hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,726 Commits 1,671 Branches 157 Tags
e3605eed44fcb5150b50d94e42b5af3e9c7cb4a0
Commit Graph

6425 Commits

Author SHA1 Message Date
Asger Feldthaus
753c557dbe Java: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:54 +01:00
Asger Feldthaus
53935db6c6 JS: Add support for " of " syntax to help during transition 2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8 JS: Move ".."-parsing trick into AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
7c2cff3227 JS: Factor out AccessPathSyntax.qll 2022-02-21 08:16:54 +01:00
Asger Feldthaus
e2cbf47b16 JS: Fix accidental recursion 2022-02-21 08:16:53 +01:00
Arthur Baars
ebb87c4b36 Merge pull request #7975 from github/post-release-prep/codeql-cli-2.8.1 
Post-release preparation for codeql-cli-2.8.1
 2022-02-15 20:17:35 +01:00
CodeQL CI
8f8621f82c Merge pull request #8022 from asgerf/js/url-parse-qs 
Approved by esbena
 2022-02-15 09:34:21 +01:00
Asger Feldthaus
8b55a24e7c JS: Add url-parse.qs as an alias for the querystringify library 2022-02-14 15:29:50 +01:00
Chuan-kai Lin
9b4dbb9dd8 Merge pull request #7895 from github/cklin/upgrades-initial-dbscheme 
Upgrade scripts testing: set initial dbschemes
 2022-02-11 11:06:12 -08:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
Taus
327e0dad72 Merge pull request #7674 from erik-krogh/dbTypeInNonLib 
QL: Use of db-type outside language core.
 2022-02-11 12:00:14 +01:00
Erik Krogh Kristensen
36e02ae9ac Merge pull request #7912 from erik-krogh/moarApi 
JS: convert more type-trackers to API-graphs
 2022-02-11 10:32:45 +01:00
Erik Krogh Kristensen
3791b159fb Merge pull request #7892 from erik-krogh/nanSan 
JS: Add a `isNaN` sanitizer, and use it in queries that already had a typeof check
 2022-02-11 10:13:06 +01:00
Erik Krogh Kristensen
2ffd79d451 Merge pull request #7921 from erik-krogh/snapdragon 
JS: add model for the snapdragon library
 2022-02-11 10:10:55 +01:00
Esben Sparre Andreasen
a4447ce372 Update javascript/ql/lib/semmle/javascript/frameworks/Snapdragon.qll 2022-02-11 08:20:02 +01:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Erik Krogh Kristensen
f41bc64e30 add change-note 2022-02-10 22:41:35 +01:00
Arthur Baars
61ba896343 Javascript: move change note 2022-02-10 20:58:49 +01:00
Erik Krogh Kristensen
eb56a5aef3 support more patterns that recognize valid numbers 2022-02-10 19:50:35 +01:00
CodeQL CI
9ebbd9efa1 Merge pull request #7591 from asgerf/js/mysql-sinks 
Approved by esbena
 2022-02-10 12:50:36 +00:00
CodeQL CI
1a91a79b5b Merge pull request #5841 from erik-krogh/libCode 
Approved by esbena, ethanpalm
 2022-02-10 11:36:45 +00:00
Erik Krogh Kristensen
d55920ad27 add model for the snapdragon library 2022-02-10 11:32:59 +01:00
Erik Krogh Kristensen
12d31d750a convert more type-trackers to API-graphs 2022-02-10 09:54:52 +01:00
Stephan Brandauer
a73cdf3527 Merge pull request #7911 from kaeluka/javascript/add-getFlowLabel-to-PathNode 
JS: add a getFlowLabel method to the PathNode class
 2022-02-10 09:10:08 +01:00
Ethan Palm
2f7f9d9032 Move explanation of example above sample code 2022-02-09 10:45:24 -08:00
Stephan Brandauer
3e88d46e0f add a getFlowLabel method to the PathNode class 2022-02-09 17:28:25 +01:00
Erik Krogh Kristensen
5340530cb7 use the number guard in existing queries that contained typeof checks 2022-02-09 09:51:57 +01:00
Erik Krogh Kristensen
d6721ec574 implement a isNaN guard for unsafe-shell-command-construction 2022-02-09 09:51:57 +01:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
Chuan-kai Lin
a7f1ee574c Upgrade scripts testing: set initial dbschemes 
This commit sets initial dbschemes for cpp, csharp, java, javascript, and
python so that automated testing for upgrade scripts would also cover legacy
upgrades.
 2022-02-08 11:11:41 -08:00
Erik Krogh Kristensen
4bbb7ad320 Merge pull request #7876 from erik-krogh/zipRelative 
JS: recognize more startswith sanitizers for path-injection queries
 2022-02-08 15:22:39 +01:00
Erik Krogh Kristensen
28ba78cb76 add explicit this 2022-02-08 12:20:21 +01:00
Erik Krogh Kristensen
d73b2effa0 rename maybeGetJoinArg maybeGetPathSuffix 2022-02-08 10:42:06 +01:00
Erik Krogh Kristensen
cc3f9bf2a8 fix performance issue by inlining a simpler version of getASourceProp 2022-02-08 00:22:01 +01:00
Erik Krogh Kristensen
aa95dd4ec7 fix typo 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2022-02-08 00:19:40 +01:00
Erik Krogh Kristensen
b59c7911a3 update locations of expected output 2022-02-07 15:23:26 +01:00
Erik Krogh Kristensen
ca5f91e587 recognize more startswith sanitizers for path-injection queries 2022-02-07 14:19:13 +01:00
Erik Krogh Kristensen
6f28cb9201 lower the precision of js/unsafe-code-construction 2022-02-07 13:35:29 +01:00
Erik Krogh Kristensen
06f9924194 add change note 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
896d2bad0e update expected output now that JSON.stringify() is seen as a sanitizer 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d1d4ebb3b5 add values written to the global scope as exports 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
91b03f56ad move .qll files from src to lib 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
eb133f59f6 update qhelp to focus on properly documenting potentially unsafe library functions 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
a9f7756788 reuse utility predicate 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
681179dcbb add comment about parameters named "code" 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
53315e6ab6 ignore sources named "code" 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
59cc099008 add missing qldoc 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d77c28f6a7 add qhelp for unsafe-code-construction 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
d790f3ccbb add test for unsafe-code-construction query 2022-02-07 13:34:18 +01:00
Erik Krogh Kristensen
198a464346 add js/unsafe-code-construction query 2022-02-07 13:34:18 +01:00