tonghuaroot
e93bc11f6f
Add experimental JS query for SSRF guards missing IPv6-transition unwrap
...
Add javascript/ssrf-ipv6-transition-incomplete-guard, an experimental
@kind problem query that flags hand-rolled SSRF host guards which reject
private/loopback IPv4 ranges but never unwrap IPv6-transition forms
(IPv4-mapped ::ffff:, NAT64 64:ff9b::, 6to4 2002::). Such guards can be
bypassed by wrapping an internal IPv4 address in a transition literal.
Includes a .qhelp with good/bad examples, a change note, and a test pack
with two true-positive fixtures (private-ip package guard and a
hand-written RFC 1918 denylist) and two negative-control fixtures
(ipaddr.js range classifier and an explicit ::ffff: unwrap).
Signed-off-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com >
2026-06-06 21:47:24 +08:00
github-actions[bot]
cfb18c2477
Post-release preparation for codeql-cli-2.25.6
2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb
Release preparation for version 2.25.6
2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab
Revert "Release preparation for version 2.25.6"
2026-05-29 12:13:50 +01:00
github-actions[bot]
44a914e40f
Release preparation for version 2.25.6
2026-05-25 10:23:26 +00:00
github-actions[bot]
9f64000962
Post-release preparation for codeql-cli-2.25.5
2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef
Release preparation for version 2.25.5
2026-05-18 12:05:32 +00:00
github-actions[bot]
7610277199
Post-release preparation for codeql-cli-2.25.4
2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27
Release preparation for version 2.25.4
2026-05-05 09:34:30 +00:00
github-actions[bot]
a0bab539bb
Post-release preparation for codeql-cli-2.25.3
2026-04-20 12:40:34 +00:00
github-actions[bot]
c861d99802
Release preparation for version 2.25.3
2026-04-20 09:27:23 +00:00
Henry Mercer
43c9b95e6f
Merge branch 'main' into post-release-prep/codeql-cli-2.25.2
2026-04-14 13:56:52 +01:00
Tom Hvitved
fcfb8c9c6b
Add change note
2026-04-13 12:22:30 +02:00
github-actions[bot]
242090e0ac
Post-release preparation for codeql-cli-2.25.2
2026-04-06 13:49:20 +00:00
github-actions[bot]
4fe2f6d2b4
Release preparation for version 2.25.2
2026-04-06 10:30:38 +00:00
github-actions[bot]
ce6e6d5db3
Post-release preparation for codeql-cli-2.25.1
2026-03-30 08:43:48 +00:00
github-actions[bot]
fb011842c9
Release preparation for version 2.25.1
2026-03-25 23:43:06 +00:00
github-actions[bot]
8cf0954796
Release preparation for version 2.25.1
2026-03-25 08:28:30 +00:00
github-actions[bot]
d6055754b6
Release preparation for version 2.25.0
2026-03-16 12:15:34 +00:00
github-actions[bot]
e152f08468
Post-release preparation for codeql-cli-2.24.3
2026-03-02 22:51:27 +00:00
github-actions[bot]
7795badd18
Release preparation for version 2.24.3
2026-03-02 13:23:40 +00:00
github-actions[bot]
b5898c5a30
Post-release preparation for codeql-cli-2.24.2
2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb
Release preparation for version 2.24.2
2026-02-16 13:29:25 +00:00
github-actions[bot]
73d06f26cb
Post-release preparation for codeql-cli-2.24.1
2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0
Release preparation for version 2.24.1
2026-02-02 12:09:09 +00:00
github-actions[bot]
48475e66af
Post-release preparation for codeql-cli-2.24.0
2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce
Release preparation for version 2.24.0
2026-01-19 14:49:14 +00:00
Asger F
bedb80346a
Merge pull request #20940 from asgerf/js/detect-minified-files
...
JS: Skip minified file if avg line length > 200
2026-01-19 14:31:09 +01:00
Asger F
077bbb24ac
Merge pull request #21159 from asgerf/js/vue-prop-function
...
JS: Add support for props callbacks in Vue router configs
2026-01-19 10:13:49 +01:00
Asger F
06cc323aee
Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md
...
Co-authored-by: Taus <tausbn@github.com >
2026-01-14 11:40:01 +01:00
Asger F
b47ae420ca
Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-01-14 11:40:01 +01:00
Asger F
739ed4b3bb
JS: Change note
2026-01-14 11:40:01 +01:00
Asger F
e430aa97f3
Merge pull request #20916 from asgerf/js/next-folders2
...
JS: Handle Next.js files named 'page' or 'route'
2026-01-14 11:10:57 +01:00
Ian Lynagh
63f78e7609
Merge pull request #21156 from igfoo/igfoo/mb
...
Merge rc/3.20 into main
2026-01-13 12:11:37 +00:00
Asger F
9fa856f974
JS: Change note
2026-01-13 11:49:33 +01:00
Asger F
ca52fe59e8
Merge pull request #20918 from asgerf/js/response-default-content-type
...
JS: Handle default 'content-type' header in Response() objects
2026-01-13 10:34:40 +01:00
Ian Lynagh
dcd0a69759
Merge remote-tracking branch 'upstream/main' into igfoo/mb
2026-01-13 01:01:35 +00:00
github-actions[bot]
2cb932cf5d
Post-release preparation for codeql-cli-2.23.9
2026-01-06 15:42:16 +00:00
github-actions[bot]
c00663766e
Release preparation for version 2.23.9
2026-01-05 11:57:06 +00:00
Óscar San José
d972af9ef8
Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main
2025-12-12 13:22:08 +01:00
github-actions[bot]
2854330759
Post-release preparation for codeql-cli-2.23.8
2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e
Release preparation for version 2.23.8
2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c
Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20
2025-12-05 19:31:47 +01:00
Anders Schack-Mulligen
dc6d3fe7ba
Use flowFrom.
2025-12-03 14:04:18 +01:00
github-actions[bot]
085faa2bdb
Post-release preparation for codeql-cli-2.23.7
2025-12-02 16:39:43 +00:00
github-actions[bot]
a045b317ac
Release preparation for version 2.23.7
2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0
Release preparation for version 2.23.7
2025-12-01 16:07:37 +00:00
Asger F
bde983b66d
Update 2025-11-26-response-default-content-type.md
2025-11-27 13:18:56 +01:00
Asger F
7c0243fc6d
Apply suggestions from code review
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-11-27 13:18:11 +01:00
Asger F
818f4815dd
JS: Change note
2025-11-26 13:49:50 +01:00
