7962 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	8d97fe9ed3	JavaScript: Autoformat	2023-03-10 09:41:20 +01:00
Henry Mercer	079451142e	Merge branch 'main' into codeql-ci/atm/release-0.4.9	2023-03-09 16:08:22 +00:00
github-actions[bot]	a82aaea514	JS: Bump version of ML-powered library and query packs to 0.4.10	2023-03-09 15:54:49 +00:00
github-actions[bot]	f0bb25bfce	JS: Bump patch version of ML-powered library and query packs	2023-03-09 15:46:31 +00:00
Asger F	6e744093e2	Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 ... Post-release preparation for codeql-cli-2.12.4	2023-03-09 15:38:21 +01:00
Arthur Baars	942cd7c275	Merge pull request #12113 from erik-krogh/diagnostics ... JS: Implement diagnostics	2023-03-09 12:57:06 +01:00
Arthur Baars	7ab0f88f78	JS: add link to docs to parse error diagnostic	2023-03-08 16:47:43 +01:00
Arthur Baars	e5be8ab1e5	JS: add integration test for diagnostic messages	2023-03-08 16:04:49 +01:00
github-actions[bot]	af61b45785	Post-release preparation for codeql-cli-2.12.4	2023-03-04 14:16:55 +00:00
Dave Bartolomeo	b342e93989	Move change note to appropriate pack	2023-03-03 14:43:00 -05:00
github-actions[bot]	462da63970	Release preparation for version 2.12.4	2023-03-03 14:11:51 +00:00
Erik Krogh Kristensen	d94e51aaf6	Merge pull request #12377 from erik-krogh/jHtml ... JS: add the html argument to the jQuery functions as an XSS sink	2023-03-03 13:19:38 +01:00
erik-krogh	a6c9af4182	add the html argument to the jQuery functions as an XSS sink	2023-03-03 11:09:53 +01:00
erik-krogh	94870b838f	add failing test	2023-03-03 11:08:33 +01:00
github-actions[bot]	50c90bbc5c	ATM: Update model pack dependency of ML-powered model building and query packs	2023-03-02 17:31:03 +00:00
Erik Krogh Kristensen	64dad3db8a	Merge pull request #12333 from kaspersv/kaspersv/fix-join-order ... ReflectedXss: Prevent bad join order	2023-03-01 12:48:30 +01:00
Kasper Svendsen	86925646f3	ReflectedXss: Prevent bad join order	2023-02-28 12:06:27 +01:00
Erik Krogh Kristensen	50aa5e072a	Merge pull request #12177 from erik-krogh/alias-html ... JS: More precise type-test sanitizer guards in unsafe-html-construction	2023-02-27 18:16:11 +01:00
Erik Krogh Kristensen	927c322b7b	Merge pull request #11769 from erik-krogh/moreSan ... JS: Sanitizer for `sanitizer(x) === true`	2023-02-27 15:48:34 +01:00
Alex Ford	7c85448cba	Merge pull request #12080 from alexrford/js-use-shared-cryptography ... JS: Use shared `CryptographicOperation` concept	2023-02-27 12:26:38 +00:00
erik-krogh	0e60fc5512	Merge branch 'main' into alias-html	2023-02-27 09:16:25 +01:00
Erik Krogh Kristensen	f8f926ad50	Merge pull request #12175 from erik-krogh/reg-input ... JS: add process.env and process.argv etc. as source for `js/regex-injection`	2023-02-27 09:12:02 +01:00
Erik Krogh Kristensen	4ffe20ae75	Merge pull request #12189 from erik-krogh/more-export ... JS: also consider relative exports when finding library inputs	2023-02-27 09:02:55 +01:00
Henry Mercer	eb1fe57590	Merge branch 'main' into codeql-ci/atm/release-0.4.8	2023-02-23 16:23:32 +00:00
github-actions[bot]	7e2b286f03	JS: Bump version of ML-powered library and query packs to 0.4.9	2023-02-23 16:12:23 +00:00
github-actions[bot]	e02368f6fa	JS: Bump patch version of ML-powered library and query packs	2023-02-23 16:04:39 +00:00
github-actions[bot]	8eb8daa4d4	Post-release preparation for codeql-cli-2.12.3	2023-02-16 17:23:25 +00:00
github-actions[bot]	b0315119c6	Release preparation for version 2.12.3	2023-02-16 11:49:06 +00:00
Alex Ford	9cfd0f5f46	JS: fix qldoc	2023-02-16 11:00:37 +00:00
Alex Ford	1556b1a728	Merge branch 'main' into js-use-shared-cryptography	2023-02-15 17:13:53 +00:00
Alex Ford	1958b9dcd5	JS: add missing qldoc	2023-02-15 16:59:03 +00:00
Alex Ford	43af306d60	dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()	2023-02-15 16:55:18 +00:00
Alex Ford	e8cbf7287d	JS: breaking change note for CryptographicOperation sync	2023-02-15 16:50:24 +00:00
Alex Ford	925b4a3fa8	JS: improve documentation on deprecated CryptographicOperation#getInput() predicate	2023-02-15 16:23:46 +00:00
Alex Ford	d4d0b91085	dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate	2023-02-15 16:23:46 +00:00
Alex Ford	c7aaad9ed0	JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby	2023-02-15 16:23:46 +00:00
erik-krogh	51ddb55d7b	use tainted-object to precisely model that plain object are fine, but their properties are not	2023-02-15 15:02:03 +01:00
erik-krogh	09794fa836	delete PrefixStringSanitizer	2023-02-15 14:55:02 +01:00
Rasmus Wriedt Larsen	c72dbc49fc	Merge pull request #12165 from RasmusWL/crypto-updates ... Python/Ruby/JS Crypto: Add a few algorithms + block modes	2023-02-15 14:35:40 +01:00
erik-krogh	bec8dc6775	add explicit this	2023-02-15 10:44:57 +01:00
erik-krogh	b7305fd229	also consider relative exports when finding library inputs	2023-02-14 21:08:13 +01:00
erik-krogh	de4f5017e1	add change-note	2023-02-14 18:36:07 +01:00
Alex Ford	8d90c02a67	JS: remove unused field	2023-02-14 15:24:22 +00:00
erik-krogh	393649b7ce	don't call environment variables for command-line arguments	2023-02-14 14:27:41 +01:00
erik-krogh	36478124ae	add process.env and process.argv etc. as source for js/regex-injection	2023-02-14 14:21:53 +01:00
erik-krogh	943bdeca6d	make appliesTo recursive	2023-02-14 14:16:45 +01:00
erik-krogh	9549cac3e5	add an additional barrier guard that finds "=== true" versions of previous barrier guards	2023-02-14 14:15:23 +01:00
erik-krogh	c355a26657	add failing test	2023-02-14 14:12:35 +01:00
erik-krogh	3f0fe96f85	add getBoolValue() as a utility predicate on BooleanLiteral	2023-02-14 14:12:35 +01:00
Erik Krogh Kristensen	2f8c9a5a2c	Merge pull request #12171 from erik-krogh/reg-dot ... JS: dont recognize regexps that match dot as sanitizers	2023-02-14 14:10:44 +01:00