hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 17:50:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,593 Commits 1,673 Branches 157 Tags
afc46576f0dbbf3141dc1756a608f8a25db07c8e
Commit Graph

1268 Commits

Author SHA1 Message Date
Asger F
965ca169e5 JS: Recognise fs/promises 2023-07-07 14:14:49 +02:00
Asger F
d49359a95c JS: Add step through spread arg to path.join() 2023-07-07 14:10:50 +02:00
Erik Krogh Kristensen
b2a60bf3d1 Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
Chuan-kai Lin
6912f7ed3a Merge pull request #13638 from cklin/remove-pragma-assume-small-delta 
Remove pragma[assume_small_delta]
 2023-07-03 07:00:36 -07:00
Asger F
4c9501eba5 Merge pull request #13529 from jorgectf/seclab/webix-modeling 
JS: Add models for `webix`
 2023-07-03 12:03:18 +02:00
erik-krogh
f9eee906cf fix FP by requiring that the regular expression mention on of the chars important in the prefix 2023-07-01 20:30:09 +02:00
Chuan-kai Lin
ce464a7d69 Remove pragma[assume_small_delta] 2023-06-30 11:09:29 -07:00
Jorge
e210b0d0a7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-29 16:06:34 +02:00
jorgectf
2ac334bf15 Adapt Webix modeling to support HTML use-cases 2023-06-28 15:26:30 +02:00
jorgectf
bb67a9000e Fix WebixTemplateSink 2023-06-26 13:32:00 +02:00
Jorge
5bd044211e Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-26 13:27:23 +02:00
Rasmus Wriedt Larsen
0121263e03 Merge branch 'main' into python/enable-summaries-from-models 2023-06-26 11:34:12 +02:00
Jorge
8ff525933e Merge branch 'main' into seclab/webix-modeling 2023-06-23 18:06:26 +02:00
yoff
26856a82a6 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-23 10:15:20 +02:00
Kevin Stubbings
3605269e13 Add webix copy function 2023-06-22 22:16:28 -07:00
jorgectf
6947e99c15 Add models for webix 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-06-22 01:07:33 +02:00
Jami
5259a6ecfc Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation 
Shared: share MaD kind validation across languages
 2023-06-20 11:56:12 -04:00
Rasmus Lerchedahl Petersen
3cf9e3e692 Py/js/ruby: sync files 2023-06-18 21:52:49 +02:00
Asger F
318a60b208 Merge pull request #13456 from asgerf/js/vuex-perf 
JS: Restrict length of state path in vuex model
 2023-06-14 19:50:06 +02:00
Asger F
22b98c8959 JS: Restrict length of state path in vuex model 2023-06-14 15:48:58 +02:00
Jami
35591113c2 Merge branch 'main' into jcogs33/shared-sink-kind-validation 2023-06-14 08:06:34 -04:00
erik-krogh
cd6f738f72 add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection 2023-06-12 16:38:11 +02:00
Jami Cogswell
9abe3e3da4 Shared: use a module as input to 'KindValidation' 2023-06-09 14:35:37 -04:00
Jami Cogswell
da58b2afc8 Shared: move shared file to 'shared' folder and add parameterized module for 'getInvalidModelKind' 2023-06-08 20:05:27 -04:00
Asger F
76a8e9827e Merge pull request #13283 from asgerf/js/restrict-regex-search-function 
JS: Be more conservative about flagging "search" call arguments as regex
 2023-06-08 10:50:51 +02:00
Jami Cogswell
5a23421d9a Shared: minor updates to comments 2023-06-05 13:46:56 -04:00
Jami Cogswell
9d5972acc2 Shared: update qldocs 2023-06-05 12:18:34 -04:00
Jami Cogswell
3f1dc8e5c7 Shared: add outdated Swift sink kinds 2023-06-05 12:18:34 -04:00
Jami Cogswell
62ac0dc471 Shared: add outdated sink kind msg to 'getInvalidModelKind' for all languages 2023-06-05 12:18:33 -04:00
Jami Cogswell
76f5dca861 Shared: move 'OutdatedSinkKind' to shared file and add outdated JS and C# sink kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
7b629f5d63 Shared: include 'qltest%' and 'test-%' 2023-06-05 12:18:33 -04:00
Jami Cogswell
254e447923 JS/Python/Ruby: update getInvalidModelKind 2023-06-05 12:18:33 -04:00
Jami Cogswell
7317c29eea Shared: update kind information 2023-06-05 12:18:33 -04:00
Jami Cogswell
0ab1848b70 JS/Python/Ruby: use 'SharedModelValidation' file 2023-06-05 12:18:33 -04:00
Jami Cogswell
ddb5d92ef8 Shared: add source, summary, and neutral shared valid kinds 2023-06-05 12:18:33 -04:00
Jami Cogswell
869f820fcf Shared: add 'SharedModelValidation' file as experiment 2023-06-05 12:18:33 -04:00
Jami Cogswell
e24e3a6115 JS/Python/Ruby: add getInvalidModelKind as experiment 2023-06-05 12:18:33 -04:00
erik-krogh
9000243828 JS: fix compilation 2023-06-02 11:58:08 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Asger F
77d2799278 Update javascript/ql/lib/semmle/javascript/Regexp.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-06-02 10:33:44 +02:00
erik-krogh
8eed1a95f6 stop recursive fromRhs related to getLaterBaseAccess 2023-06-01 23:16:52 +02:00
Jami
3886ebffa9 Merge branch 'main' into jcogs33/update-javascript-sink-kinds 2023-06-01 14:09:10 -04:00
Asger F
2629ec1b1d JS: Be more conservative about flagging "search" call arguments as regex 2023-05-26 11:55:53 +02:00
Erik Krogh Kristensen
e658177c31 Merge pull request #12975 from tyage/support-sub-modules 
JS: Support sub modules
 2023-05-23 09:24:43 +02:00
Erik Krogh Kristensen
653cd86c13 update qldoc 2023-05-22 20:48:21 +02:00
erik-krogh
cbd7601a41 implement isShellInterpreted on ExecActionsCall 2023-05-17 11:07:48 +02:00
erik-krogh
3293a55e8f require arguments to be shell interpreted to be flagged by indirect-command-injection 2023-05-17 11:07:45 +02:00
Jami Cogswell
359f6ffd1e JS: update 'credentials[%]' sink kind to 'credentials-%' 2023-05-16 15:45:55 -04:00
Jami Cogswell
7880e9e92c JS: update 'command-line-injection' sink kind to 'command-injection' 2023-05-16 15:45:55 -04:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00