hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,260 Commits 1,740 Branches 165 Tags
ae7e15d82fbc2f243ea0374831473550df5aca2d
Commit Graph

1949 Commits

Author SHA1 Message Date
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00
Asger F
e610683377 JS: Linter fix 2025-02-18 09:25:23 +01:00
Asger F
a54f0a74f1 JS: Target post-update node instead of getALocalSource 
getAPropertyWrite() contains getALocalSource() under the the hood. Don't rely on that to find the successor of a mutation.
 2025-02-17 15:00:02 +01:00
Asger F
6e074c301f JS: Port lodash callback steps to flow summaries 
Not all of lodash, just the callbacks we already modeled plus a few easy ones
 2025-02-17 14:54:45 +01:00
Erik Krogh Kristensen
7fa41c438f Merge pull request #18794 from erik-krogh/v-flag 
JS: Add support for the regex V flag
 2025-02-17 13:56:48 +01:00
Asger F
4e325d9f1c JS: Convert some exception steps to legacy 2025-02-17 11:53:50 +01:00
Asger F
352924fb8c JS: Handle a few other stringification contexts 2025-02-17 11:36:28 +01:00
Asger F
33ab7db98a JS: Handle Array.prototype.toString calls 2025-02-17 11:25:03 +01:00
Asger F
d87534c7d0 JS: Model Array#toString 2025-02-17 11:13:36 +01:00
Asger F
0ca9b2285b Merge pull request #18740 from asgerf/js/more-precise-diff-informed 
JS: Provide more precise related locations
 2025-02-17 10:27:15 +01:00
Napalys
3ec038e7b6 JS: Added predicate to check if v flag is used on regular expression 2025-02-16 18:31:08 +01:00
Asger F
283954d515 JS: Do not store into arrays implicitly 2025-02-14 16:06:43 +01:00
Asger F
7df3e647d1 JS: Use US spelling 2025-02-14 10:28:55 +01:00
Asger F
26dcbf7a2a JS: Migrate URLSearchParams model to flow summaries 2025-02-13 11:51:33 +01:00
Kevin Stubbings
f5521ca1b8 Formatting 2025-02-12 00:15:27 -08:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
7e3f89842d JS: Provide more precise related locations 2025-02-11 14:12:03 +01:00
Asger F
45242977a4 JS: Model query-string parsers that strip off ? or # 2025-02-11 10:41:23 +01:00
Anders Schack-Mulligen
0b5270979d SSA: Remove the need for ExitBasicBlock in SSA. 2025-02-10 14:36:18 +01:00
Asger F
16f7373712 JS: Model dependency injection in Nest 2025-01-29 13:49:46 +01:00
Asger F
89ad737b2a JS: Add internal extension points sources of class objects/instances 2025-01-29 13:49:44 +01:00
Paul Hodgkinson
f033f179f7 Merge branch 'main' into angular-sources-sinks 2025-01-24 15:46:48 +00:00
Asger F
1b7977bf90 Merge pull request #18466 from asgerf/js/view-component-inputs 
JS: Add view-component-input threat model
 2025-01-24 10:59:25 +01:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
Asger F
6423033db6 JS: Resolve inserted TODOs 2025-01-23 13:02:52 +01:00
Asger F
dba76a0e4d JS: Rerun patch query after bugfix 2025-01-23 10:31:32 +01:00
Asger F
d647c7b14d JS: Replace 'instanceof ClientSideRemoteFlowSource' 2025-01-22 10:45:49 +01:00
Asger F
3061d51b20 JS: Add ThreatModelSource#isCilentSideSource() 2025-01-22 10:45:48 +01:00
Asger F
327bdc0b02 JS: Use TypeScript types to restrict ViewComponentInputs in general 2025-01-22 10:45:47 +01:00
Asger F
b015c88c79 JS: Add view-component-input threat model 2025-01-22 10:45:46 +01:00
Asger F
7c29ea9dda JS: Update ExternalAPIUsedwithUntrustedData 2025-01-20 11:20:32 +01:00
Asger F
ecbd7983ba JS: Update DifferentKindsComparisonBypassQuery.qll 2025-01-20 11:20:31 +01:00
Asger F
29da1fb6c8 JS: Update ConditionalBypassQuery.qll 2025-01-20 11:20:30 +01:00
Asger F
fd763a0883 JS: Auto-patch diff informed queries 2025-01-20 11:20:27 +01:00
Asger F
859783c08b JS: Support [(ngModel)] 2025-01-17 10:26:57 +01:00
Asger F
97f5559e64 JS: Recognise form input from NgForm 2025-01-17 10:22:20 +01:00
Asger F
d4daa21318 JS: Add DOM event sources in Angular2 model 2025-01-17 10:20:22 +01:00
Asger F
6f46a34873 JS: Refactor domEventSource() into a Range class 2025-01-17 10:12:40 +01:00
Asger F
bd2febcf00 JS: Implementing new signature members in StepInputSig 2025-01-16 13:38:08 +01:00
Asger F
6cd9752289 Merge pull request #18467 from github/js/shared-dataflow-branch 
JS: Migrate to shared data flow library (targeting main!) 🚀
 2025-01-16 11:28:57 +01:00
Geoffrey White
f8659c0a4e Sync identical files. 2025-01-10 10:26:13 +00:00
aegilops
e7881a8c7f Fix typo 2025-01-09 17:11:06 +00:00
aegilops
62599b2a12 Formatted 2025-01-09 17:02:37 +00:00
aegilops
98b4c35844 Set doc string on getElementNode predicate 2025-01-09 17:00:01 +00:00
Asger F
9c4d378a1d JS: Remove TODO comment 
It is not subsumed by the other case, both cases are needed
 2025-01-09 10:17:16 +01:00
Asger F
3f2882e1c6 JS: Remove an obsolete comment 
The RHS of an assignment actually has a post-update node now
 2025-01-09 09:59:23 +01:00
Asger F
b2d62a080b JS: Move a test failure explanation into the test suite 
We have an issue for fixing the underlying problem
 2025-01-09 09:57:44 +01:00