hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 08:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
78,007 Commits 1,731 Branches 164 Tags
d0dcf897cb82b4f44ccfd3edebeb048346b551cc
Commit Graph

10321 Commits

Author SHA1 Message Date
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Napalys
0c52b5ad95 Added summary flow for StringFromCharCode 2025-04-09 14:24:43 +02:00
Napalys
a3e4e62eac Removed taint from ArrayBuffer constructor as it accepts length 2025-04-09 13:27:13 +02:00
Napalys
4bc3e9e736 Addressed comments 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-04-09 12:31:45 +02:00
Napalys
873db7c121 Added change note 2025-04-07 18:15:24 +02:00
Napalys
b97c61864e Add flow summaries and entry points for TextDecoder 2025-04-07 18:15:19 +02:00
Napalys
f28478e876 Add test cases from TypedArrays to strings. 2025-04-07 18:13:52 +02:00
Napalys
f4277204b7 Add flow summaries and entry points for ArrayBuffer and SharedArrayBuffer 2025-04-07 18:12:35 +02:00
Napalys
0e099474c5 Added test cases for ArrayBuffer and SharedArrayBuffer 2025-04-07 18:07:54 +02:00
Napalys
ff07ec8d8c Add flow summaries for TypedArray methods set and subarray 2025-04-07 18:06:40 +02:00
Napalys
d689a55229 Added test cases for TypedArray methods 2025-04-07 15:15:29 +02:00
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00
Napalys
93882263f9 Added test case for Uint8Array and TypedArray.prototype.buffer 2025-04-07 12:46:19 +02:00
Asger F
14c5495b4c JS: Use in SensitiveActions test as an example 2025-04-03 13:24:18 +02:00
Napalys Klicius
5c42c0ba4c Merge pull request #19196 from Napalys/js/rimraf 
JS: Modeling of `rimraf` functions
 2025-04-03 09:51:52 +02:00
Asger F
bb15f30ef6 Merge pull request #19192 from asgerf/js/name-resolution-independent-fixes 
JS: Some preliminary fixes from name resolution branch
 2025-04-03 09:36:02 +02:00
Jon Janego
d8ef4fc25d Update javascript/ql/src/Expressions/ExprHasNoEffect.ql 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-04-02 10:22:27 -05:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Asger F
2c40359143 JS: Change note 2025-04-02 14:12:07 +02:00
Asger F
30a9cd7c8a JS: Include document as a DOM value 2025-04-02 14:09:52 +02:00
Napalys
390d9ffe66 Added change note 2025-04-02 12:50:53 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
14999c19da Added test cases for rimraf library. 2025-04-02 12:46:48 +02:00
Asger F
78b25388ca JS: Protect against bad join in BadRandomness 
This code resulted in bad join orders in response to certain library
changes. The actual library changes have to be split into smaller pieces
but I'd like to ensure I don't run into the bad join again.
 2025-04-02 10:14:07 +02:00
Asger F
46f88e7ce7 JS: Updates to DOM model 2025-04-02 10:14:03 +02:00
Asger F
48db2b9315 JS: Add test 2025-04-02 10:12:36 +02:00
Jon Janego
74587f0d64 Update ExprHasNoEffect.ql 
adding quality tags per metadata styleguide
 2025-04-01 18:47:52 -05:00
Asger F
887942e3e9 Merge pull request #19108 from asgerf/js/api-graph-spread-rest 
JS: Handle spread/rest in API graphs
 2025-04-01 17:48:36 +02:00
Asger F
4746cfddf2 JS: Add clarifying comment 2025-04-01 16:26:07 +02:00
Asger F
e1784bb10c JS: Fix handling of spread args on a bound function 2025-04-01 16:20:57 +02:00
github-actions[bot]
10205cb990 Post-release preparation for codeql-cli-2.21.0 2025-04-01 11:30:43 +00:00
github-actions[bot]
84f6564cc0 Release preparation for version 2.21.0 2025-03-31 17:35:15 +00:00
Arthur Baars
cd9ccef8b2 Javascript, add missing * to changenote 2025-03-31 18:45:01 +02:00
Asger F
149ec20758 JS: Add comment about internal edge 2025-03-31 15:39:09 +02:00
Asger F
f64bdccd6d Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-31 15:30:59 +02:00
Napalys Klicius
4572376e9a Merge pull request #19143 from Napalys/js/fs-extra-missing 
JS: Modeling of `fs-extra` functions
 2025-03-31 10:35:45 +02:00
Napalys Klicius
de8a3289e2 Merge pull request #19118 from Napalys/js/hana_db_client 
JS: support `hana` db client
 2025-03-31 10:35:11 +02:00
Napalys
32d6ac8da7 Add test case to ensure exec calls without middleware injection into Express are not flagged. 2025-03-30 14:09:15 +02:00
Napalys
45c8ec96df Added test cases for hana db additional sources. 2025-03-28 15:02:03 +01:00
Napalys
d0e2aa8192 Added sources from hana db as MaD. 2025-03-28 14:55:17 +01:00
Napalys
f3af23e855 Refactored hana's DB client to use GuardedRouteHandler, improving precision. 2025-03-28 13:58:37 +01:00
Napalys Klicius
f7264d82d4 Merge branch 'main' into js/hana_db_client 2025-03-28 13:21:15 +01:00
Napalys
75b4d1b771 Applied copilot suggestions. 2025-03-28 13:19:11 +01:00
Napalys
769fe75d82 Added change note. 2025-03-28 13:07:24 +01:00
Napalys
495af56ab5 Added NodeJSFileSystemVectorWrite class for vectored write. 2025-03-28 13:07:23 +01:00
Napalys
e0c6cbb1b7 Added test cases for writev and writevSync. 2025-03-28 13:07:21 +01:00
Napalys
e63e170ac2 Added support for readv and readvSync functions in NodeJSFileSystemAccessRead class . 2025-03-28 13:07:20 +01:00
Napalys
6e7214747c Added test cases for readv and readvSync 2025-03-28 13:07:14 +01:00
Anders Schack-Mulligen
5a986f5327 SSA: Remove empty predicates and dead code. 2025-03-28 12:00:38 +01:00