hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,022 Commits 1,673 Branches 157 Tags
f0e20fa69eb55852daad38e33c579664ec6b0ffa
Commit Graph

9300 Commits

Author SHA1 Message Date
erik-krogh
5611a3e417 use exact version 2023-11-20 20:48:51 +01:00
erik-krogh
10b3efa667 update to the stable version of TypeScript 5.3 2023-11-20 20:32:24 +01:00
erik-krogh
dde9a7cd7e Merge branch 'main' into ts53-ts 2023-11-20 20:31:00 +01:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer
de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen
52540b42fc Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen
6bd7047e41 Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Cornelius Riemenschneider
97fd2033f1 Take our node, not the one that comes first on the PATH. 2023-11-09 22:00:00 +01:00
Cornelius Riemenschneider
b4ec13235d Address review. 2023-11-09 09:40:29 +01:00
Cornelius Riemenschneider
6b37d2009b Merge branch 'main' into criemen/js-bazel 2023-11-08 16:11:47 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7 Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Erik Krogh Kristensen
f643fd7d74 Merge pull request #14716 from erik-krogh/invalid-main 
JS: catch when the main: path is invalid on Windows
 2023-11-08 08:33:58 +01:00
Geoffrey White
b63294764b Merge pull request #14705 from geoffw0/qhelplink 
Fix a dead ReDoS link in docs
 2023-11-07 17:40:19 +00:00
erik-krogh
ae577d1e44 catch when the main: path is invalid on Windows 2023-11-07 17:42:21 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Cornelius Riemenschneider
be02512dfe Add a build system for the junit tests. 
This is a bit more complicated than our usual setup, as we both need to
unzip the typescript parser wrapper, and make node accessible on the path.
 2023-11-06 17:58:28 +01:00
Cornelius Riemenschneider
52fcc5f435 Export test data directories. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
63854e36b4 Use the TestPaths helper to lookup files. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
a773532d07 Refactor JS test suite to be more in line with other Java projects. 
Therefore, we move the test suite out of the `src` directory.
 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
6c7ea86a12 Introduce a bazel-based build for the entire JS pack. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider
465eb00228 More fine-grained dependency on internal extractors. 2023-11-06 13:44:28 +01:00
Arthur Baars
01e7d57dba Add changenote 2023-11-06 13:38:33 +01:00
Arthur Baars
7f4bcdfa64 Rename test files 2023-11-06 13:38:33 +01:00
Arthur Baars
eecf32db4d Add tests for deprecated 'assert' syntax 2023-11-06 13:38:33 +01:00
Arthur Baars
4192d09e5c Add tests for deprecated 'assert' syntax 2023-11-06 13:38:33 +01:00
Arthur Baars
b4d89f7554 Replace 'assert' with 'with' in QL test files 2023-11-06 13:38:33 +01:00
Arthur Baars
3d45944649 Rename 'assertions' to 'attributes' in JS extractor 2023-11-06 13:38:32 +01:00
Arthur Baars
bd62ec294e Support TS 5.3 import attributes (previously import assertions) 2023-11-06 13:38:32 +01:00
Arthur Baars
1067dd9dd3 Auto-format 2023-11-06 13:38:32 +01:00
Arthur Baars
ec075f8fbe Upgrade typescript to 5.3.1-rc 2023-11-06 13:38:24 +01:00
erik-krogh
abcb5a7a95 remove the remaining yarn files 2023-11-05 19:24:59 +01:00
erik-krogh
688afddaf2 Re-order expected test output of all JS tests 2023-10-31 16:38:22 +01:00
Arthur Baars
5cc94e1105 Express.js: add req.path as remote input source 2023-10-31 12:44:26 +01:00
Arthur Baars
21b7a51d0a Add test case for req.path 2023-10-31 12:44:25 +01:00
Arthur Baars
1479509d93 Re-order expected test ouput 2023-10-31 12:44:25 +01:00
Chris Smowton
79e1aa0498 Merge pull request #14634 from github/post-release-prep/codeql-cli-2.15.2 
Post-release preparation for codeql-cli-2.15.2
 2023-10-31 10:24:53 +00:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
Harry Maclean
083be305e1 Shared: Add neutralModel extensible predicate 
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
 2023-10-30 11:31:57 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
erik-krogh
cf958f0828 lower the severity of js/identity-replacement to medium 2023-10-27 13:54:17 +02:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
08cc8b8e80 Autoformat. 2023-10-26 15:36:06 +01:00
erik-krogh
302199a74a fix TypeExprKinds crashing on a ThisExpression 2023-10-26 16:33:54 +02:00
Max Schaefer
abef8483bd Merge pull request #14600 from github/max-schaefer/express-rate-limit 
JavaScript: Add support for importing `express-rate-limit` using a named import.
 2023-10-26 15:15:22 +01:00
Max Schaefer
741735cc83 Port changes to JavaScript. 2023-10-26 14:47:24 +01:00
Max Schaefer
aff848b038 Update javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-10-26 13:06:52 +01:00
Max Schaefer
2c7291336d Move test files into right directory. 2023-10-26 12:16:52 +01:00
Max Schaefer
bb146a1758 JavaScript: Add support for rateLimit export from express-rate-limit package. 2023-10-26 12:14:57 +01:00
Cornelius Riemenschneider
790615fbc2 Merge pull request #14552 from github/criemen/bazel-js 
Javascript extractor: Bazel-based build
 2023-10-24 19:36:39 +02:00