hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
39,818 Commits 1,672 Branches 157 Tags
ab28b0a690d202beb354247fbc095173f449819e
Commit Graph

6957 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ab28b0a690 Merge pull request #9348 from erik-krogh/polyRegSyntax 
JS: use syntactically correct JS in poly-redos example
 2022-05-30 12:26:04 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Asger F
cc42f2f824 Merge pull request #8606 from asgerf/js/api-graph-api 
JS/Python/Ruby: Document how API graphs should be interpreted
 2022-05-30 10:49:14 +02:00
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Tom Bolton
5830db786e Merge pull request #9285 from github/codeql-ci/js-atm-new-release 
JS: Bump version numbers of ML-powered packs after 0.3.0 release
 2022-05-27 11:39:45 +01:00
Erik Krogh Kristensen
fef87db739 use syntactically correct JS in poly-redos example 2022-05-27 10:08:30 +02:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Erik Krogh Kristensen
361b2aa6bb Merge pull request #9325 from erik-krogh/CWE-940 
JS: add CWE-940 to js/missing-origin-check
 2022-05-25 16:41:40 +02:00
Asger F
893f4ab8fb Merge pull request #9288 from asgerf/js/resource-exhaustion-no-buffer.from 
JS: Remove Buffer.from sink from js/resource-exhaustion
 2022-05-25 15:51:54 +02:00
Erik Krogh Kristensen
ed907f6f63 add CWE-940 to js/missing-origin-check 2022-05-25 14:15:48 +02:00
Erik Krogh Kristensen
efa895e912 update expected output 2022-05-25 10:33:39 +00:00
Erik Krogh Kristensen
f38d1f9a4e merge main into ts47 2022-05-25 10:13:25 +00:00
tombolton
91fa17a05e simplify imports in counting queries 2022-05-24 15:02:26 +01:00
tombolton
7e32614c25 refactor counting code into a library 2022-05-24 15:02:26 +01:00
tombolton
33964383d7 add individual per-security-query counting queries 2022-05-24 15:02:26 +01:00
Asger F
a955bd3695 JS: Change note 2022-05-24 14:18:06 +02:00
Asger F
7d4a191a32 JS: Simplify 2022-05-24 14:18:06 +02:00
Asger F
db4b6d620a JS: Remove Buffer.from as sink for js/resource-exhaustion 2022-05-24 14:18:05 +02:00
github-actions[bot]
1fa2fd73f2 JS: Bump patch version of ML-powered library and query packs post-release 2022-05-24 10:40:45 +00:00
github-actions[bot]
53a25c8c42 JS: Bump minor version of ML-powered library and query packs 2022-05-24 10:34:26 +00:00
github-actions[bot]
1287925676 JS: Bump patch version of ML-powered model pack post-release 2022-05-24 10:34:26 +00:00
github-actions[bot]
171fe98084 JS: Bump ML model pack dependency of ML-powered model building and query packs 2022-05-24 10:34:26 +00:00
github-actions[bot]
e519304268 JS: Bump minor version of ML-powered model pack 2022-05-24 10:33:45 +00:00
Asger F
87cbf7b216 JS: Update ATM code 2022-05-24 11:57:30 +02:00
Asger F
631527fe49 JS: Rename Node.{getASource -> asSource, getASink -> asSink} 2022-05-24 11:57:30 +02:00
Asger F
bc601261ed JS: Use 'ql' language for markdown snippets 2022-05-24 11:57:30 +02:00
Asger F
f80f8b6630 JS: Update a comment mentioning getARhs 2022-05-24 11:57:30 +02:00
Asger F
18dc39484d Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-05-24 11:57:30 +02:00
Asger Feldthaus
1e96b1e559 JS: Fix typo 2022-05-24 11:57:30 +02:00
Asger Feldthaus
777d344dde JS: Fix up qldoc for getAValueReachingSink 2022-05-24 11:57:30 +02:00
Asger Feldthaus
e2858b7b64 JS: Update ATM code 2022-05-24 11:57:30 +02:00
Asger Feldthaus
8da96ed403 JS: Update doc comment 2022-05-24 11:57:30 +02:00
Asger F
1ae97d9d54 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-05-24 11:57:30 +02:00
Asger Feldthaus
9fad4b883b JS: Autoformat 2022-05-24 11:57:30 +02:00
Asger Feldthaus
76ba78294f JS: Make API::EntryPoint overrides optional 2022-05-24 11:57:30 +02:00
Asger Feldthaus
ce9c3b3eb5 JS: Also rename predicates on API::EntryPoint 2022-05-24 11:57:30 +02:00
Asger Feldthaus
19a5db9f89 JS: Rename getARhs -> getASink 2022-05-24 11:57:30 +02:00
Asger Feldthaus
4c6192670e JS: Rename getAnImmediateUse -> getASource 2022-05-24 11:57:30 +02:00
Asger F
a7b73f44b2 Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Calum Grant <42069085+calumgrant@users.noreply.github.com>
 2022-05-24 11:57:30 +02:00
Asger F
73baa49c5d Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-05-24 11:57:30 +02:00
Asger Feldthaus
82c35e6f65 Mention that the interaction and be with any external codebase 2022-05-24 11:57:29 +02:00
Asger Feldthaus
6a12864dab JS: Document how API graphs should be interpreted 2022-05-24 11:57:29 +02:00
Erik Krogh Kristensen
b2d3a7dca5 add change-note for the public renamed predicate 2022-05-24 11:20:08 +02:00
Erik Krogh Kristensen
a404a8c61a use more set literals instead of big disjunctions 2022-05-24 11:09:10 +02:00
Erik Krogh Kristensen
b48806968c delete redundant import 2022-05-24 11:02:41 +02:00
Erik Krogh Kristensen
395ec106b9 remove unused field 2022-05-24 11:02:18 +02:00
Erik Krogh Kristensen
d58fe8e193 add explicit this 2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen
d1ad08ecb5 fix misspellings in predicate names 2022-05-24 10:57:13 +02:00
Erik Krogh Kristensen
aa01cf11c2 Merge pull request #9125 from erik-krogh/exportObj 
JS: recognize functions that return object of methods as library input
 2022-05-23 19:57:34 +02:00
Erik Krogh Kristensen
0c10927adc Merge pull request #9261 from erik-krogh/passport 
JS: remove support for passport in the session-fixation query
 2022-05-23 19:56:42 +02:00