hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,226 Commits 1,671 Branches 157 Tags
fec80973a9425632b51a46617b74628677af0da2
Commit Graph

8727 Commits

Author SHA1 Message Date
erik-krogh
27c29303da add test diagnostics test for internal error 2023-03-23 13:12:51 +01:00
Alex Ford
0f267e012a Merge pull request #12631 from alexrford/js/weak-cryptographic-algorithm_space 
JS: add a missing space in alert message for `js/weak-cryptographic-algorithm`
 2023-03-22 14:12:35 +00:00
Erik Krogh Kristensen
663d4e8e3b Merge pull request #12592 from erik-krogh/rhsRegress 
JS: Fix performance regression in the `GetLaterAccess` module.
 2023-03-22 12:55:56 +01:00
Alex Ford
b000b9b5c0 JS: add a missing space in alert message for js/weak-cryptographic-algorithm 2023-03-22 11:12:13 +00:00
Erik Krogh Kristensen
bdab57b9d3 Update javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-03-22 10:19:48 +01:00
erik-krogh
c023af7308 manual recursion, and other join-order 2023-03-21 15:22:10 +01:00
erik-krogh
070468ab68 fix performance 2023-03-21 15:19:38 +01:00
erik-krogh
34fe1a8f5e use SSA in the GetLaterAccess module 2023-03-21 15:19:15 +01:00
Asger F
6d665da4dc Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Erik Krogh Kristensen
540542ceb5 Merge pull request #12518 from erik-krogh/more-express-sources 
JS: recognize more express URL related sources
 2023-03-20 08:49:11 +01:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
Asger F
d537f86324 Merge pull request #12555 from asgerf/js/block-modes 
JS: Include weak block modes as sink in weak crypto algorithm
 2023-03-17 13:23:23 +01:00
Henry Mercer
9d05d94f49 Merge pull request #12568 from github/rc/3.9 
Merge `rc/3.9` back to `main`
 2023-03-17 12:14:31 +00:00
erik-krogh
f1094cd3d6 bump to stable release 2023-03-16 22:38:54 +01:00
erik-krogh
f3c7aed1f9 bump to RC 2023-03-16 22:37:58 +01:00
erik-krogh
e00c41c6e2 add change-note and bump version 2023-03-16 22:37:56 +01:00
erik-krogh
a63739915d add test confirming support for const type parameters 2023-03-16 22:37:35 +01:00
erik-krogh
2c1c41d8a3 add test confirming end-to-end support for well-typed decorators with the new TS 5.0 type ClassMethodDecoratorContext 2023-03-16 22:37:35 +01:00
erik-krogh
d47659b48e upgrade to TypeScript 5.0 beta, and unbreak things that broke 2023-03-16 22:37:35 +01:00
Henry Mercer
74cc1a42d0 JS: Update for renamed com.semmle.util.diagnostics package 2023-03-16 18:19:10 +00:00
Asger F
bce1f29a7e JS: Add change note 2023-03-16 14:55:00 +01:00
Asger F
86a06bde72 JS: Flag crypto operations with weak block mode 2023-03-16 14:52:52 +01:00
Asger F
e907d685f4 JS: Add crypto test with AES-ECB 2023-03-16 14:52:18 +01:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
erik-krogh
f718d78a9a avoid redundant sources 2023-03-16 13:34:01 +01:00
erik-krogh
54ec047433 ReDoS: put an artificial limitation on the analysis in polynomial-redos for large regular expressions 2023-03-16 12:20:53 +01:00
erik-krogh
a72436f6f1 recognize more express URL related sources 2023-03-15 10:14:31 +01:00
Arthur Baars
fbe9823a42 Merge branch 'main' into henrymercer/polish-diagnostics 2023-03-14 23:42:33 +01:00
Henry Mercer
1394abcf98 JS: Update diagnostics IDs for consistency with rules 2023-03-14 21:44:19 +00:00
Henry Mercer
1f63c5d5e4 JS: Update parse error diagnostic name for consistency 2023-03-14 21:43:32 +00:00
Asger F
feb7c49006 Merge pull request #12382 from asgerf/js/import-assertion 
JS: Support import assertions
 2023-03-14 14:56:32 +01:00
Asger F
d953ad63fe Merge pull request #12445 from asgerf/js/react-forward-ref 
JS: Handle forwardRef in React
 2023-03-14 13:21:16 +01:00
Asger F
d74da30fc7 JS: Include trap test for trailing commas 2023-03-14 13:15:12 +01:00
Asger F
8ab3f39b5e Merge pull request #12423 from asgerf/js/trusted-types-global-flow 
JS: Track trusted types policy callbacks
 2023-03-14 13:09:50 +01:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Asger F
5461f94c6c Merge pull request #12424 from asgerf/js/html-sanitizer-for-sql 
JS: Add html sanitizers as a taint step in a few queries
 2023-03-13 11:36:19 +01:00
Asger F
41dd63adc7 Handle forwardRef in React 2023-03-13 11:30:18 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Arthur Baars
7b8ac609f7 Merge pull request #12478 from aibaars/js-fix-npe 
JS: fix NPE
 2023-03-10 18:49:46 +01:00
Arthur Baars
1a70297662 JS: fix NPE 2023-03-10 12:52:41 +01:00
Anders Schack-Mulligen
8d97fe9ed3 JavaScript: Autoformat 2023-03-10 09:41:20 +01:00
Henry Mercer
079451142e Merge branch 'main' into codeql-ci/atm/release-0.4.9 2023-03-09 16:08:22 +00:00
github-actions[bot]
a82aaea514 JS: Bump version of ML-powered library and query packs to 0.4.10 2023-03-09 15:54:49 +00:00
github-actions[bot]
f0bb25bfce JS: Bump patch version of ML-powered library and query packs 2023-03-09 15:46:31 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Arthur Baars
942cd7c275 Merge pull request #12113 from erik-krogh/diagnostics 
JS: Implement diagnostics
 2023-03-09 12:57:06 +01:00
Arthur Baars
7ab0f88f78 JS: add link to docs to parse error diagnostic 2023-03-08 16:47:43 +01:00
Arthur Baars
e5be8ab1e5 JS: add integration test for diagnostic messages 2023-03-08 16:04:49 +01:00
Asger F
05b5aea477 JS: Changenote 2023-03-07 13:15:44 +01:00