hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
73,779 Commits 1,671 Branches 157 Tags
b29ee2acdeffacdbb09e63d19f85752893ac934d
Commit Graph

10603 Commits

Author SHA1 Message Date
Asger F
b29ee2acde JS: Remove references to localFieldStep 
These are tracked in https://github.com/github/codeql-javascript-team/issues/456
 2025-01-09 09:39:27 +01:00
Asger F
7766f97232 JS: Remove obsolete TODO 2025-01-09 09:39:26 +01:00
Asger F
8ac08db5c2 JS: Remove TODOs about WithArrayElement not being a taint step 
This isn't going to become a taint step, the workaround is the permanent solution
 2025-01-09 09:39:23 +01:00
Asger F
3cc1525985 JS: Remove obsolete TODOs 2025-01-09 09:19:30 +01:00
Asger F
1997e0a7b6 Merge pull request #18427 from asgerf/jss/change-note 
JS: Add migration guide and change note
 2025-01-09 09:13:16 +01:00
Asger F
b6b93dcead Merge pull request #18392 from asgerf/jss/deprecate-modules 
JS: Deprecate some .qll files
 2025-01-08 11:10:28 +01:00
Asger F
062391334e JS: Remove notes about changing API in the future 2025-01-08 09:15:13 +01:00
Asger F
df9b95575e JS: Add deprecation qldoc to Configuration classes 2025-01-08 09:15:12 +01:00
Asger F
e7d267e5d2 JS: Add migration guide and change note 2025-01-08 09:12:38 +01:00
Asger F
36f0d2f63e JS: Move VarAccessBarrier outside the deprecated Configuration.qll file 2025-01-08 08:56:53 +01:00
Asger F
c47419e66d JS: Remove an obsolete TODO comment (this has been fixed) 2025-01-08 08:54:41 +01:00
Asger F
f17cc5af15 JS: Move all hidden node definitions into DataFlowPrivate 2025-01-07 10:44:09 +01:00
Asger F
47cc3c09f5 JS: Deprecate an import 2025-01-07 10:43:40 +01:00
Asger F
0cdda87161 JS: Restrict AP length in prototype-polluting function 2025-01-06 14:33:41 +01:00
Asger F
7ccb476b1b JS: Restrict AP length in ExceptionXss 2025-01-06 14:28:58 +01:00
Asger F
23d7420cec JS: Hide default exceptional return node 2025-01-06 14:27:20 +01:00
Asger F
e2af19b946 JS: Restrict "get" step to Map objects 2025-01-06 13:17:32 +01:00
Asger F
4c9f406e34 JS: Exclude some sinks in UnvalidatedDynamicMethodCall 2025-01-06 10:32:11 +01:00
Asger F
25f5ecba25 JS: Deprecate the Configuration.qll file 2025-01-03 11:41:41 +01:00
Asger F
0339bd0f3e JS: Deprecate forward/backward exploration modules 2025-01-03 11:41:39 +01:00
Asger F
942ba189f7 JS: Minor test output change in nodes/edges 
I suspect this is due to some fixes in the DeduplicatePathGraph module
 2024-12-19 15:25:49 +01:00
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
4a6030c592 JS: Update expected with some absent result sets 2024-12-19 15:25:46 +01:00
Asger F
cd6ebb103e JS: Make test not assume implicit through for maps 2024-12-19 15:25:45 +01:00
Asger F
dc2f39c399 JS: Add model of Map#groupBy 2024-12-19 15:25:43 +01:00
Asger F
de5e6ddeed JS: Update with changes in TaintTracking test 2024-12-19 15:25:42 +01:00
Asger F
c204527c08 JS: Update Array test output (new tests added on main) 2024-12-19 15:25:41 +01:00
Asger F
33e8bd5032 JS: Update testUtilities import 2024-12-19 15:25:39 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Asger F
e5ae7e0231 JS: Fix bad join in isOptionallySanitizedEdgeInternal 
This was previously called from isBarrier(node, state) but without restricting the state. The call was therefore moved to isBarrier(node), but this caused some optimisation changes resulting in a bad join.
 2024-12-16 15:35:54 +01:00
Asger F
947b785d47 JS: Remove reference to deprecated step relation that's empty anyway 2024-12-16 15:35:53 +01:00
Asger F
0b2914ff13 JS: A few more deprecation updates 2024-12-16 15:35:50 +01:00
Asger F
db00dad033 JS: Avoid deprecation warnings in some tests 2024-12-16 15:35:49 +01:00
Asger F
cf6d166d29 JS: Also update tutorial code 2024-12-16 15:35:47 +01:00
Asger F
079294e55f JS: Mass rename to node1,state1,node2,state2 naming convention 2024-12-16 15:35:46 +01:00
Asger F
ac6da6c2b1 JS: Add some missing qldoc 2024-12-16 15:35:44 +01:00
Asger F
d993c888b1 JS: Deprecate the FlowLabel class 2024-12-16 15:35:43 +01:00
Asger F
69b361ae70 JS: Migrate a test to use flow state 2024-12-16 15:35:42 +01:00
Asger F
73af3f3536 JS: Migrate PrototypePollutingFunction 2024-12-16 15:35:40 +01:00
Asger F
ebe596f227 JS: Migrate CorsPermissiveConfiguration 2024-12-16 15:35:39 +01:00
Asger F
d83ddfabaa JS: Migrate an experimental CodeInjection query 2024-12-16 15:35:38 +01:00
Asger F
a398599bfb JS: Rename an experimental query 
Having the same name as a standard query is just confusing
 2024-12-16 15:35:36 +01:00
Asger F
c951a29e2a JS: Migrate UnvalidatedDynamicMethodCall 2024-12-16 15:35:34 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
820f81fc10 JS: Migrate UnsafeDynamicMethodAccess 2024-12-13 11:32:25 +01:00
Asger F
a9e89ed8e3 JS: Migrate PrototypePollutingAssignment 2024-12-13 11:23:31 +01:00
Asger F
bcc1669f4c JS: Migrate InsecureDownload 2024-12-13 11:10:14 +01:00
Asger F
4e25036cdc JS: Follow naming convention in InsecureModuleFlow module 2024-12-13 11:09:59 +01:00
Asger F
d381ab1260 JS: Migrate IncompleteHtmlAttributeSanitization 2024-12-13 10:55:00 +01:00
Asger F
2112ecc44d JS: Migrate HardcodedDataInterpretedAsCode 2024-12-13 10:48:43 +01:00