hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,438 Commits 1,724 Branches 164 Tags
d6055754b62ccd71f9474cef08f1a017569ae03a
Commit Graph

12085 Commits

Author SHA1 Message Date
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
Asger F
22f16dda85 Merge pull request #21368 from asgerf/browser-sources 
JS: Add 'browser' source kinds
 2026-03-16 09:24:54 +01:00
Asger F
821cc0e875 JS: Address PR review comments 
- Fix misplaced semicolons in test files (was inside comment, moved before it)
- Update QLdoc comments to reference new browser source kind names
- Update docs to list browser source kinds and fix outdated 'only remote' note

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-13 14:58:04 +01:00
Asger F
b8c44be599 Add QL test for bun/tsx shebang recognition in TypeScript files 
Add test files with #!/usr/bin/env bun, #!/usr/bin/env tsx, and
#!/usr/bin/env node shebangs. The query lists extracted .ts files,
verifying that all three shebangs are recognized and the files are
not skipped by the extractor.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-12 10:09:56 +01:00
Asger F
84d1828a9c JavaScript extractor: recognise bun and tsx in shebang lines 
Update the shebang regexp (renamed NODE_INVOCATION -> JS_INVOCATION) to
also match 'bun' and 'tsx' so that scripts using these runtimes are
correctly identified as JavaScript files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-12 09:35:36 +01:00
Asger F
5db30c9947 JS: Add change note 2026-03-11 15:40:07 +01:00
Asger F
4a001f960f JS: Add tests in request forgery queries 2026-03-11 13:53:25 +01:00
Asger F
1253553aec JS: Add browser source kinds 2026-03-11 13:50:07 +01:00
Óscar San José
3b9eba2afc Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21 2026-03-06 16:20:36 +01:00
Asger F
c9fa7fa283 Merge pull request #21369 from asgerf/js/this-bindings 
JS: Emit variables for 'this'
 2026-03-05 13:36:38 +01:00
Owen Mansel-Chan
c82f75604a Add change notes 2026-03-05 10:34:30 +00:00
Owen Mansel-Chan
99a4fe4828 Update expected test output column numbers 2026-03-04 15:02:53 +00:00
Owen Mansel-Chan
ea30f02271 js: Inline expectation should have space before $ 2026-03-04 13:11:35 +00:00
Owen Mansel-Chan
0eccd902c2 js: Inline expectation should have space after $ 
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
 2026-03-04 12:45:03 +00:00
github-actions[bot]
e152f08468 Post-release preparation for codeql-cli-2.24.3 2026-03-02 22:51:27 +00:00
github-actions[bot]
7795badd18 Release preparation for version 2.24.3 2026-03-02 13:23:40 +00:00
Asger F
f2cc0da936 JS: Add upgrade/downgrade scripts but with 'partial' compatibility 2026-03-02 11:09:19 +01:00
Asger F
d440b5fa85 JS: Update TRAP files 2026-02-27 14:15:34 +01:00
Asger F
47895b3334 JS: Update test for UniquePropertyNames test 
This query now reports the alert previously found by DuplicateProperty
 2026-02-27 13:37:29 +01:00
Asger F
71fb6bf915 JS: Mark corresponding lost result for the getter 2026-02-27 13:35:43 +01:00
Asger F
c673bd9151 JS: Document a missing alert due to limitation in structural comparison 2026-02-27 13:34:55 +01:00
Asger F
0f2de46648 JS: Emit variable bindings for 'this' expressions 2026-02-27 11:44:54 +01:00
Asger F
f0f58dacb3 JS: Also emit 'this' variable for class scopes 2026-02-27 11:44:31 +01:00
Asger F
4a3b86c652 JS: Update test output 2026-02-27 11:13:50 +01:00
Asger F
e0ab5ce49b JS: Emit variables for 'this' 
The extractor does not emit bindings for 'this', we just ensure that a variable exists for it
 2026-02-25 10:17:02 +01:00
Asger F
f0e665d08c Merge pull request #21349 from asgerf/mobx-wrapper 
Support React components wrapped by 'mobx-react'
 2026-02-25 09:24:45 +01:00
Owen Mansel-Chan
ada9c452f0 Merge pull request #21336 from owen-mc/js/accept-mad-sanitizers 
JS: Accept MaD sanitizers for queries with MaD sinks
 2026-02-23 13:44:54 +00:00
Asger F
27638c7029 JS: Add change note 2026-02-20 11:20:46 +01:00
Asger F
a684943bb7 JS: Model mobx-react{-lite} as higher-order component builders 2026-02-19 11:26:46 +01:00
Asger F
a0099d64c8 JS: Add mobx-react and mobx-react-lite tests 2026-02-19 11:26:44 +01:00
Paolo Tranquilli
dfe451128e Merge branch 'main' into redsun82/bazel-9 2026-02-19 11:05:32 +01:00
Owen Mansel-Chan
05f9b4124d Revert "javascript: remove sanitizer to be replaced by model" 
This reverts commit da2f77d615.
 2026-02-17 14:39:04 +00:00
Owen Mansel-Chan
b8f9dd9de5 Revert "javascript: add MaD model" 
This reverts commit 75bd4a7a12.
 2026-02-17 14:38:56 +00:00
Owen Mansel-Chan
61e8f91404 Accept MaD sanitizers for queries with MaD sinks 2026-02-17 12:45:24 +00:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
Paolo Tranquilli
10a2824b82 refactor: migrate BUILD files to explicit rules_java imports 
Add explicit load statements for java_library and java_test from
@rules_java//java:defs.bzl in:
- javascript/extractor/BUILD.bazel
- javascript/extractor/test/com/semmle/js/extractor/test/BUILD.bazel
 2026-02-10 13:44:06 +01:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Tom Hvitved
93dad867cd JS: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:21 +01:00
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
75bd4a7a12 javascript: add MaD model 
- consider if the model is in the right place
- consider if the barrier kind (sink kind) is the appropriate one
 2026-01-22 17:30:24 +01:00
yoff
da2f77d615 javascript: remove sanitizer to be replaced by model 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
Ian Lynagh
a299174f4d javascript: Add up/downgrade scripts 2026-01-20 11:56:15 +00:00
Ian Lynagh
4140121e96 javascript: Use more standard shared dbscheme sections 
We now use the shared "Overlay support" and "Database metadata".
 2026-01-20 11:56:14 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
Nick Rolfe
1739e135f5 Fix list formatting inconsistency 2026-01-19 15:17:11 +00:00