-08-19 09:19:55 +02:00
Asger F	6872f51725	JS: Add metadata to dbscheme and stats	2025-08-19 09:19:54 +02:00
github-actions[bot]	42e3d31c49	Post-release preparation for codeql-cli-2.22.4	2025-08-18 14:42:42 +00:00
github-actions[bot]	90d29994c8	Release preparation for version 2.22.4	2025-08-18 14:06:09 +00:00
Napalys Klicius	b19d1e0f57	Merge pull request #20151 from Napalys/js/command-line-libs JS: Enhance command injection detection for CLI argument parsing libraries	2025-08-18 09:32:29 +02:00
Napalys Klicius	b2346183d6	Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model JS: Exclude environment variables from `js/regex-injection` query by default	2025-08-18 09:32:15 +02:00
Tom Hvitved	874f951727	Merge pull request #20172 from hvitved/shared/concepts-final-aliases Shared: Use `final` aliases in `ConcentsShared.qll`	2025-08-11 10:14:55 +02:00
Tom Hvitved	eb3c054b0f	JS: Generate legacy flow steps for all flow summaries	2025-08-06 09:38:49 +02:00
Tom Hvitved	11dcd90435	Shared: Use `final` aliases in `ConcentsShared.qll`	2025-08-05 14:53:52 +02:00
github-actions[bot]	fb4b0aac53	Post-release preparation for codeql-cli-2.22.3	2025-08-04 17:18:08 +00:00
github-actions[bot]	fd82aeb1f8	Release preparation for version 2.22.3	2025-08-04 15:47:57 +00:00
Napalys Klicius	881ea7631e	Added change note	2025-08-01 14:34:25 +02:00
Napalys Klicius	ae4077db72	add taint flow for arg/command-line-args with custom argv option	2025-08-01 13:34:08 +02:00
Napalys Klicius	d6508f34b6	Add taint flow for Commander.js direct property access and action callbacks	2025-08-01 13:24:19 +02:00
Napalys Klicius	39170f327c	Added couple more test cases for commander js	2025-08-01 13:14:39 +02:00
Napalys Klicius	6b4e34dd39	Added a step from parse to opts for commander js	2025-08-01 13:12:43 +02:00
Napalys Klicius	e980798ede	Added step through yargs/yargs constructor and chained methods.	2025-08-01 12:01:30 +02:00
Napalys Klicius	e8eb9be3f6	Add command injection tests for CLI argument parsing libraries	2025-08-01 11:02:59 +02:00

1 2 3 4 5 ...

11739 Commits