codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00

Author	SHA1	Message	Date
Asger F	c9c281cb9a	JS: Change note	2023-04-26 12:50:59 +02:00
Asger F	a446c5452d	JS: Update test output	2023-04-26 11:44:56 +02:00
Asger F	ff67118097	JS: Add hanging test case	2023-04-25 11:27:40 +02:00
Nate Johnson	4ae8377713	Merge branch 'main' into js-insecure-http-parser	2023-04-18 22:00:13 -04:00
Nate Johnson	78229bb264	Moved into experimental	2023-04-18 21:59:14 -04:00
Alex Ford	924ce250dd	Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 Post-release preparation for codeql-cli-2.13.0	2023-04-18 14:40:40 +01:00
Arthur Baars	e5d89b969a	Merge pull request #12780 from aibaars/shared-yaml-lib JS: extract YAML library to a shared pack	2023-04-18 11:09:53 +02:00
Tom Hvitved	f6d000eb20	Merge pull request #12805 from hvitved/remove-queries-xml Remove all `queries.xml` files	2023-04-18 10:52:14 +02:00
Kasper Svendsen	9d34d090ab	Merge pull request #12843 from kaspersv/kaspersv/prevent-bad-js-join-order Prevent JS join order regression	2023-04-18 09:09:43 +02:00
Nate Johnson	bbb1ee9597	Merge branch 'main' into js-insecure-http-parser	2023-04-18 00:45:32 -04:00
Nate Johnson	cb90f9af3c	Fix to include specification of flag in NODE_OPTIONS	2023-04-18 00:41:48 -04:00
Nate Johnson	522a285d9e	Qhelp file for explanation	2023-04-18 00:41:28 -04:00
Nate Johnson	2e27447c65	Include example	2023-04-18 00:41:11 -04:00
smiddy007	e4ec1ae261	Update InsufficientPasswordHash.qhelp change file name to original	2023-04-17 13:18:47 -04:00
smiddy007	88d2f65c5f	Rename InsufficientPasswordHash_NodeJS_fixed.js to InsufficientPasswordHash_fixed.js	2023-04-17 13:17:13 -04:00
smiddy007	cbe45f7e55	Rename InsufficientPasswordHash_NodeJS.js to InsufficientPasswordHash.js	2023-04-17 13:16:57 -04:00
smiddy007	36d7370998	Delete InsufficientPasswordHash_CryptoJS_fixed file not used in qhelp	2023-04-17 13:16:25 -04:00
smiddy007	e65daaae49	Delete InsufficientPasswordHash_CryptoJS.js not used in qhelp file	2023-04-17 13:15:10 -04:00
github-actions[bot]	648f0e19ec	Post-release preparation for codeql-cli-2.13.0	2023-04-17 15:39:24 +00:00
Kasper Svendsen	ad82433a88	Prevent JS join order regression	2023-04-17 13:24:19 +02:00
Arthur Baars	34d3040ce2	Add change note	2023-04-17 12:59:14 +02:00
Asger F	13b1e97caa	JS: Fix the ExtendCall restriction	2023-04-17 12:30:08 +02:00
Asger F	eafef91dbc	JS: Update test output after ExtendCall restriction	2023-04-17 12:28:23 +02:00
Asger F	024760610a	JS: Add prototype pollution test	2023-04-17 12:27:34 +02:00
Asger F	2f4a181a7d	JS: revert path sanitizers in proto pollution query	2023-04-17 12:21:00 +02:00
Asger F	04079752f7	JS: update test output after adding 'this' sanitizer	2023-04-17 12:15:46 +02:00
Asger F	f87f6c8556	JS: Add test to unsafe jquery plugin	2023-04-17 12:15:05 +02:00
Asger F	b728f71b4b	JS: Move 'this' sanitizer to customizations	2023-04-17 12:11:18 +02:00
Asger F	62dca44ee5	Update UntrustedDataToExternalAPI.expected	2023-04-17 08:23:04 +02:00
Asger F	c250ba7f27	JS: Undo sanitization of path.normalize()	2023-04-17 08:23:04 +02:00
Asger F	9db63c3a6a	JS: Change note	2023-04-17 08:23:04 +02:00
Asger F	b0d4b31103	JS: Trim whitespace in test	2023-04-17 08:23:04 +02:00
Asger F	c7f16cd224	JS: Add test	2023-04-17 08:23:03 +02:00
Asger F	0d598c437d	JS: Fix observed FPs in UnsafeJQueryPlugin	2023-04-17 08:20:18 +02:00
Asger F	b321151a28	JS: Restrict ExtendCall flow in proto pollution query	2023-04-17 08:20:18 +02:00
Asger F	efb582b661	JS: Drive-by fix to newly gained FPs	2023-04-17 08:20:18 +02:00
Asger F	869c6d27fe	JS: Add implied receiver steps	2023-04-17 08:20:18 +02:00
Asger F	74dbc71535	JS: Change Extend steps to PreCallGraphStep	2023-04-17 08:20:18 +02:00
github-actions[bot]	075d063370	Release preparation for version 2.13.0	2023-04-14 13:31:30 +00:00
Erik Krogh Kristensen	cece307c60	Merge pull request #12802 from erik-krogh/history-xss JS: add browser history as XSS sink	2023-04-14 13:35:19 +02:00
Alex Eyers-Taylor	c6a482819a	Bump all qlpacks major versions	2023-04-13 19:15:27 +01:00
Alex Ford	8c46bfd051	Merge pull request #12816 from github/rc/3.9 Merge `rc/3.9` into `main`	2023-04-13 12:35:41 +01:00
Tom Hvitved	3cc9dec9c8	Remove all `queries.xml` files	2023-04-13 11:18:58 +02:00
Arthur Baars	ead8108aed	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-04-13 11:11:55 +02:00
Erik Krogh Kristensen	cfb273ae01	Merge pull request #12799 from erik-krogh/oneColumn JS: use 1-based column locations for diagnostics	2023-04-12 14:48:20 +02:00
Asger F	b819f55203	Merge pull request #12792 from asgerf/js/redux-model-perf JS: add getForwardingFunction and use to sharpen useSelector model	2023-04-12 14:09:59 +02:00
erik-krogh	d3cc1d6991	update expected output of diagnostics test	2023-04-12 13:42:05 +02:00
erik-krogh	b1957623c1	add browser history as XSS sink	2023-04-12 13:38:18 +02:00
Erik Krogh Kristensen	8cb54b748b	Merge pull request #12787 from tyage/add-router-sink JS: Add New XSS sink - Next.js router.push/replace	2023-04-12 13:30:21 +02:00
Arthur Baars	83cd55cb29	Js/Yaml: add getFile() predicate	2023-04-11 16:01:44 +01:00

1 2 3 4 5 ...

8113 Commits