hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

6849 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
1d437dd722 Merge pull request #8043 from github/esbena/sharpen-hardcoded-credentials 
JS: Sharpen hardcoded credentials
 2022-02-21 10:02:58 +01:00
Erik Krogh Kristensen
5f9bd7a4a1 Merge pull request #7984 from erik-krogh/fix-ql-for-ql-js 
JS: fix most ql-for-ql warnings
 2022-02-21 09:15:06 +01:00
Asger Feldthaus
d7f07167ac Shared: Remove getLastToken again 2022-02-21 08:21:53 +01:00
Asger Feldthaus
2c2a82a070 Shared: allow spaces between arguments in a token 2022-02-21 08:21:53 +01:00
Asger Feldthaus
7fcbdbeada Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
2907d53e17 Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
c189df2341 Revert "JS: Add support for " of " syntax to help during transition" 
This reverts commit 9bf522b3048c3b11f7e6d734ed797a613614a095.
 2022-02-21 08:21:51 +01:00
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Asger Feldthaus
53935db6c6 JS: Add support for " of " syntax to help during transition 2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8 JS: Move ".."-parsing trick into AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
7c2cff3227 JS: Factor out AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
e2cbf47b16 JS: Fix accidental recursion 2022-02-21 08:16:53 +01:00
Asger Feldthaus
69995d5750 Shared: rephrase request forgery name and description 2022-02-17 09:07:08 +01:00
Asger Feldthaus
51442ddf47 JS: Add change note 2022-02-17 09:07:08 +01:00
Asger Feldthaus
3496ae131b JS: Factor out <recommendation> part of qhelp 2022-02-17 09:07:08 +01:00
Asger Feldthaus
8ac0ec8dfc JS: Write help for ClientSideRequestForgery 2022-02-16 18:33:31 +01:00
Asger Feldthaus
91c64152d2 JS: Rephrase the qhelp for SSRF query 2022-02-16 13:35:01 +01:00
Asger Feldthaus
cf66d01e80 JS: Add consistency test 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3103cfd925 JS: Rename to tests to clientSide.js and serverSide.js 2022-02-16 13:35:01 +01:00
Asger Feldthaus
3fbc3a4d70 JS: Add ClientSideRequestForgery to RequestForgery test 2022-02-16 13:35:01 +01:00
Asger Feldthaus
260638c68b JS: Add ClientSideRequestForgery and split request-forgery results between the two 2022-02-16 13:35:01 +01:00
Esben Sparre Andreasen
f08a140505 update tests for password patterns 2022-02-16 13:22:19 +01:00
Esben Sparre Andreasen
816d79692b ignore deliberately hardcoded password strings 2022-02-16 09:47:01 +01:00
Esben Sparre Andreasen
78744a0182 add additional tests 2022-02-16 09:44:56 +01:00
Esben Sparre Andreasen
e67c09f9ab change example passwords in test 2022-02-16 08:56:00 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
CodeQL CI
8f8621f82c Merge pull request #8022 from asgerf/js/url-parse-qs 
Approved by esbena
 2022-02-15 09:34:21 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
Asger Feldthaus
f7108506f2 JS: Raise precision tag of js/request-forgery 2022-02-14 14:20:41 +01:00
Chuan-kai Lin
9b4dbb9dd8 Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme 
Upgrade scripts testing: set initial dbschemes
 2022-02-11 11:06:12 -08:00
Erik Krogh Kristensen
a1c5724be7 fix most ql-for-ql warnings in JS 2022-02-11 17:57:37 +01:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
Taus
327e0dad72 Merge pull request #7674 from erik-krogh/dbTypeInNonLib 
QL: Use of db-type outside language core.
 2022-02-11 12:00:14 +01:00
Erik Krogh Kristensen
36e02ae9ac Merge pull request #7912 from erik-krogh/moarApi 
JS: convert more type-trackers to API-graphs
 2022-02-11 10:32:45 +01:00
Erik Krogh Kristensen
3791b159fb Merge pull request #7892 from erik-krogh/nanSan 
JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check
 2022-02-11 10:13:06 +01:00
Erik Krogh Kristensen
2ffd79d451 Merge pull request #7921 from erik-krogh/snapdragon 
JS: add model for the snapdragon library
 2022-02-11 10:10:55 +01:00
Esben Sparre Andreasen
a4447ce372 Update javascript/ql/lib/semmle/javascript/frameworks/Snapdragon.qll 2022-02-11 08:20:02 +01:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Erik Krogh Kristensen
f41bc64e30 add change-note 2022-02-10 22:41:35 +01:00
Arthur Baars
61ba896343 Javascript: move change note 2022-02-10 20:58:49 +01:00
Erik Krogh Kristensen
eb56a5aef3 support more patterns that recognize valid numbers 2022-02-10 19:50:35 +01:00
CodeQL CI
9ebbd9efa1 Merge pull request #7591 from asgerf/js/mysql-sinks 
Approved by esbena
 2022-02-10 12:50:36 +00:00
CodeQL CI
1a91a79b5b Merge pull request #5841 from erik-krogh/libCode 
Approved by esbena, ethanpalm
 2022-02-10 11:36:45 +00:00
Erik Krogh Kristensen
d55920ad27 add model for the snapdragon library 2022-02-10 11:32:59 +01:00
Erik Krogh Kristensen
12d31d750a convert more type-trackers to API-graphs 2022-02-10 09:54:52 +01:00
Stephan Brandauer
a73cdf3527 Merge pull request #7911 from kaeluka/javascript/add-getFlowLabel-to-PathNode 
JS: add a getFlowLabel method to the PathNode class
 2022-02-10 09:10:08 +01:00
Ethan Palm
2f7f9d9032 Move explanation of example above sample code 2022-02-09 10:45:24 -08:00
Stephan Brandauer
3e88d46e0f add a getFlowLabel method to the PathNode class 2022-02-09 17:28:25 +01:00
Erik Krogh Kristensen
5340530cb7 use the number guard in existing queries that contained typeof checks 2022-02-09 09:51:57 +01:00
Erik Krogh Kristensen
d6721ec574 implement a isNaN guard for unsafe-shell-command-construction 2022-02-09 09:51:57 +01:00