Erik Krogh Kristensen
9ed7aa9fae
exclude variables in .vue files form js/unused-local-variable
2022-07-11 12:52:23 +02:00
Erik Krogh Kristensen
7dd095c0d2
Merge pull request #9756 from erik-krogh/greyMatter
...
JS: add model for the gray-matter library to js/code-injection
2022-07-01 12:19:12 +02:00
Erik Krogh Kristensen
ef0ec396c4
Merge pull request #9754 from erik-krogh/chownr
...
JS: add model for chownr
2022-06-30 22:02:45 +02:00
Erik Krogh Kristensen
eaec1ac561
add change-note
2022-06-30 15:11:49 +02:00
Erik Krogh Kristensen
11be15aab1
inline field into the charpred
2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
f71a64b99d
recognize when the js engine in gray-matter is set to something safe
2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
22d285f777
add model for the gray-matter libary to js/code-injection
2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
7cef4322e7
add model for chownr
2022-06-29 22:09:23 +02:00
Andrew Eisenberg
fbeecd6c08
Merge pull request #9744 from github/aeisenberg/move-contextual-queries
2022-06-29 11:44:33 -07:00
Andrew Eisenberg
7864a7580e
Fix import statements
2022-06-29 10:22:45 -07:00
Andrew Eisenberg
ddf06f8617
Add change notes and qldoc for moved files
2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66
Move contextual queries from src to lib
...
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
2022-06-29 07:51:26 -07:00
Erik Krogh Kristensen
0e4954a68c
add navigation.navigate as an XSS / URL sink
2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen
b81251865f
Merge pull request #9716 from erik-krogh/htmlTypeSan
...
JS: sanitize non-strings from html-constructed-from-input
2022-06-28 17:31:00 +02:00
Erik Krogh Kristensen
112caa3f5d
rewrite qldoc based on review
2022-06-28 13:23:44 +02:00
Asger F
cc57cb8af5
Merge branch 'main' into post-release-prep/codeql-cli-2.10.0
2022-06-27 20:37:25 +02:00
Erik Krogh Kristensen
34e7589844
sanitize non-strings from unsafe-html-construction
2022-06-27 13:53:44 +02:00
Asger F
c8b2be616f
JS: Bump extractor version string
2022-06-27 13:52:44 +02:00
Asger F
c082578688
JS: Always sniff file type of TypeScript files
2022-06-27 13:48:00 +02:00
github-actions[bot]
d506f448ef
Post-release preparation for codeql-cli-2.10.0
2022-06-24 07:36:33 +00:00
Asger F
f5a19a1013
JS: Fix unused variable FP in template placeholders
2022-06-23 19:26:32 +02:00
github-actions[bot]
a74051c658
Release preparation for version 2.10.0
2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen
3248f7b423
Merge pull request #9649 from RasmusWL/certificate-modeling
...
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
2022-06-23 12:04:58 +02:00
Asger F
90c2b6e47f
JS: Downgrade ast_node_symbol relation
2022-06-23 10:17:28 +02:00
Erik Krogh Kristensen
08e4c8b195
Merge pull request #9634 from erik-krogh/jqueryParam
...
JS: add all jquery plugin parameters as source to js/html-constructed-from-input
2022-06-23 08:57:20 +02:00
Nick Rolfe
d91e8a6309
JS: create downgrades pack
2022-06-22 17:31:49 +01:00
Rasmus Wriedt Larsen
876ba71d9b
Python/JS/Ruby: Add change-note
2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc
SensitiveDataHeuristics: sync
2022-06-22 11:05:14 +02:00
Erik Krogh Kristensen
e1c34c11ed
add all jquery plugin parameters as source to js/html-constructed-from-input
2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen
dde7e9e2e8
add test for jquery plugin parameters in js/html-constructed-from-input
2022-06-21 13:21:57 +02:00
Edoardo Pirovano
70dbd92e25
Bump minor version of all regularly released packs
2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa
Merge branch main into rc/3.6
2022-06-21 11:15:25 +01:00
Asger F
b46ba896dd
Merge pull request #9616 from asgerf/js/without-prop-step-await
...
JS: Add withoutPropStep and model raw 'await' step with it
2022-06-21 09:06:01 +02:00
Erik Krogh Kristensen
79696c6c5f
Merge pull request #9572 from erik-krogh/heuristicSteps
...
JS: add heuristic taint-step for potentially unmodelled libraries
2022-06-21 09:00:58 +02:00
Asger F
835c9bb0b9
JS: Add test
2022-06-20 20:16:07 +02:00
Asger F
a0d3a6b5b1
JS: Add withoutPropStep and model 'await' steps with it
2022-06-20 20:16:07 +02:00
Asger F
15278fe94f
JS: Remove debug println
2022-06-17 14:57:03 +02:00
Asger F
6a4b3a190d
JS: Bump extractor version
2022-06-17 14:40:22 +02:00
Asger F
ed4c39bbb4
JS: Upgrade script
2022-06-17 14:40:22 +02:00
Asger F
5610f654e9
JS: Add PackageJson.getTypingsModule
2022-06-17 14:40:22 +02:00
Asger F
a3204f6d74
JS: Trim whitespace in dbscheme
2022-06-17 14:40:22 +02:00
Asger F
608de70568
JS: Associate symbols with external module decls
2022-06-17 14:40:22 +02:00
Asger F
5faff5609d
JS: Map symbol base types to their actual type
2022-06-17 14:40:22 +02:00
Asger F
3b4b56be28
JS: Add meta query for measuring library inputs
2022-06-16 11:57:33 +02:00
Erik Krogh Kristensen
ce323e215b
add heuristic taint-step for potentially unmodelled libraries, and meta query for counting potential unmodelled steps
2022-06-15 20:27:49 +02:00
github-actions[bot]
1ed70d51d7
Post-release preparation for codeql-cli-2.9.4
2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49
Release preparation for version 2.9.4
2022-06-15 08:22:38 +00:00
Alex Ford
8d195e3188
Merge pull request #9157 from alexrford/crypto-op-block-mode
...
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
2022-06-13 21:32:36 +02:00
Asger F
db0ac7b3b3
JS: Fix cartesian product in TypeConfusionThroughParameterTampering
2022-06-01 11:37:23 +02:00
Anders Schack-Mulligen
9abd2259d3
Merge pull request #9381 from aschackmull/redos/perf
...
ReDoS: Improve performance in ExponentialBackTracking.qll.
2022-06-01 10:39:28 +02:00
