hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,387 Commits 1,672 Branches 157 Tags
aa8878ba863d1d6ff42009c08dba50c7727014f8
Commit Graph

9018 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
0e6693bdea Merge pull request #12874 from erik-krogh/ts51 
JS: Add support for TS 5.1
 2023-06-06 11:51:51 +02:00
Erik Krogh Kristensen
b78cd48954 Merge pull request #13329 from erik-krogh/sqlhelp 
JS: improve the sql-injection help page
 2023-06-06 08:44:44 +02:00
erik-krogh
3cb2ec4e87 fix nits from doc review 2023-06-05 19:06:07 +02:00
Erik Krogh Kristensen
219ec9d05d Merge pull request #13127 from erik-krogh/polReDoS 
ReDoS: revert new superlinear algorithm.
 2023-06-02 16:10:24 +02:00
erik-krogh
1b44b59842 add stress test 2023-06-01 23:20:23 +02:00
erik-krogh
8eed1a95f6 stop recursive fromRhs related to getLaterBaseAccess 2023-06-01 23:16:52 +02:00
erik-krogh
97afa5733b add support for namespaced JSX attributes 2023-06-01 21:52:14 +02:00
erik-krogh
f4b68fb8c3 bump TypeScript to stable version 2023-06-01 21:51:43 +02:00
Jami
3886ebffa9 Merge branch 'main' into jcogs33/update-javascript-sink-kinds 2023-06-01 14:09:10 -04:00
erik-krogh
9aeba4f31e changes based on review 2023-06-01 17:24:44 +02:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
erik-krogh
1e08105863 less duplicated headers in the sql-injection samples 2023-05-31 18:04:34 +02:00
erik-krogh
98820780af show how to use mysql.escape in the sql-injection qhelp 2023-05-31 18:04:34 +02:00
erik-krogh
7d801e05ee add an example of using dollar eq 2023-05-31 18:04:23 +02:00
erik-krogh
e24b45b423 elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp 2023-05-31 09:57:38 +02:00
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Erik Krogh Kristensen
796e71f8be Merge pull request #13176 from MaxSchlueter/fixquery12 
Fix "Introducing the JavaScript libraries" query12.qll and add test case
 2023-05-24 10:56:53 +02:00
Arthur Baars
e33f3a6668 Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Max Schlueter
40aa9417d0 Fix query12 and add test case 2023-05-23 11:52:51 +02:00
erik-krogh
f7419c9250 add expected output 2023-05-23 09:56:06 +02:00
erik-krogh
f85b3e13c2 update expected output 2023-05-23 09:56:06 +02:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
Erik Krogh Kristensen
e658177c31 Merge pull request #12975 from tyage/support-sub-modules 
JS: Support sub modules
 2023-05-23 09:24:43 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Erik Krogh Kristensen
653cd86c13 update qldoc 2023-05-22 20:48:21 +02:00
Arthur Baars
7978c65467 JS: add upgrade/downgrade scripts 2023-05-22 19:28:59 +02:00
Erik Krogh Kristensen
3647b9cfeb Merge pull request #13196 from erik-krogh/indirectCommand 
JS: require arguments to be shell interpreted to be flagged by indirect-command-injection
 2023-05-22 11:53:57 +02:00
erik-krogh
708a99528f initial implementation of TS 5.1 2023-05-22 10:11:32 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Erik Krogh Kristensen
239234c5d2 fix bad change-note 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-17 14:47:32 +02:00
erik-krogh
5a82454710 add change-note 2023-05-17 12:02:21 +02:00
erik-krogh
cbd7601a41 implement isShellInterpreted on ExecActionsCall 2023-05-17 11:07:48 +02:00
erik-krogh
3293a55e8f require arguments to be shell interpreted to be flagged by indirect-command-injection 2023-05-17 11:07:45 +02:00
Asger F
f94fdc6348 JS: Remove mention of TrackedNode in docs 2023-05-17 10:37:12 +02:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
Jami Cogswell
003bb2f6f5 JS: add change note 2023-05-16 15:45:55 -04:00
Jami Cogswell
359f6ffd1e JS: update 'credentials[%]' sink kind to 'credentials-%' 2023-05-16 15:45:55 -04:00
Jami Cogswell
7880e9e92c JS: update 'command-line-injection' sink kind to 'command-injection' 2023-05-16 15:45:55 -04:00
Arthur Baars
2911a6cc30 JS: remove unused tables 2023-05-16 17:03:41 +02:00
Arthur Baars
fef0e1f1c8 JS: sync shared dbscheme fragments 2023-05-16 17:03:41 +02:00
erik-krogh
2ebce99eae add another example of how to fix the prototype pollution issue 2023-05-15 17:24:02 +02:00
erik-krogh
7a338c408e fix typo, the variable in the example is called items 2023-05-15 17:23:40 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00