9292 Commits

Author	SHA1	Message	Date
Dilan	4fd7aec87f	Merge tag 'codeql-cli/latest' ... Compatible with the latest released version of the CodeQL CLI	2025-01-09 21:59:09 +00:00
github-actions[bot]	88b6f1e79a	Release preparation for version 2.20.1	2025-01-07 20:50:36 +00:00
Dave Bartolomeo	72a53c4b23	Revert "Release preparation for version 2.20.1"	2025-01-07 13:32:23 -05:00
github-actions[bot]	fbf9f2fff8	Release preparation for version 2.20.1	2025-01-07 17:20:13 +00:00
Dave Bartolomeo	22e030584c	Revert "Release preparation for version 2.20.1"	2025-01-07 12:14:27 -05:00
github-actions[bot]	a121c5a5d0	Release preparation for version 2.20.1	2025-01-06 18:20:22 +00:00
Michael Nebel	aaf0cd5dee	Merge pull request #17968 from michaelnebel/java/movetestutils ... Move test utilities to the query pack.	2024-12-16 13:41:30 +01:00
Michael Nebel	0bfc1b6ea8	Also move the postprocessing queries to the library pack.	2024-12-12 15:03:03 +01:00
Michael Nebel	941b0abbf6	Move modules to the library packs.	2024-12-12 15:03:01 +01:00
Geoffrey White	44a0ad2942	Update data-flow -> data flow in all versions of ConceptsShared.qll.	2024-12-12 13:36:26 +00:00
Michael Nebel	c3fe3e468c	Javascript: Update all test util paths to point to the new location.	2024-12-12 13:54:25 +01:00
Michael Nebel	0f146f1486	Javascript: Move test utilities into the query pack.	2024-12-12 13:54:23 +01:00
Dilan	2e6d9e7ca5	Merge tag 'codeql-cli/latest' ... Compatible with the latest released version of the CodeQL CLI	2024-12-10 18:26:05 +00:00
Henry Mercer	92d614dbcd	Add periods for consistency	2024-12-06 19:13:05 +00:00
github-actions[bot]	8c64648520	Release preparation for version 2.20.0	2024-12-06 19:10:28 +00:00
Henry Mercer	a6a4ad6400	Revert "Release preparation for version 2.20.0"	2024-12-06 19:00:27 +00:00
github-actions[bot]	cf71a1525b	Post-release preparation for codeql-cli-2.20.0	2024-12-04 18:36:17 +00:00
Henry Mercer	e0e82ad7ad	Add periods for consistency	2024-12-04 16:05:15 +00:00
github-actions[bot]	96564b7128	Release preparation for version 2.20.0	2024-12-04 16:01:14 +00:00
Henry Mercer	963f084d87	Merge branch 'main' into henrymercer/merge-back-rc-3.16	2024-12-04 13:39:10 +00:00
dilanbhalla	a7cdda7a5b	Revert "Failed Extraction Queries"	2024-12-03 10:50:15 -08:00
Jeroen Ketema	3d8493757e	JS: Update expected test results	2024-12-03 19:19:01 +01:00
Napalys Klicius	1e1674a08a	Merge pull request #18089 from Napalys/napalys/regexp-unknown-flags ... JS: RegExp unknown flags support and enhanced compatibility with RegExp objects	2024-12-03 09:43:13 +01:00
Dilan	0e25de1af0	Merge tag 'codeql-cli/latest' ... Compatible with the latest released version of the CodeQL CLI	2024-12-02 13:59:17 +00:00
Napalys Klicius	08ef0dc1f2	Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md ... Co-authored-by: Asger F <asgerf@github.com>	2024-12-02 13:35:52 +01:00
Napalys	9d4e737bc2	JS: follow proper code standards for get predicates ... Co-authored-by: asgerf <asgerf@github.com>	2024-11-29 11:32:10 +01:00
Napalys	3171f38cdd	JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects	2024-11-29 11:14:45 +01:00
Napalys Klicius	13afd6310b	Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2024-11-29 08:26:04 +01:00
Alex Eyers-Taylor	dbe9f22034	Fix broken changelog.	2024-11-28 19:31:25 +00:00
github-actions[bot]	b36f3f97ee	Release preparation for version 2.19.4	2024-11-28 19:28:05 +00:00
Alexander Eyers-Taylor	6f18d69925	Revert "Release preparation for version 2.19.4"	2024-11-28 19:19:56 +00:00
Napalys	d2de9a2238	Fixed change notes	2024-11-28 14:24:27 +01:00
Napalys Klicius	9ca0fe4cbf	Update RegExp handling and add test case ... Co-authored-by: erik-krogh <erik-krogh@github.com>	2024-11-28 14:13:40 +01:00
Napalys	fd773603e6	Added change notes	2024-11-28 12:04:09 +01:00
Napalys	9a1c1f4be3	JS: Added in RegExpCreationNode maybeGlobal predicate for more convenience.	2024-11-28 12:03:51 +01:00
Napalys	1d2e08a3b6	JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer	2024-11-28 11:26:58 +01:00
Napalys	62194f5337	JS: add test cases RegExp with unknown flags	2024-11-28 11:26:57 +01:00
Napalys	e673348ed3	JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information	2024-11-28 11:26:56 +01:00
Napalys	a2c46749c6	JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects	2024-11-28 11:26:55 +01:00
Napalys	1ca57cfb9d	JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results	2024-11-28 11:26:54 +01:00
Napalys	c71778f1aa	JS: xss does not flag anymore replace with RegExp unknown flags	2024-11-28 11:26:53 +01:00
Napalys	dbae553146	JS: add xss test cases with unknownflags for replace using RegExp	2024-11-28 11:26:52 +01:00
Napalys	fe28657c7d	JS: add test cases with unknown flags for double escaping, works as expected.	2024-11-28 11:26:51 +01:00
Napalys	98fd97799c	JS: imcomplete sanization now handles properly maybe global	2024-11-28 11:26:50 +01:00
Napalys	1ae174849f	JS: incomplete sanitization now also works with RegExp objects	2024-11-28 11:26:48 +01:00
Napalys	76318035ff	JS: Add test cases for RegExp object usage in replace within incomplete sanitization	2024-11-28 11:26:47 +01:00
Napalys	9c2366a660	JS: Added tests for ReDos with unknownFlags, everything seems to be good	2024-11-28 11:26:46 +01:00
Napalys	875478c1c6	JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall	2024-11-28 11:26:45 +01:00
Napalys	aa557cf950	JS: Added tests for DotRemovingReplaceCall with RegExp Object.	2024-11-28 11:26:44 +01:00
Napalys	a0df33c3ac	JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives.	2024-11-28 11:26:43 +01:00