hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-20 04:11:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,965 Commits 1,780 Branches 169 Tags
ef67311af296a07932ffeb6dd22b355d746adffc
Commit Graph

387 Commits

Author SHA1 Message Date
tonghuaroot
e93bc11f6f Add experimental JS query for SSRF guards missing IPv6-transition unwrap 
Add javascript/ssrf-ipv6-transition-incomplete-guard, an experimental
@kind problem query that flags hand-rolled SSRF host guards which reject
private/loopback IPv4 ranges but never unwrap IPv6-transition forms
(IPv4-mapped ::ffff:, NAT64 64:ff9b::, 6to4 2002::). Such guards can be
bypassed by wrapping an internal IPv4 address in a transition literal.

Includes a .qhelp with good/bad examples, a change note, and a test pack
with two true-positive fixtures (private-ip package guard and a
hand-written RFC 1918 denylist) and two negative-control fixtures
(ipaddr.js range classifier and an explicit ::ffff: unwrap).

Signed-off-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com>
 2026-06-06 21:47:24 +08:00
github-actions[bot]
8b6f969cdb Release preparation for version 2.25.6 2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab Revert "Release preparation for version 2.25.6" 2026-05-29 12:13:50 +01:00
github-actions[bot]
44a914e40f Release preparation for version 2.25.6 2026-05-25 10:23:26 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
Henry Mercer
43c9b95e6f Merge branch 'main' into post-release-prep/codeql-cli-2.25.2 2026-04-14 13:56:52 +01:00
Tom Hvitved
fcfb8c9c6b Add change note 2026-04-13 12:22:30 +02:00
github-actions[bot]
4fe2f6d2b4 Release preparation for version 2.25.2 2026-04-06 10:30:38 +00:00
github-actions[bot]
fb011842c9 Release preparation for version 2.25.1 2026-03-25 23:43:06 +00:00
github-actions[bot]
8cf0954796 Release preparation for version 2.25.1 2026-03-25 08:28:30 +00:00
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
github-actions[bot]
7795badd18 Release preparation for version 2.24.3 2026-03-02 13:23:40 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
bedb80346a Merge pull request #20940 from asgerf/js/detect-minified-files 
JS: Skip minified file if avg line length > 200
 2026-01-19 14:31:09 +01:00
Asger F
077bbb24ac Merge pull request #21159 from asgerf/js/vue-prop-function 
JS: Add support for props callbacks in Vue router configs
 2026-01-19 10:13:49 +01:00
Asger F
06cc323aee Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md 
Co-authored-by: Taus <tausbn@github.com>
 2026-01-14 11:40:01 +01:00
Asger F
b47ae420ca Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-14 11:40:01 +01:00
Asger F
739ed4b3bb JS: Change note 2026-01-14 11:40:01 +01:00
Asger F
e430aa97f3 Merge pull request #20916 from asgerf/js/next-folders2 
JS: Handle Next.js files named 'page' or 'route'
 2026-01-14 11:10:57 +01:00
Ian Lynagh
63f78e7609 Merge pull request #21156 from igfoo/igfoo/mb 
Merge rc/3.20 into main
 2026-01-13 12:11:37 +00:00
Asger F
9fa856f974 JS: Change note 2026-01-13 11:49:33 +01:00
Asger F
ca52fe59e8 Merge pull request #20918 from asgerf/js/response-default-content-type 
JS: Handle default 'content-type' header in Response() objects
 2026-01-13 10:34:40 +01:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
github-actions[bot]
a045b317ac Release preparation for version 2.23.7 2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0 Release preparation for version 2.23.7 2025-12-01 16:07:37 +00:00
Asger F
bde983b66d Update 2025-11-26-response-default-content-type.md 2025-11-27 13:18:56 +01:00
Asger F
7c0243fc6d Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-27 13:18:11 +01:00
Asger F
818f4815dd JS: Change note 2025-11-26 13:49:50 +01:00
Asger F
7848369f77 JS: Change note 2025-11-26 11:20:42 +01:00
Asger F
a91969b7e1 JS: Change note 2025-11-25 15:58:11 +01:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Napalys Klicius
9c70ae04fb Add change note 2025-10-22 11:48:16 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Florin Coada
ba520c60d2 Update 2.1.0.md 2025-09-26 10:11:03 +01:00
Florin Coada
2f96e32ec9 Update 2.1.0.md 2025-09-26 10:08:31 +01:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Asger F
edf79a3730 JS: Change note 2025-09-16 13:53:31 +02:00
Chris Smowton
db5c58180e Change note 2025-09-12 14:32:12 +01:00
Asger F
d575d3c9e4 Merge pull request #20374 from asgerf/js/typescript-5.9 
JS: Support TypeScript 5.9 and support 'import defer' syntax
 2025-09-09 20:50:04 +02:00
Napalys Klicius
b2feaaceea Merge branch 'main' into js/move-cors-query-from-experimental 2025-09-05 12:11:09 +02:00
Asger F
ef114c4a07 JS: Add change note 2025-09-05 12:04:53 +02:00
Napalys Klicius
e6eacca50b Update change note to reflect changes 2025-09-05 11:27:29 +02:00