codeql

mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00

Author	SHA1	Message	Date
Aditya Sharad	b1803d0ac2	Merge rc/3.12 into main	2023-12-21 16:40:51 -08:00
github-actions[bot]	8f72b0e4f7	Post-release preparation for codeql-cli-2.15.5	2023-12-19 10:32:57 +00:00
Jorge	f8cfd698fa	Merge branch 'main' into seclab/dotjs	2023-12-19 10:44:52 +01:00
github-actions[bot]	19af35b29a	Release preparation for version 2.15.5	2023-12-18 21:22:44 +00:00
Jorge	b81fbd7669	Add change note	2023-12-18 12:55:30 +01:00
Maiky	191766a47b	Use `config.getCorsConfiguration().getOrigin())` Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-12-18 12:38:39 +01:00
Jeroen Ketema	99e65df6ce	Merge remote-tracking branch 'upstream/rc/3.12' into mb12	2023-12-13 15:43:39 +01:00
amammad	18d0b28024	v1	2023-12-10 20:27:21 +01:00
erik-krogh	e8f9e366d5	remove redundant imports for JS	2023-12-08 16:56:54 +01:00
github-actions[bot]	92af5f5386	Post-release preparation for codeql-cli-2.15.4	2023-12-06 22:59:22 +00:00
github-actions[bot]	c04457e9e7	Release preparation for version 2.15.4	2023-12-06 21:11:50 +00:00
amammad	1547cd0546	added inline tests, move to experimental dir	2023-12-05 18:59:46 +01:00
Felicity Chapman	4cb2f53223	Remove unwanted period from query name Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name	2023-11-30 14:31:17 +00:00
Rafael	0a74a3a765	Update javascript/ql/src/change-notes/2023-11-28-django-urls.md Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-11-29 08:23:02 +01:00
Rafael	0b0c9e3e48	Create 2023-11-28-django-urls.md	2023-11-28 22:29:53 +01:00
Rafael	286e3951bf	Detect Django template URLs Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)	2023-11-28 22:22:07 +01:00
amammad	48a9b107b9	add query to detect strapi CVe too	2023-11-24 10:47:17 +01:00
Maiky	4ef4c92e2c	Move Customizations and Query	2023-11-23 21:29:09 +01:00
erik-krogh	abb8d65483	Merge branch 'main' into amammad-js-SQLI	2023-11-23 21:17:58 +01:00
amammad	60b422a35c	fix second round of code review. improve documents, fix better-sqlite3 method	2023-11-23 14:01:38 +01:00
erik-krogh	dd1e71ace9	update the JS change notes to mention security severity instead of just severity	2023-11-23 10:28:22 +01:00
amammad	5cc4206e00	add a temporary Query file to demonstrate unsuccessful usage of two DataFlow configs	2023-11-22 08:30:59 +01:00
amammad	0328a2986d	move TypeORM library file and tests to experimental add inline tests :) Fix TypeORM fuzzy method according to Review	2023-11-21 19:59:06 +01:00
Max Schaefer	2c5ce3216e	Merge pull request #14846 from github/max-schaefer/js/path-injection Update qhelp for js/path-injection.	2023-11-21 13:50:41 +00:00
Max Schaefer	dfffa1e237	Apply suggestions from code review Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2023-11-21 10:07:11 +00:00
Max Schaefer	d147faba4e	Update qhelp for js/path-injection.	2023-11-20 11:58:00 +00:00
github-actions[bot]	bad499e360	Post-release preparation for codeql-cli-2.15.3	2023-11-17 14:35:41 +00:00
github-actions[bot]	6ec9b95072	Release preparation for version 2.15.3	2023-11-16 13:07:16 +00:00
Henry Mercer	de83929a60	Remove LoC metrics from the analysis summary	2023-11-16 11:36:44 +00:00
Remco Vermeulen	52540b42fc	Merge branch 'main' into rvermeulen/javascript-adjust-security-severity	2023-11-14 11:21:38 -08:00
Remco Vermeulen	6bd7047e41	Restore XssThroughDom.ql's severity	2023-11-14 11:20:51 -08:00
Rasmus Wriedt Larsen	43d9d2ceb7	Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.	2023-11-08 14:29:24 +01:00
Geoffrey White	e8a466a02c	Update dead link.	2023-11-07 09:26:07 +00:00
amammad	0652afced3	update tests, updated qldoc and examples, upgrade all libraries to path-problem, update jsonwebtoken source and sinks	2023-11-07 08:25:25 +01:00
amammad	faa483a282	move to CWE-347, update comments of tests	2023-11-02 16:24:58 +01:00
amammad	9da815a5c0	move to new CWE-321 directory, make saparate query files for each JWT pkg, create a path query for jsonwebtoken package which is not work correctly	2023-11-02 14:13:52 +01:00
github-actions[bot]	2b939fdf08	Post-release preparation for codeql-cli-2.15.2	2023-10-30 16:06:51 +00:00
github-actions[bot]	4641990021	Release preparation for version 2.15.2	2023-10-30 11:05:53 +00:00
erik-krogh	cf958f0828	lower the severity of js/identity-replacement to medium	2023-10-27 13:54:17 +02:00
Max Schaefer	104700f6d3	Address review comment.	2023-10-27 10:19:28 +01:00
Max Schaefer	abef8483bd	Merge pull request #14600 from github/max-schaefer/express-rate-limit JavaScript: Add support for importing `express-rate-limit` using a named import.	2023-10-26 15:15:22 +01:00
Max Schaefer	741735cc83	Port changes to JavaScript.	2023-10-26 14:47:24 +01:00
Max Schaefer	bb146a1758	JavaScript: Add support for `rateLimit` export from `express-rate-limit` package.	2023-10-26 12:14:57 +01:00
amammad	ee4d87bd96	remove hardcoded JWT secret-key query	2023-10-19 11:57:53 +02:00
github-actions[bot]	8dcd8b9e5b	Post-release preparation for codeql-cli-2.15.1	2023-10-17 20:24:00 +00:00
amammad	7891e64d3e	add sanitizers to hardcoded query	2023-10-17 10:37:27 +02:00
github-actions[bot]	3b3c036626	Release preparation for version 2.15.1	2023-10-16 17:49:39 +00:00
Henry Mercer	1a370bfbbe	Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 Post-release preparation for codeql-cli-2.15.0	2023-10-11 17:39:04 +01:00
github-actions[bot]	ae6af17c74	Post-release preparation for codeql-cli-2.15.0	2023-10-11 14:19:20 +00:00
Maiky	c0e6d7c049	Merge branch 'github:main' into maikypedia/javascript-cors	2023-10-11 12:20:42 +02:00

... 3 4 5 6 7 ...

5997 Commits