hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

8639 Commits

Author SHA1 Message Date
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
Alvaro Muñoz
2ab34c85b2 Deprecate previous version 2022-10-11 12:46:01 +02:00
Alvaro Muñoz
15f641893e Deprecate previous version 2022-10-11 12:44:46 +02:00
Alvaro Muñoz
d5520d93c8 Deprecate previous version 2022-10-11 12:43:20 +02:00
Alvaro Muñoz
30958f7cde Deprecate previous version 2022-10-11 12:42:40 +02:00
Alvaro Muñoz
2a1b2db4c3 Deprecate previous version 2022-10-11 12:40:32 +02:00
Alvaro Muñoz
5c412b9363 Use Pascal convention 2022-10-11 11:24:07 +02:00
Alvaro Muñoz
ad80642b18 Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities 2022-10-11 11:13:17 +02:00
Josh Soref
0a4c724b69 spelling: implementation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
e8754967ea spelling: explaining 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Josh Soref
3358c5f664 spelling: apparent 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Asger F
9bbbece8a7 Merge pull request #10670 from tyage/property-stringify 
JS: Improve detection of XSS when JSON.stringify()
 2022-10-10 18:16:09 +02:00
Asger F
b1a165ee98 JS: Edit change note 2022-10-10 16:08:21 +02:00
Asger F
ecf7ed38e0 JS: Performance tweak 2022-10-10 16:08:21 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
erik-krogh
3e06e201c9 add change-note 2022-10-07 13:45:30 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
tyage
7205903a36 Using implicit this 2022-10-04 18:06:30 +09:00
tyage
f47c02431a Merge branch 'main' into property-stringify 2022-10-04 09:57:54 +01:00
tyage
6ec2abbd2d add change note 2022-10-04 17:57:08 +09:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
9df0720da9 refactoring 2022-10-04 17:05:49 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
8a7f23a8ea support VarRef 2022-10-04 14:45:39 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Tom Hvitved
dc432c7774 Sync shared files 2022-09-30 14:56:56 +02:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Henti Smith
476960e699 Merge pull request #10625 from github/henti/ql_jobrunson 
Added job.getRunsOn
 2022-09-30 10:19:14 +01:00
Henti Smith
074fac8f2f Ran autoformatter on Actions.qll 2022-09-30 09:24:12 +01:00
erik-krogh
9f2d7dfb29 update expected output 2022-09-29 22:48:41 +02:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
Henry Mercer
35e9e7d233 Merge pull request #10613 from github/henrymercer/atm-update-expected-output 
ATM: Update expected test output
 2022-09-29 17:57:51 +01:00
Henti Smith
700eaf5e41 Added JobRunson 2022-09-29 14:19:02 +01:00
tyage
b95566b02a make json stringify tainted with arg's property 2022-09-29 17:46:09 +09:00
Henry Mercer
e3b54efb68 ATM: Update expected test output 
Update the expected test output given some changes to the JavaScript
libraries which reclassified one of the test endpoints.
 2022-09-28 20:00:40 +01:00
github-actions[bot]
67d12cdc7d JS: Bump patch version of ML-powered library and query packs 2022-09-28 17:14:15 +00:00
Asger F
24f2a3cdff Sync ApiGraphModels.qll 2022-09-28 12:17:44 +02:00
Dave Bartolomeo
3bd456e52d Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Stephan Brandauer
33d30a0802 Merge pull request #10018 from github/new-atm-features-rebased 
New atm features rebased
 2022-09-23 15:29:50 +02:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Stephan Brandauer
1bb781ad94 Merge branch 'main' into new-atm-features-rebased 2022-09-23 09:55:29 +02:00