codeql

mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00

Author	SHA1	Message	Date
smiddy007	cbe45f7e55	Rename InsufficientPasswordHash_NodeJS.js to InsufficientPasswordHash.js	2023-04-17 13:16:57 -04:00
smiddy007	36d7370998	Delete InsufficientPasswordHash_CryptoJS_fixed file not used in qhelp	2023-04-17 13:16:25 -04:00
smiddy007	e65daaae49	Delete InsufficientPasswordHash_CryptoJS.js not used in qhelp file	2023-04-17 13:15:10 -04:00
Asger F	13b1e97caa	JS: Fix the ExtendCall restriction	2023-04-17 12:30:08 +02:00
Asger F	eafef91dbc	JS: Update test output after ExtendCall restriction	2023-04-17 12:28:23 +02:00
Asger F	024760610a	JS: Add prototype pollution test	2023-04-17 12:27:34 +02:00
Asger F	2f4a181a7d	JS: revert path sanitizers in proto pollution query	2023-04-17 12:21:00 +02:00
Asger F	04079752f7	JS: update test output after adding 'this' sanitizer	2023-04-17 12:15:46 +02:00
Asger F	f87f6c8556	JS: Add test to unsafe jquery plugin	2023-04-17 12:15:05 +02:00
Asger F	b728f71b4b	JS: Move 'this' sanitizer to customizations	2023-04-17 12:11:18 +02:00
Asger F	62dca44ee5	Update UntrustedDataToExternalAPI.expected	2023-04-17 08:23:04 +02:00
Asger F	c250ba7f27	JS: Undo sanitization of path.normalize()	2023-04-17 08:23:04 +02:00
Asger F	9db63c3a6a	JS: Change note	2023-04-17 08:23:04 +02:00
Asger F	b0d4b31103	JS: Trim whitespace in test	2023-04-17 08:23:04 +02:00
Asger F	c7f16cd224	JS: Add test	2023-04-17 08:23:03 +02:00
Asger F	0d598c437d	JS: Fix observed FPs in UnsafeJQueryPlugin	2023-04-17 08:20:18 +02:00
Asger F	b321151a28	JS: Restrict ExtendCall flow in proto pollution query	2023-04-17 08:20:18 +02:00
Asger F	efb582b661	JS: Drive-by fix to newly gained FPs	2023-04-17 08:20:18 +02:00
Asger F	869c6d27fe	JS: Add implied receiver steps	2023-04-17 08:20:18 +02:00
Asger F	74dbc71535	JS: Change Extend steps to PreCallGraphStep	2023-04-17 08:20:18 +02:00
Erik Krogh Kristensen	cece307c60	Merge pull request #12802 from erik-krogh/history-xss JS: add browser history as XSS sink	2023-04-14 13:35:19 +02:00
Alex Eyers-Taylor	c6a482819a	Bump all qlpacks major versions	2023-04-13 19:15:27 +01:00
Alex Ford	8c46bfd051	Merge pull request #12816 from github/rc/3.9 Merge `rc/3.9` into `main`	2023-04-13 12:35:41 +01:00
Erik Krogh Kristensen	cfb273ae01	Merge pull request #12799 from erik-krogh/oneColumn JS: use 1-based column locations for diagnostics	2023-04-12 14:48:20 +02:00
Asger F	b819f55203	Merge pull request #12792 from asgerf/js/redux-model-perf JS: add getForwardingFunction and use to sharpen useSelector model	2023-04-12 14:09:59 +02:00
erik-krogh	d3cc1d6991	update expected output of diagnostics test	2023-04-12 13:42:05 +02:00
erik-krogh	b1957623c1	add browser history as XSS sink	2023-04-12 13:38:18 +02:00
Erik Krogh Kristensen	8cb54b748b	Merge pull request #12787 from tyage/add-router-sink JS: Add New XSS sink - Next.js router.push/replace	2023-04-12 13:30:21 +02:00
Asger F	aef0fa3c8a	JS: Expand QLDoc	2023-04-11 14:16:36 +02:00
Asger F	2c65a49d7c	JS: Add getForwardingFunction() to API graphs	2023-04-11 14:00:30 +02:00
Asger F	4ce03d4dc4	JS: Restrict useSelector steps to local callbacks	2023-04-11 13:33:46 +02:00
Asger F	3cc931306f	JS: Add test for selector nodes with multiple access paths	2023-04-11 13:33:27 +02:00
tyage	40d475863d	Add change note	2023-04-08 18:36:50 +09:00
tyage	320cb99dbf	Add replace method test	2023-04-08 18:31:48 +09:00
tyage	668e1accaa	Remove unnecessary whiteline	2023-04-08 18:24:31 +09:00
tyage	7f9b8557ac	Add Next.js router push as XSS sink	2023-04-08 18:18:34 +09:00
github-actions[bot]	ac426b1302	Post-release preparation for codeql-cli-2.12.6	2023-04-04 16:49:26 +00:00
Asger F	5cc7380bcd	JS: Change note	2023-04-04 16:49:14 +02:00
Asger F	53de9ae580	Merge pull request #12729 from asgerf/js/crypto-modernize JS: Modernize crypto libraries	2023-04-03 12:16:22 +02:00
Jeroen Ketema	17bd9c12d7	JS: Fix qhelp after file rename	2023-04-03 09:25:19 +02:00
Erik Krogh Kristensen	1e1a692ee6	Merge pull request #12686 from erik-krogh/backtick-parse-error JS: add backticks around the concrete parse error	2023-03-31 14:56:38 +02:00
Asger F	64cf27ab87	JS: Modernize crypto libraries	2023-03-31 14:49:23 +02:00
Asger F	40530ae14d	JS: Simplfy with set literal	2023-03-31 12:04:56 +02:00
Asger F	4a06b81429	JS: Use API graphs in CryptoJS	2023-03-31 12:03:14 +02:00
Asger F	dec1e4dfd6	Merge pull request #12666 from smiddy007/improve-insufficient-pw-hash-query JS: Improve insufficient pw hash query	2023-03-31 11:58:41 +02:00
github-actions[bot]	0a3218676c	Release preparation for version 2.12.6	2023-03-30 19:25:06 +00:00
Erik Krogh Kristensen	b382465078	Merge pull request #12679 from ctbellanti/improved-certificate-validation JS: Improved coverage for disabled certificate validation	2023-03-30 16:24:33 +02:00
github-actions[bot]	e87ce62f95	Post-release preparation for codeql-cli-2.12.5	2023-03-30 13:48:58 +00:00
erik-krogh	47783326c2	add test for https.createServer in DisablingCertificateValidation.ql	2023-03-30 14:15:25 +02:00
Asger F	43174cfe3a	Merge pull request #12668 from asgerf/js/jquery-callback-sinks JS: fix handling of jQuery sinks involving callback	2023-03-30 12:42:53 +02:00

1 2 3 4 5 ...

8087 Commits