hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 19:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,260 Commits 1,736 Branches 164 Tags
ae7e15d82fbc2f243ea0374831473550df5aca2d
Commit Graph

10800 Commits

Author SHA1 Message Date
Asger F
a5fde9c3df Merge pull request #18807 from asgerf/js/vue-without-tsconfig-fixup 
JS: Extract TS snippets with no tsconfig.json file
 2025-02-19 13:31:08 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00
Asger F
b3f7cd988b JS: Extract TS snippets with no tsconfig.json file 2025-02-18 12:43:13 +01:00
Asger F
82a4b17218 JS: Change note 2025-02-18 09:43:08 +01:00
Asger F
e610683377 JS: Linter fix 2025-02-18 09:25:23 +01:00
Asger F
c958702830 JS: Accept some unproblematic consistency warnings 2025-02-17 20:30:07 +01:00
github-actions[bot]
ad24f94a77 Post-release preparation for codeql-cli-2.20.5 2025-02-17 17:58:24 +00:00
github-actions[bot]
6f4562f3bd Release preparation for version 2.20.5 2025-02-17 16:55:54 +00:00
Asger F
a54f0a74f1 JS: Target post-update node instead of getALocalSource 
getAPropertyWrite() contains getALocalSource() under the the hood. Don't rely on that to find the successor of a mutation.
 2025-02-17 15:00:02 +01:00
Asger F
6e074c301f JS: Port lodash callback steps to flow summaries 
Not all of lodash, just the callbacks we already modeled plus a few easy ones
 2025-02-17 14:54:45 +01:00
Erik Krogh Kristensen
7fa41c438f Merge pull request #18794 from erik-krogh/v-flag 
JS: Add support for the regex V flag
 2025-02-17 13:56:48 +01:00
Asger F
4e325d9f1c JS: Convert some exception steps to legacy 2025-02-17 11:53:50 +01:00
Asger F
08b9d934c0 JS: Add a negative test 2025-02-17 11:37:44 +01:00
Asger F
352924fb8c JS: Handle a few other stringification contexts 2025-02-17 11:36:28 +01:00
Asger F
33ab7db98a JS: Handle Array.prototype.toString calls 2025-02-17 11:25:03 +01:00
Asger F
a74b203c86 JS: Add test with implicit array stringification 2025-02-17 11:21:46 +01:00
Asger F
d87534c7d0 JS: Model Array#toString 2025-02-17 11:13:36 +01:00
Asger F
e8d1703224 JS: Add test for flow through Buffer.concat 
This flow was lost since the existing model of concat() boxes its return value in ArrayElement. There is no explicit model of Buffer.concat.
 2025-02-17 11:12:51 +01:00
Asger F
d79f429978 JS: Update changes to nodes/edges/subpaths 
No changes in actual alerts
 2025-02-17 10:36:05 +01:00
Asger F
0ca9b2285b Merge pull request #18740 from asgerf/js/more-precise-diff-informed 
JS: Provide more precise related locations
 2025-02-17 10:27:15 +01:00
erik-krogh
6ebffd59f6 add change-note 2025-02-16 19:23:44 +01:00
erik-krogh
55b8e8b748 fix the ECMAScript version to be ES2024 2025-02-16 19:06:14 +01:00
erik-krogh
01d70a6d73 add test of the new v flag 2025-02-16 19:01:02 +01:00
Napalys
3ec038e7b6 JS: Added predicate to check if v flag is used on regular expression 2025-02-16 18:31:08 +01:00
Napalys
4097aa9f78 JS: Added ecma2021, thus extractor now can deal with RegExp v flag 2025-02-16 18:31:06 +01:00
Asger F
283954d515 JS: Do not store into arrays implicitly 2025-02-14 16:06:43 +01:00
Asger F
7df3e647d1 JS: Use US spelling 2025-02-14 10:28:55 +01:00
Asger F
25314b61db JS: Update nodes/edges output 2025-02-14 10:26:21 +01:00
Asger F
c4724f42a3 JS: Change note 2025-02-13 11:51:35 +01:00
Asger F
26dcbf7a2a JS: Migrate URLSearchParams model to flow summaries 2025-02-13 11:51:33 +01:00
Asger F
f531f4479b JS: Add test for URL and URLSearchParams 2025-02-13 11:51:32 +01:00
Kevin Stubbings
253882c3d1 Update javascript/ql/lib/change-notes/2025-02-12-express-download.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-02-12 11:01:29 -08:00
Asger F
654c6bfec7 Merge pull request #18735 from asgerf/inline-test-non-location 
Test: Support arbitrary locations in inline test post-processor
 2025-02-12 10:30:50 +01:00
Kevin Stubbings
f5521ca1b8 Formatting 2025-02-12 00:15:27 -08:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
7e3f89842d JS: Provide more precise related locations 2025-02-11 14:12:03 +01:00
Asger F
56ff9351f2 JS: Update test output again 2025-02-11 12:59:11 +01:00
Asger F
5b0eb0f6cc JS: Move an Alert annotation to its correct line 2025-02-11 12:58:47 +01:00
Asger F
84c02d0863 JS: Enable test post-processing 2025-02-11 12:58:46 +01:00
Asger F
fb79ab1c8c JS: Update line numbers 2025-02-11 12:58:45 +01:00
Asger F
a1c3dca5de JS: Convert OK-style to $-style expectations in one test 2025-02-11 12:58:44 +01:00
Asger F
45242977a4 JS: Model query-string parsers that strip off ? or # 2025-02-11 10:41:23 +01:00
Asger F
b123a3c57a JS: Add test 2025-02-11 10:40:04 +01:00
Anders Schack-Mulligen
0b5270979d SSA: Remove the need for ExitBasicBlock in SSA. 2025-02-10 14:36:18 +01:00
Asger F
7f4facc864 Merge pull request #18661 from asgerf/js/hoist-in-block 
JS: Hoist function declarations to the top of a block statement
 2025-02-06 12:38:51 +01:00
Asger F
6ae06aed9e Update javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-06 10:03:28 +01:00
Asger F
6207e39b5f JS: Change note 2025-02-06 09:58:24 +01:00