codeql

mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00

Author	SHA1	Message	Date
github-actions[bot]	b36f3f97ee	Release preparation for version 2.19.4	2024-11-28 19:28:05 +00:00
Alexander Eyers-Taylor	f7896b4c2b	Merge pull request #18155 from github/revert-18065-release-prep/2.19.4 Revert "Release preparation for version 2.19.4"	2024-11-28 19:22:36 +00:00
Alexander Eyers-Taylor	6f18d69925	Revert "Release preparation for version 2.19.4"	2024-11-28 19:19:56 +00:00
Jeroen Ketema	6d37efc0d8	Update cpp/ql/src/Best Practices/GuardedFree.qhelp Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2024-11-28 16:36:13 +01:00
Jeroen Ketema	f9d9f9ba62	Update cpp/ql/src/Best Practices/GuardedFree.qhelp Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2024-11-28 16:36:04 +01:00
Jeroen Ketema	088a3ef15c	Update cpp/ql/src/Best Practices/GuardedFree.qhelp Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2024-11-28 16:35:39 +01:00
Paolo Tranquilli	9f6a2e090e	Rust: add diagnostics queries to integration tests	2024-11-28 15:33:10 +01:00
Ed Minnix	a7a77a5f23	Added `NavigationManager::BaseUri`	2024-11-28 09:16:45 -05:00
Geoffrey White	5b50a8270d	Rust: Clarify the doc on the two models a little.	2024-11-28 14:11:15 +00:00
Geoffrey White	1d0338444a	Rust: Fix SqlExecute.	2024-11-28 14:11:14 +00:00
Ed Minnix	5bcc694f6a	Fix typo	2024-11-28 09:06:18 -05:00
Simon Friis Vindum	08648f912e	Merge branch 'main' into rust-df-inconsistency-no-location	2024-11-28 15:03:52 +01:00
Ed Minnix	1c06c4aae0	Fix summaries	2024-11-28 08:59:58 -05:00
Ed Minnix	61a4b251c0	`NavigationManager::Uri` and URI-parsing utilities	2024-11-28 08:59:57 -05:00
Edward Minnix III	418ab4b22a	Merge pull request #18123 from egregius313/egregius313/csharp/ijsruntime-models C#: Add `js-interop` sinks for `Microsoft.JSInterop.IJSRuntime`	2024-11-28 08:58:23 -05:00
Tamas Vajk	7acbf1a984	Add change note	2024-11-28 14:40:20 +01:00
Tamas Vajk	072713f771	C#: Exclude more property access expressions from DB quality metric	2024-11-28 14:34:35 +01:00
Napalys	d2de9a2238	Fixed change notes	2024-11-28 14:24:27 +01:00
Napalys Klicius	9ca0fe4cbf	Update RegExp handling and add test case Co-authored-by: erik-krogh <erik-krogh@github.com>	2024-11-28 14:13:40 +01:00
Geoffrey White	2810d64b22	Rust: Fix ql-for-ql warning.	2024-11-28 12:43:24 +00:00
Taus	a9817a0281	Python: Add guide describing how to extend the parser	2024-11-28 12:32:00 +00:00
Simon Friis Vindum	b05d290bf0	Rust: Exclude data flow inconsistencies that stem from other inconsistencies	2024-11-28 12:46:32 +01:00
Napalys	fd773603e6	Added change notes	2024-11-28 12:04:09 +01:00
Napalys	9a1c1f4be3	JS: Added in RegExpCreationNode maybeGlobal predicate for more convenience.	2024-11-28 12:03:51 +01:00
Paolo Tranquilli	50c917d2eb	Rust: restrict extracted files queries	2024-11-28 12:02:57 +01:00
yoff	c1937ea549	Merge pull request #18117 from github/tausbn/python-fix-match-literal-pruning Python: Add change note for CFG pruning fix	2024-11-28 11:40:21 +01:00
Napalys	1d2e08a3b6	JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer	2024-11-28 11:26:58 +01:00
Napalys	62194f5337	JS: add test cases RegExp with unknown flags	2024-11-28 11:26:57 +01:00
Napalys	e673348ed3	JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information	2024-11-28 11:26:56 +01:00
Napalys	a2c46749c6	JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects	2024-11-28 11:26:55 +01:00
Napalys	1ca57cfb9d	JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results	2024-11-28 11:26:54 +01:00
Napalys	c71778f1aa	JS: xss does not flag anymore replace with RegExp unknown flags	2024-11-28 11:26:53 +01:00
Napalys	dbae553146	JS: add xss test cases with unknownflags for replace using RegExp	2024-11-28 11:26:52 +01:00
Napalys	fe28657c7d	JS: add test cases with unknown flags for double escaping, works as expected.	2024-11-28 11:26:51 +01:00
Napalys	98fd97799c	JS: imcomplete sanization now handles properly maybe global	2024-11-28 11:26:50 +01:00
Napalys	1ae174849f	JS: incomplete sanitization now also works with RegExp objects	2024-11-28 11:26:48 +01:00
Napalys	76318035ff	JS: Add test cases for RegExp object usage in replace within incomplete sanitization	2024-11-28 11:26:47 +01:00
Napalys	9c2366a660	JS: Added tests for ReDos with unknownFlags, everything seems to be good	2024-11-28 11:26:46 +01:00
Napalys	875478c1c6	JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall	2024-11-28 11:26:45 +01:00
Napalys	aa557cf950	JS: Added tests for DotRemovingReplaceCall with RegExp Object.	2024-11-28 11:26:44 +01:00
Napalys	a0df33c3ac	JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives.	2024-11-28 11:26:43 +01:00
Napalys	155f1fca85	JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal	2024-11-28 11:26:42 +01:00
Napalys	23b18aeca9	JS: Now unknown flags are not flagged in taint paths	2024-11-28 11:26:41 +01:00
Napalys	eca7a88615	JS: Fixed docs description	2024-11-28 11:26:40 +01:00
Napalys	7db6f7c721	JS: Added test cases with new RegExp for Tainted paths, currently works only with literals	2024-11-28 11:26:39 +01:00
Napalys	faef9dd877	JS: protyte poluting now treats unknownFlags as potentially good sanitization.	2024-11-28 11:26:38 +01:00
Napalys	41fef0f2b3	JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting	2024-11-28 11:26:37 +01:00
Napalys	18c7b18f82	JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.	2024-11-28 11:26:36 +01:00
Napalys	89f3b6f8d3	JS: Added test case for bad sanitizer with unknown flags, currently not flagged.	2024-11-28 11:26:35 +01:00
Napalys	38be0e4c0a	JS: Now BadHtmlSanitizers also flags new RegExp as potential issue	2024-11-28 11:26:34 +01:00

... 3 4 5 6 7 ...

72681 Commits