hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,965 Commits 1,672 Branches 157 Tags
ac1c20673d68c56add036583c62d8014a540bfbe
Commit Graph

8070 Commits

Author SHA1 Message Date
jarlob
ac1c20673d Encapsulate github-script 2023-04-14 10:23:49 +02:00
jarlob
d80c541da6 Encapsulate composite actions 2023-04-14 10:06:35 +02:00
jarlob
94065764d5 Make predicate name clearer 2023-04-14 01:05:21 +02:00
jarlob
79218a3946 Use YamlMapping for modeling Env 2023-04-14 00:56:51 +02:00
jarlob
dd52ef85cd Rename Env 2023-04-13 23:41:31 +02:00
jarlob
76834cbe53 Rename GlobalEnv 2023-04-13 23:13:56 +02:00
jarlob
a8a6913512 Simplify exists according to the warning 2023-04-13 23:10:16 +02:00
jarlob
8234ea33f0 More details in the changes file. 2023-04-13 23:05:32 +02:00
jarlob
6790318769 Added the composite word 2023-04-13 22:58:32 +02:00
Jaroslav Lobačevski
8f1bccbb4d Apply suggestions from code review (comments) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-04-13 22:55:53 +02:00
jarlob
72b66ffe97 Fix comment. 2023-04-07 10:01:14 +02:00
jarlob
7573c615f6 Fix warnings 2023-04-06 23:07:22 +02:00
jarlob
3745cccedd Fix warnings 2023-04-06 23:02:08 +02:00
jarlob
af83d8af41 Add comment 2023-04-06 22:59:09 +02:00
jarlob
9c7eecf547 Add support for composite actions 2023-04-06 22:53:59 +02:00
jarlob
baefeab2d1 fix tests 2023-04-06 19:11:04 +02:00
jarlob
0a878d4db9 Support yAml extensions 2023-04-06 19:07:38 +02:00
jarlob
40635e60d1 Improve documentation 2023-04-05 10:26:02 +02:00
jarlob
9fba7d31f1 Improve documentation 2023-04-05 10:24:07 +02:00
jarlob
40b7910473 Fix QLDoc warnings 2023-04-05 10:14:54 +02:00
jarlob
eef1973b93 Change UI message 2023-04-05 10:05:24 +02:00
jarlob
5c5b9f99a8 Add simple taint tracking for env variables 2023-04-05 10:03:46 +02:00
jarlob
39ff3c72a2 Remove label sanitizer because it is prone to race conditions 2023-04-03 23:28:31 +02:00
jarlob
8ea418216c Look for script injections in actions/github-script 2023-04-03 23:13:28 +02:00
jarlob
e941218e30 change notes added 2023-04-03 15:15:00 +02:00
jarlob
ba5747dff3 fix formatting 2023-04-03 15:10:27 +02:00
jarlob
c6eaf194a5 Remove empty.js as it is not needed anymore 2023-04-03 15:09:40 +02:00
jarlob
99d634c8a4 Add more sources, more unit tests, fixes to the GitHub Actions injection query 2023-04-03 15:02:02 +02:00
Erik Krogh Kristensen
1e1a692ee6 Merge pull request #12686 from erik-krogh/backtick-parse-error 
JS: add backticks around the concrete parse error
 2023-03-31 14:56:38 +02:00
Asger F
dec1e4dfd6 Merge pull request #12666 from smiddy007/improve-insufficient-pw-hash-query 
JS: Improve insufficient pw hash query
 2023-03-31 11:58:41 +02:00
Erik Krogh Kristensen
b382465078 Merge pull request #12679 from ctbellanti/improved-certificate-validation 
JS: Improved coverage for disabled certificate validation
 2023-03-30 16:24:33 +02:00
erik-krogh
47783326c2 add test for https.createServer in DisablingCertificateValidation.ql 2023-03-30 14:15:25 +02:00
Asger F
43174cfe3a Merge pull request #12668 from asgerf/js/jquery-callback-sinks 
JS: fix handling of jQuery sinks involving callback
 2023-03-30 12:42:53 +02:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
smiddy007
0eb61d39d3 formatting 2023-03-28 11:28:32 -04:00
smiddy007
fe3b0a56ca Removed unnecessary field 2023-03-28 11:27:23 -04:00
smiddy007
8e9f2185c8 Merge branch 'main' into improve-insufficient-pw-hash-query 2023-03-28 11:15:10 -04:00
smiddy007
123eb1e57b Update javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-03-28 11:14:28 -04:00
Erik Krogh Kristensen
13c0effbd2 change to minor change 2023-03-28 15:27:16 +02:00
Erik Krogh Kristensen
451f6f01bb Merge pull request #12633 from erik-krogh/more-global-flow 
JS: better callgraph support for global variables
 2023-03-28 15:19:50 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Asger F
61a7ee9387 JS: Use getABoundFunctionValue instead of type-tracking 2023-03-28 12:56:03 +02:00
erik-krogh
e5e20ab42c add backticks around the concrete parse error 2023-03-28 10:57:13 +02:00
smiddy007
2caab8748e Merge branch 'improve-insufficient-pw-hash-query' of https://github.com/smiddy007/codeql into improve-insufficient-pw-hash-query 2023-03-27 15:20:24 -04:00
smiddy007
57ab5a06ae autoformatted 2023-03-27 15:20:08 -04:00
Chris Bellanti
6bf94e800b Added check to disabling certificate validation query 2023-03-27 12:16:20 -04:00
smiddy007
64b56ef107 Merge branch 'main' into improve-insufficient-pw-hash-query 2023-03-27 12:07:21 -04:00
smiddy007
3ef5f3070f small change 2023-03-27 12:02:35 -04:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Asger F
32d7a80221 JS: Change note 2023-03-27 14:56:57 +02:00