7945 Commits

Author	SHA1	Message	Date
erik-krogh	946720f414	reorder the CWE-078 tests into subdirectories	2022-10-28 10:16:21 +02:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg ... JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
Taus	503cc560cf	Merge pull request #10943 from bananabr/main ... Javascript/Python: Tokens built from predictable UUIDs	2022-10-27 14:12:34 +02:00
Jeroen Ketema	1d7efd8e82	Merge pull request #10905 from jsoref/spelling-code-scanning-product ... Spelling code scanning product	2022-10-27 12:55:37 +02:00
Erik Krogh Kristensen	cecb498bf3	Merge pull request #10984 from tyage/add-next-js-source ... JS: Add Next.js parameters as source	2022-10-27 10:36:12 +02:00
tyage	c22f9443f2	Refactoring Next.js parameter ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:28:51 +09:00
tyage	e8b751ae17	Update javascript/ql/src/change-notes/2022-10-26-nextjs-params.md ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:24:08 +09:00
tyage	ac27307a2b	Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-27 10:23:59 +09:00
tyage	54050bf1b6	update test result XssWithAdditionalSources	2022-10-27 10:23:37 +09:00
Dave Bartolomeo	23b572e9b7	Use ${workspace} for intra-workspace dependencies ... Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release. Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.	2022-10-26 16:40:01 -04:00
Daniel Santos	63c71b7d09	Merge branch 'main' into main	2022-10-26 14:05:26 -05:00
Daniel Santos	64da2cec50	removed unnecessary getACall and fixed formatting	2022-10-26 12:02:55 -05:00
erik-krogh	0f9b4334cc	remove some FPs in js/password-in-configuration-file	2022-10-26 11:51:56 +02:00
erik-krogh	21e7e27e1f	push more context into load/store steps from the exploratory flow-analysis	2022-10-26 10:52:47 +02:00
Asger F	414bd40c41	JS: Do not track returned values out of the enclosing function	2022-10-26 09:29:49 +02:00
tyage	7a19744cf2	add change note	2022-10-26 15:17:50 +09:00
tyage	95dca7c3ed	update comment	2022-10-26 15:13:59 +09:00
tyage	09f8ca8cc0	add query in comment	2022-10-26 15:13:03 +09:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router ... as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
Daniel Santos	f7ace6f801	Update javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-25 14:27:03 -05:00
Daniel Santos	feece6f7b4	Merge branch 'github:main' into main	2022-10-25 10:43:20 -05:00
Daniel Santos	5b080481aa	TokenBuiltFromUuid formatting	2022-10-25 09:51:48 -05:00
Daniel Santos	375edf7455	TokenAssignmentValueSink refactor	2022-10-25 09:50:04 -05:00
Alvaro Muñoz	9830d2bebc	Format Restify.qll	2022-10-25 12:53:44 +02:00
Henry Mercer	1dc14bcaee	Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.6	2022-10-25 10:54:08 +01:00
Alvaro Muñoz	a80b691358	Remove unnecessary TaggedTemplateEntryPoint	2022-10-25 11:44:45 +02:00
Alvaro Muñoz	37ea3f23f1	Refactored ReplySource to ReplyCall. Got rid of unnecessary ref()	2022-10-25 11:42:48 +02:00
github-actions[bot]	caf3a098c8	JS: Bump version of ML-powered library and query packs to 0.3.7	2022-10-25 09:12:00 +00:00
github-actions[bot]	5d100c8036	JS: Bump patch version of ML-powered library and query packs	2022-10-25 09:00:40 +00:00
Daniel Santos	a2ad924376	Minor formatting fixes	2022-10-24 09:38:17 -05:00
Alvaro Muñoz	742e4aa471	Apply suggestions from code review ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-24 16:17:11 +02:00
Daniel Santos	066ffb7520	Tokens built from predictable UUIDs	2022-10-22 11:15:43 -05:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Josh Soref	c5c9f4d746	spelling: dependencies ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-20 08:18:23 -04:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
Alvaro Muñoz	c7ac237968	Update test results after merging new XSS improvements	2022-10-19 23:41:37 +02:00
Alvaro Muñoz	c10087b9a3	Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements	2022-10-19 22:18:29 +02:00
Alvaro Muñoz	009403b61e	Add QLDoc for FormatterSetup.getAFormatterHandler	2022-10-19 22:18:13 +02:00
Alvaro Muñoz	2ad5a70cf1	Merge branch 'main' into restify_improvements	2022-10-19 21:57:37 +02:00
Alvaro Muñoz	245be44eac	Merge branch 'main' into javascript_xss_improvements	2022-10-19 18:18:19 +02:00
Alvaro Muñoz	976dd7f99f	Fix format errors	2022-10-19 18:14:25 +02:00
Alvaro Muñoz	31d271b8e1	Fix format errors	2022-10-19 17:32:34 +02:00
Henry Mercer	6a12d676b8	Merge pull request #10878 from jsoref/spelling-ml ... Spelling ml	2022-10-19 16:28:06 +01:00
Henry Mercer	3afb9c1b3b	Merge pull request #10845 from github/henrymercer/remove-worsening-queries ... ATM: Remove worsening-based queries	2022-10-19 10:05:53 +01:00
Josh Soref	d722448796	spelling: injection ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-19 04:27:37 -04:00
Josh Soref	a4beafbe44	spelling: classifier ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-19 04:27:37 -04:00
Alvaro Muñoz	b79f7f3e95	Address code review comments ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-10-18 21:42:15 +02:00
Alvaro Muñoz	6ab62da015	Add Restify/Spife support	2022-10-18 21:41:34 +02:00