codeql

mirror of https://github.com/github/codeql.git synced 2026-03-06 23:56:48 +01:00

Author	SHA1	Message	Date
Asger F	f5a6485ef2	JS: Port experimental decodeJwtWithoutVerificationLocalSource	2024-12-03 14:30:19 +01:00
Asger F	72e522631d	JS: Port experimental jwtDecodeWithoutVerification to ConfigSig	2024-12-03 14:30:18 +01:00
Asger F	7e162f5451	JS: Port experimental EnvValueInjection to ConfigSig	2024-12-03 14:30:17 +01:00
Asger F	4f839070a0	JS: Port experimental EnvValueAndKeyInjection to ConfigSig	2024-12-03 14:30:16 +01:00
Asger F	8887ca1722	JS: Port an experimental CodeInjection variant to ConfigSig	2024-12-03 14:30:15 +01:00
Asger F	1832e93766	JS: Port FormParsers test to ConfigSig	2024-12-03 14:30:14 +01:00
Asger F	4d7401a074	JS: Deprecate tests for deprecated APIs Mainly adds 'deprecated' in front of a bunch of tests for deprecated APIs.	2024-12-03 14:30:12 +01:00
Asger F	3548544970	JS: Avoid some uses of deprecated guard classes in tests	2024-12-03 14:30:11 +01:00
Asger F	a568d8c086	JS: Port threat-model test to ConfigSig	2024-12-03 14:30:10 +01:00
Asger F	f758b67d30	JS: Openly recommend SummarizedCallable	2024-12-03 14:30:09 +01:00
Asger F	249104b8ae	JS: Update comments referring to old `Configuration` style Also avoid the term "analysis-specific" because it's not a term we use anywhere else.	2024-12-03 14:30:08 +01:00
Asger F	13ee597848	JS: Add some proper documentation to SummarizedCallable	2024-12-03 14:30:07 +01:00
Asger F	988fa9c0ef	JS: Deprecate AdditionalSanitizerGuardNode We're deprecating the class through an alias, but it is still the base class for a non-deprecated class, for backwards compatibility. For this reason we're also deprecating all of its member predicates so we can remove those in the future.	2024-12-03 14:30:06 +01:00
Asger F	0b1e859e70	JS: Remove uses of AdditionalSanitizerGuardNode	2024-12-03 14:30:05 +01:00
Asger F	c2abb0fbd0	JS: Remove reference to AdditionalSanitizerGuard from CachedStages	2024-12-03 14:30:04 +01:00
Asger F	82682d9a62	JS: Remove a non-deprecated reference to SanitizerGuardNode	2024-12-03 14:30:03 +01:00
Asger F	bc7753de29	JS: Remove non-deprecated reference to AdditionalBarrierGuardNode	2024-12-03 14:30:02 +01:00
Asger F	0cd2e3f9eb	JS: Deprecate old data flow library, except some guard-related nodes	2024-12-03 14:30:01 +01:00
Asger F	071189a9e9	Merge pull request #18175 from asgerf/jss/documentation JS: Update data flow documentation and tutorials for JavaScript	2024-12-03 14:23:29 +01:00
Asger F	e1aff15f29	Merge pull request #18125 from asgerf/jss/summary-type-tracker JS: Derive type-tracking steps from flow summaries	2024-12-03 12:40:56 +01:00
Asger F	27e61a1f3d	JS: Also update cheat sheet	2024-12-03 12:00:30 +01:00
Asger F	89463d73f5	JS: Remove mention of isAdditionalTaintStep	2024-12-03 11:51:46 +01:00
Asger F	935e1c065a	Update docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-12-03 11:49:45 +01:00
Asger F	89849fae87	Update docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-12-03 11:49:34 +01:00
Asger F	5e27257405	Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-12-03 11:49:22 +01:00
Asger F	054558d7b5	JS: Include content properties in type-tracker properties Reminder: we have two PropertyName classes because the one in Contents.qll can't depend on DataFlow::Node.	2024-12-03 09:58:54 +01:00
Asger F	8bca66493f	JS: Add test showing lack of inclusion in PropertyName	2024-12-03 09:57:02 +01:00
Asger F	404b0f24f2	JS: Fix another stray reference to BarrierGuardNode/SanitizerGuardNode	2024-12-02 13:29:52 +01:00
Asger F	422c089a39	JS: Remove redundant base class in TruthinessCheck	2024-12-02 13:26:37 +01:00
Asger F	628f60d2e3	JS: Update flow label tutorial	2024-12-02 10:34:02 +01:00
Asger F	2db89c1b02	JS: Update query17 from intro tutorial	2024-12-02 10:04:09 +01:00
Asger F	2722c45737	JS: Update global data flow tutorial .rst file	2024-12-02 10:04:08 +01:00
Asger F	103a6ea8a6	JS: Port tutorial query5	2024-12-02 10:04:07 +01:00
Asger F	02c5e49de8	JS: Port tutorial query4	2024-12-02 10:04:05 +01:00
Asger F	1f6335f9ba	JS: Port tutorial query3	2024-12-02 10:04:04 +01:00
Asger F	3319870d00	JS: Port tutorial query2	2024-12-02 10:04:02 +01:00
Asger F	32f020ee6f	JS: Port tutorial query1	2024-12-02 10:04:00 +01:00
Asger F	cab8a40d00	JS: Fix accidental recursion	2024-11-29 14:23:57 +01:00
Asger F	9c6b6981e2	JS: Add test to restrict dependencies	2024-11-29 14:23:56 +01:00
Asger F	2f0c80a98b	JS: Include summary steps in type tracking	2024-11-29 14:23:55 +01:00
Asger F	440cbb7f0a	JS: Add inline-expectation test for type tracking	2024-11-29 14:23:54 +01:00
Asger F	6349903110	JS: Move FlowSummary/Summaries.qll into testUtilities	2024-11-29 14:23:52 +01:00
Asger F	e34064e3b5	JS: Initial instantiation of sumamry type tracking Instantiates the library without using it yet.	2024-11-29 14:23:50 +01:00
Asger F	df12f255ac	JS: Rename propagatesFlowExt -> propagatesFlow	2024-11-29 14:23:49 +01:00
Asger F	66d6bda716	Merge pull request #18044 from asgerf/js/shared-dataflow-bump JS: Merge 'main' and implement 'speculativeTaintStep'	2024-11-27 15:43:27 +01:00
Asger F	805fd0b46e	JS: Refine speculative step definition	2024-11-26 15:56:56 +01:00
Asger F	8818fcc207	JS: Benign test output changes	2024-11-26 15:47:13 +01:00
Asger F	c94a01e6b6	JS: Remove reference to argsParseStep This was removed as part of the PR that introduced threat models.	2024-11-26 15:36:47 +01:00
Asger F	bf62582f53	JS: Implement 'speculativeTaintStep' It is a mandatory part of the interface now; just providing a bare-bones implementation for rather than 'none()'	2024-11-26 15:36:46 +01:00
Asger F	82d61e4194	Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main	2024-11-26 15:36:16 +01:00

1 2 3 4 5 ...

72479 Commits