hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,122 Commits 1,700 Branches 161 Tags
f4ba2e1fd09201d7ce85055313a5720195f21579
Commit Graph

6299 Commits

Author SHA1 Message Date
Napalys Klicius
d7ad625de3 JS: restrict type tracking to strings of interest. 2025-06-12 14:28:00 +02:00
Napalys Klicius
da5cd251be Update javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql 
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-12 14:25:00 +02:00
Napalys Klicius
e6d26912e0 Update javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-12 13:10:27 +02:00
Napalys Klicius
7b91a57eb1 JS: add change note. 2025-06-12 12:19:39 +02:00
Napalys Klicius
75ee649362 JS: add change note 2025-06-12 12:14:14 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Napalys Klicius
c5a1421405 JS: promote suspicious-method-name-declaration to quality query. 2025-06-12 09:54:01 +02:00
Napalys Klicius
60e3b0c8e7 JS: Update qhelp and added more examples. 2025-06-12 09:53:56 +02:00
Asger F
423ffc78db Merge pull request #19078 from asgerf/js/name-resolution 
JS: QL-side type/name resolution for TypeScript and JSDoc
 2025-06-11 14:17:11 +02:00
Napalys Klicius
92084dd74f JS: add js/template-syntax-in-string-literal to the Code Quality suite. 2025-06-11 11:48:05 +02:00
Napalys Klicius
6811cad687 Merge pull request #19711 from Napalys/js/quality/promote_duplicate_char_class 
JS: Promote `js/regex/duplicate-in-character-class` to quality
 2025-06-11 11:05:07 +02:00
Napalys Klicius
51b83dbce5 Merge pull request #19579 from Napalys/js/dom_property_access 
JS: Improve `useless-expression` query to avoid duplicate alerts on compound expressions
 2025-06-10 15:17:13 +02:00
Napalys Klicius
d968dd0fa1 Removed <strong> usage and updated r?e[m|x] example 2025-06-10 13:34:24 +02:00
Napalys Klicius
65b1275a19 Update javascript/ql/src/RegExp/DuplicateCharacterInCharacterClass.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-10 13:26:08 +02:00
Napalys Klicius
d68f5ebddb Added quality tag to js/regex/duplicate-in-character-class 2025-06-10 12:10:33 +02:00
Napalys Klicius
417ca1aceb Enchanced js/regex/duplicate-in-character-class's qhelp 2025-06-10 12:10:25 +02:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Napalys Klicius
d1869941c2 Renamed UnhandledStreamPipe.ql to a better fitting name and ID 
As a side effect of merge `security-and-quality` does not contain anymore related new query.

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-03 13:57:10 +02:00
Napalys Klicius
f6e7059589 Merge branch 'main' into js/quality/stream_pipe 2025-06-03 13:48:41 +02:00
Napalys Klicius
8ba1f3f265 Update javascript/ql/src/Quality/UnhandledStreamPipe.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-03 13:43:45 +02:00
Napalys Klicius
7993f7d8c8 Update qhelp example to more accurately demonstrate flagged cases 2025-06-02 19:08:33 +02:00
Napalys Klicius
bf2f19da56 Update UnhandledStreamPipe.ql 
Address comments

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-06-02 19:02:48 +02:00
Napalys Klicius
ae74edb033 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:53:54 +02:00
Napalys Klicius
d43695c929 Update javascript/ql/src/Quality/UnhandledStreamPipe.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:42 +02:00
Napalys Klicius
7198372ae5 Update javascript/ql/src/Quality/UnhandledStreamPipe.qhelp 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:41 +02:00
Napalys Klicius
abd446ae77 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:40 +02:00
Napalys Klicius
64f00fd0f2 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:52:34 +02:00
Napalys Klicius
3cbc4142f0 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:40:06 +02:00
Napalys Klicius
1f256ab71e Added change note 2025-06-02 14:59:43 +02:00
Napalys Klicius
298ef9ab12 Now able to track error handler registration via instance properties 2025-06-02 11:01:41 +02:00
Napalys Klicius
f843cc02f6 Fix false positives in stream pipe analysis by improving error handler tracking via property access. 2025-05-30 18:08:04 +02:00
Napalys Klicius
d3b2a57fbf Fixed ql warning Expression can be replaced with a cast 2025-05-28 17:34:16 +02:00
Napalys Klicius
2e2b9a9d63 Make predicates private and clarify stream reference naming. 2025-05-28 17:23:55 +02:00
Napalys Klicius
f8f5d8f561 Exclude .pipe detection which are in a test file. 2025-05-28 17:18:39 +02:00
Napalys Klicius
5bb29b6e33 Now flags only .pipe calls which have an error somewhere down the stream, but not on the source stream. 2025-05-28 17:17:43 +02:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Napalys Klicius
5214cc0407 Excluded ngrx, datorama, angular, react and langchain from stream pipe query. 2025-05-27 09:45:37 +02:00
Napalys Klicius
1f6b3ad929 Update javascript/ql/src/codeql-suites/javascript-security-and-quality.qls 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-05-27 09:38:24 +02:00
Napalys Klicius
e964b175e6 Added maintainability and error-handling tags 2025-05-26 14:23:20 +02:00
Napalys Klicius
37024ade85 JS: Move query suite selector logic to javascript-security-and-quality.qls 2025-05-26 11:00:48 +02:00
Napalys Klicius
000e69fd48 Replaced fuzzy NonNodeStream MaD to a ql predicate to deal easier with submodules 2025-05-23 13:55:40 +02:00
Napalys Klicius
248f83c4db Added qhelp for UnhandledStreamPipe query 2025-05-23 13:35:36 +02:00
Napalys Klicius
b10a9481f3 Fixed false positives from strapi and rxjs/testing as well as when one passes function as second arg to pipe 2025-05-22 18:50:02 +02:00
Napalys Klicius
ac24fdd348 Add predicate to detect non-stream-like usage in sources of pipe calls 2025-05-22 18:49:59 +02:00
Napalys Klicius
5b1af0c0bd Added detection of custom gulp-plumber sanitizer, thus one would not flag such instances. 2025-05-22 18:49:53 +02:00
Asger F
9202a1b084 Merge pull request #19516 from asgerf/js/npm-package-name-join 
JS: More efficient nested package naming
 2025-05-22 12:46:43 +02:00