hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 09:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,785 Commits 1,739 Branches 164 Tags
ef18a6e56265d7d5d2cf8501caab5cd0c797372a
Commit Graph

5978 Commits

Author SHA1 Message Date
amammad
60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
erik-krogh
dd1e71ace9 update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
amammad
5cc4206e00 add a temporary Query file to demonstrate unsuccessful usage of two DataFlow configs 2023-11-22 08:30:59 +01:00
amammad
0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
Max Schaefer
2c5ce3216e Merge pull request #14846 from github/max-schaefer/js/path-injection 
Update qhelp for js/path-injection.
 2023-11-21 13:50:41 +00:00
Max Schaefer
dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
amammad
0652afced3 update tests, updated qldoc and examples, upgrade all libraries to path-problem, update jsonwebtoken source and sinks 2023-11-07 08:25:25 +01:00
amammad
faa483a282 move to CWE-347, update comments of tests 2023-11-02 16:24:58 +01:00
amammad
9da815a5c0 move to new CWE-321 directory, make saparate query files for each JWT pkg, create a path query for jsonwebtoken package which is not work correctly 2023-11-02 14:13:52 +01:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
erik-krogh
cf958f0828 lower the severity of js/identity-replacement to medium 2023-10-27 13:54:17 +02:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
abef8483bd Merge pull request #14600 from github/max-schaefer/express-rate-limit 
JavaScript: Add support for importing `express-rate-limit` using a named import.
 2023-10-26 15:15:22 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
amammad
ee4d87bd96 remove hardcoded JWT secret-key query 2023-10-19 11:57:53 +02:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
amammad
7891e64d3e add sanitizers to hardcoded query 2023-10-17 10:37:27 +02:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00
Henry Mercer
1a370bfbbe Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
github-actions[bot]
ae6af17c74 Post-release preparation for codeql-cli-2.15.0 2023-10-11 14:19:20 +00:00
Maiky
c0e6d7c049 Merge branch 'github:main' into maikypedia/javascript-cors 2023-10-11 12:20:42 +02:00
amammad
32859eb057 move to experimental 2023-10-10 22:46:44 +02:00
amammad
4198f61c16 fix a qldoc isuse 2023-10-10 22:21:43 +02:00
amammad
9053ceb3b7 revert a unexpected test file 2023-10-10 21:37:59 +02:00
amammad
e13050b64e revert a unexpected test file 2023-10-10 21:35:52 +02:00
erik-krogh
ccd06c78b9 delete an .expected file outside the test directories 2023-10-10 21:35:19 +02:00
Remco Vermeulen
76e56cdac7 Adjust query severities 2023-10-09 12:52:09 -07:00
erik-krogh
c2942b37a7 JS: delete various outdated deprecations 2023-10-09 09:14:55 +02:00
amammad
3f41a42c38 remove unused classes 2023-10-08 11:08:05 +02:00
amammad
15671682c5 remove unused flowLable, update path query alert message 2023-10-08 11:06:13 +02:00
amammad
41e7b91d78 fix flowLabels 2023-10-08 11:00:07 +02:00
amammad
aff6f00450 comments improvement,separate module file, fix tests 2023-10-07 12:02:39 +02:00
amammad
5a49f6bb9b fix tests 2023-10-06 22:10:57 +02:00
amammad
eef8137166 add Dice package, add global taint steps by SharedTaintStep, use getASuccessor 2023-10-06 10:58:26 +02:00
amammad
faaddd4dfe updates for FormParsers and ReadableStream modules, add separate module for Readable Streams, BusBoy RemoteFlowSources is covering more sources now!, modularize 2023-10-05 21:46:58 +02:00
Asger F
315272839d JS: Change note 2023-10-05 08:13:43 +02:00
github-actions[bot]
9fe993bec3 Release preparation for version 2.15.0 2023-10-04 14:15:27 +00:00
Henry Mercer
da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
Henry Mercer
f3847b3f51 Merge branch 'main' into henrymercer/rc-3.11-mergeback 2023-10-03 16:30:23 +01:00
Maiky
816eebbb51 Add .qhelp and apply some review changes 2023-10-02 18:05:39 +02:00