hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

7497 Commits

Author SHA1 Message Date
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
Tom Hvitved
bd09c61504 Merge pull request #8786 from hvitved/ruby/dataflow/argument-tokens 
Ruby: Implement `Argument[any]` and `Argument[n..]`
 2022-04-21 16:31:24 +02:00
Erik Krogh Kristensen
c1798c4ebd remove redundant extends clause 2022-04-21 09:13:18 +02:00
Erik Krogh Kristensen
6007dfa101 fix qldoc in StoredXssCustomizations 
Co-authored-by: Asger F <asgerf@github.com>
 2022-04-21 09:11:08 +02:00
Erik Krogh Kristensen
b9a7c563d1 fix typo in change note 
Co-authored-by: Asger F <asgerf@github.com>
 2022-04-21 09:09:56 +02:00
Asger Feldthaus
c6e66edb97 JS: Change note 2022-04-21 08:32:01 +02:00
Erik Krogh Kristensen
9927a82520 Merge pull request #8789 from erik-krogh/apiIpaBranches 
JS/PY: mention newtype constructors in API graph label classes
 2022-04-20 23:39:46 +02:00
Erik Krogh Kristensen
7e73ecceab add change-note 2022-04-20 23:31:42 +02:00
Erik Krogh Kristensen
ff5b873557 Merge pull request #8773 from erik-krogh/exhaustion 
JS: promote `js/resource-exhaustion` out of experimental
 2022-04-20 19:33:42 +02:00
Erik Krogh Kristensen
9c5f3e9406 remove leftover debug comments 2022-04-20 18:42:46 +02:00
Erik Krogh Kristensen
ef51b46795 JS: mention newtype constructors in API graph label classes 2022-04-20 18:37:19 +02:00
Erik Krogh Kristensen
06394c8dc6 move storedXss sources to the Customizations file 2022-04-20 18:17:49 +02:00
Erik Krogh Kristensen
81ce8ac715 ATM: fix compiler warnings about unused variables 2022-04-20 18:10:59 +02:00
Erik Krogh Kristensen
4bc36d82f6 update expected output for ATM 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
c1c66a0200 refactor CountAlertAndEndpoints to not refer to deprecated files 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
c5f7df17ee add .actual files to .gitignore for ATM tests 2022-04-20 18:10:56 +02:00
Erik Krogh Kristensen
1c5d59f885 fix an instance of ql/acronyms-should-be-pascal-case 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
ea6b68fc59 add missing qldoc 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
12e60c7a06 move TypeTestGuard to the Query.qll file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
b1bad271d5 only activate the PrefixString label in Query.qll files 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
8a5b1668f9 move initialization of sanitizer-guards to Query.qll files 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
73dbe44824 remove dead import 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
8d3bd9d7cd move the ExceptionXss sources into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
25708c5091 move the XssThroughDom sources into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
ad14bbae90 create a customizations file for StoredXss 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
162a4992a5 move the ReflectedXss sources/sinks into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
173e1d0262 move the DomBasedXss sources/sinks into the Customizations file 2022-04-20 18:10:53 +02:00
Erik Krogh Kristensen
9631b68de9 move LocalUrlSanitizingGuard out of the customizations file 2022-04-20 18:10:52 +02:00
Tom Hvitved
ea229d361c Sync files 2022-04-20 13:55:18 +02:00
Asger Feldthaus
44216b29a9 JS: Autoformat 2022-04-20 11:14:42 +02:00
Asger Feldthaus
4c66f50352 JS: More tests 2022-04-20 11:14:42 +02:00
Asger Feldthaus
fec2837c1e JS: Ensure accessors do not appear to be calls 2022-04-20 11:14:42 +02:00
Asger Feldthaus
ddb682b181 JS: Show all accessor calls in CG test 2022-04-20 11:14:41 +02:00
Asger Feldthaus
37a76f4441 JS: PropWrite is not a SourceNode 2022-04-20 11:14:41 +02:00
Asger Feldthaus
c9db6201ef JS: Add call-graph test for accessor calls 2022-04-20 11:14:41 +02:00
Asger Feldthaus
7d5c80433d JS: Handle accessor-calls to static accessors 2022-04-20 11:14:41 +02:00
Asger Feldthaus
37b3a6e5c0 JS: Add ClassNode.getStaticMember 2022-04-20 11:14:41 +02:00
Erik Krogh Kristensen
10130eef6d Merge pull request #8678 from erik-krogh/fileSource 
JS: Add files as a source for `js/xss-through-dom`
 2022-04-20 09:18:38 +02:00
Stephan Brandauer
2fb3147b7b Merge pull request #8430 from kaeluka/js/CVE-2022-24718 
JS: Add taint step for handlebars model
 2022-04-19 15:57:58 +01:00
Erik Krogh Kristensen
8669bbd948 update expected output of rate-limit query after test reorg 2022-04-19 14:27:24 +02:00
Erik Krogh Kristensen
6799232009 fix typo in qldoc 2022-04-19 11:09:27 +02:00
Erik Krogh Kristensen
4b6d8e6865 add missing qldoc 2022-04-19 10:56:58 +02:00
Erik Krogh Kristensen
8e5a7bcd76 add change-note 2022-04-19 10:53:48 +02:00
Erik Krogh Kristensen
e0b5197d3c a slight refactor 2022-04-18 22:21:41 +02:00
Erik Krogh Kristensen
7f592a6c64 merge Clipboard.qll and DragAndDrop.qll, and support InputEvent 2022-04-18 22:17:31 +02:00
Jean Helie
f1f00ccac5 ML: add .gitkeep to resources dir in which ML models are to be found 2022-04-15 12:19:06 +02:00
Erik Krogh Kristensen
2e5d435bea add CWE-400, and add a reference to DoS attacks 2022-04-14 18:37:50 +02:00
Jean Helie
d094bbc06d Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink 
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
 2022-04-14 11:21:18 +02:00
Erik Krogh Kristensen
4c97f68a3d remove postmessage events as source for js/resource-exhaustion 2022-04-13 23:14:42 +02:00