codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	ff2a5e8c27	Merge pull request #10986 from erik-krogh/tsPerf JS: push more context into load/store steps from the exploratory flow-analysis	2022-11-01 09:03:24 +01:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
Taus	503cc560cf	Merge pull request #10943 from bananabr/main Javascript/Python: Tokens built from predictable UUIDs	2022-10-27 14:12:34 +02:00
Jeroen Ketema	1d7efd8e82	Merge pull request #10905 from jsoref/spelling-code-scanning-product Spelling code scanning product	2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen	cecb498bf3	Merge pull request #10984 from tyage/add-next-js-source JS: Add Next.js parameters as source	2022-10-27 10:36:12 +02:00
tyage	c22f9443f2	Refactoring Next.js parameter Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:28:51 +09:00
tyage	e8b751ae17	Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:24:08 +09:00
tyage	ac27307a2b	Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:23:59 +09:00
tyage	54050bf1b6	update test result `XssWithAdditionalSources`	2022-10-27 10:23:37 +09:00
Daniel Santos	63c71b7d09	Merge branch 'main' into main	2022-10-26 14:05:26 -05:00
Daniel Santos	64da2cec50	removed unnecessary getACall and fixed formatting	2022-10-26 12:02:55 -05:00
erik-krogh	0f9b4334cc	remove some FPs in `js/password-in-configuration-file`	2022-10-26 11:51:56 +02:00
erik-krogh	21e7e27e1f	push more context into load/store steps from the exploratory flow-analysis	2022-10-26 10:52:47 +02:00
Asger F	414bd40c41	JS: Do not track returned values out of the enclosing function	2022-10-26 09:29:49 +02:00
tyage	7a19744cf2	add change note	2022-10-26 15:17:50 +09:00
tyage	95dca7c3ed	update comment	2022-10-26 15:13:59 +09:00
tyage	09f8ca8cc0	add `query` in comment	2022-10-26 15:13:03 +09:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
Daniel Santos	f7ace6f801	Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-25 14:27:03 -05:00
Daniel Santos	feece6f7b4	Merge branch 'github:main' into main	2022-10-25 10:43:20 -05:00
Daniel Santos	5b080481aa	TokenBuiltFromUuid formatting	2022-10-25 09:51:48 -05:00
Daniel Santos	375edf7455	TokenAssignmentValueSink refactor	2022-10-25 09:50:04 -05:00
Henry Mercer	1dc14bcaee	Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.6	2022-10-25 10:54:08 +01:00
github-actions[bot]	caf3a098c8	JS: Bump version of ML-powered library and query packs to 0.3.7	2022-10-25 09:12:00 +00:00
github-actions[bot]	5d100c8036	JS: Bump patch version of ML-powered library and query packs	2022-10-25 09:00:40 +00:00
Daniel Santos	a2ad924376	Minor formatting fixes	2022-10-24 09:38:17 -05:00
Daniel Santos	066ffb7520	Tokens built from predictable UUIDs	2022-10-22 11:15:43 -05:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Josh Soref	c5c9f4d746	spelling: dependencies Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
Alvaro Muñoz	245be44eac	Merge branch 'main' into javascript_xss_improvements	2022-10-19 18:18:19 +02:00
Henry Mercer	6a12d676b8	Merge pull request #10878 from jsoref/spelling-ml Spelling ml	2022-10-19 16:28:06 +01:00
Henry Mercer	3afb9c1b3b	Merge pull request #10845 from github/henrymercer/remove-worsening-queries ATM: Remove worsening-based queries	2022-10-19 10:05:53 +01:00
Josh Soref	d722448796	spelling: injection Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-19 04:27:37 -04:00
Josh Soref	a4beafbe44	spelling: classifier Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-19 04:27:37 -04:00
github-actions[bot]	fa274e4375	ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d	2022-10-18 11:53:42 +00:00
Erik Krogh Kristensen	71135da7ff	Merge pull request #10768 from erik-krogh/fixFileLoops JS: fix that js/file-system-race could have FPs related to loops	2022-10-17 12:01:55 +02:00
Henry Mercer	c0ac7ad7db	Remove query for worsening-based classifier evaluation	2022-10-14 15:35:43 +01:00
Henry Mercer	63ab295a46	Remove queries for worsening-based evaluation	2022-10-14 15:18:19 +01:00
erik-krogh	a6c83a7b14	add change-note	2022-10-14 09:20:33 +02:00
Alvaro Muñoz	41fea776e8	Do not discard XSS sinks when non-content-type headers are local to the sendArgument expression	2022-10-13 17:50:43 +02:00
Josh Soref	45d1e3f9b2	spelling: representation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Josh Soref	124c5544cf	spelling: predicates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Josh Soref	52a3e3c2fd	spelling: heuristic Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Josh Soref	5d94733078	spelling: ambiguously Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:51:25 -04:00
Alvaro Muñoz	744cea9baa	add tests	2022-10-13 15:19:29 +02:00
Alvaro Muñoz	468628525e	Change to camelcase	2022-10-13 12:18:07 +02:00
Alvaro Muñoz	ea8edb8408	initial tests	2022-10-13 11:32:21 +02:00

1 2 3 4 5 ...

7528 Commits