hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,600 Commits 1,671 Branches 157 Tags
codeql-cli/v2.18.3
Commit Graph

9909 Commits

Author SHA1 Message Date
github-actions[bot]
0db6379602 Release preparation for version 2.18.3 2024-08-27 17:50:22 +00:00
Henry Mercer
0f44cd3f62 Revert "Release preparation for version 2.18.3" 2024-08-27 18:19:25 +01:00
github-actions[bot]
17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Asger F
7a7ab457a9 JS: Delete unneeded test code (and shift line numbers) 2024-08-16 14:38:54 +02:00
Asger F
9ee7599aeb JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query 
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
 2024-08-16 14:37:13 +02:00
Asger F
699d3a0a0a JS: Update a RegExp injection test 
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
 2024-08-16 14:20:34 +02:00
Asger F
467256d465 JS: Add change note 2024-08-16 11:06:59 +02:00
Asger F
2d264052b3 JS: Treat browser message events as client-side sources 2024-08-16 11:02:12 +02:00
Tom Hvitved
0fcfb47423 Sync shared files 2024-08-13 13:34:45 +02:00
Alexander Eyers-Taylor
ffd811a55d Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
Erik Krogh Kristensen
41506fbfef Merge pull request #14666 from am0o0/amammad-js-hardcodedJWTKey 
JS: Extends CredentialsNode class mostly related to JWT authentication packages
 2024-08-08 10:20:45 +02:00
am0o0
b64cb4da09 remove a part of code related to debugging :) 2024-08-07 20:37:20 +02:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
erik-krogh
bef4fe627d make sure the new identifiers have end-locations 2024-08-07 10:25:22 +02:00
erik-krogh
b8187ed294 support arbitary export specifiers 2024-08-06 20:45:57 +02:00
erik-krogh
5f7f37f6c8 support arbitary import specifiers 2024-08-06 20:45:53 +02:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
am0o0
e4deb7d304 apply autoformating for HardcodedCredentials.ql 2024-08-05 14:58:37 +02:00
am0o0
fce183c7cb apply autoformat to HardcodedCredentialsCustomizations.qll 2024-08-05 14:25:15 +02:00
am0o0
354fcbe7fe apply changes from @erik-krogh 2024-08-01 20:14:36 +02:00
github-actions[bot]
49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot]
368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin
23320b6e5e Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot]
55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
Cornelius Riemenschneider
620582fc09 Address review. 2024-07-19 10:50:11 +02:00
Cornelius Riemenschneider
3badd61a56 Integration tests: port to pytest. 
Requires an internal PR.
 2024-07-18 16:36:11 +02:00
aegilops
79980a98a2 Added links to eventual location of CUSTOMIZING.md 2024-07-12 14:21:50 +01:00
Paul Hodgkinson
11249e7182 Apply suggestions from code review - docs tweaks of CUSTOMIZING.md 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 14:20:03 +01:00
Paul Hodgkinson
c9af53f050 Merge branch 'main' into aegilops/polyfill-io-compromised-script 2024-07-12 12:53:44 +01:00
aegilops
61df4d2f04 Merge branch 'aegilops/polyfill-io-compromised-script' of https://github.com/aegilops/codeql into aegilops/polyfill-io-compromised-script 2024-07-12 12:49:18 +01:00
aegilops
00d91dc6ba Created guide on customizing these queries, and referenced it in the query help 2024-07-12 12:49:09 +01:00
aegilops
040f948e65 Added a note that SRI can be considered for some dynamic services 2024-07-12 12:48:36 +01:00
Paul Hodgkinson
3f37fe6add Apply suggestions from code review - docs and wording 
Docs suggestions accepted, thank you 🙏

Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-07-12 11:48:39 +01:00
aegilops
d71be8aeaf Moved from experimental into default queries 2024-07-11 11:44:01 +01:00
Paul Hodgkinson
412ad177c2 Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-11 11:01:38 +01:00
aegilops
01ec7c22df Fixed test 2024-07-09 19:19:06 +01:00
aegilops
0aab2aef3b Formatting of QLL 2024-07-09 18:16:37 +01:00
aegilops
dae2aeb7d3 QLDoc 2024-07-09 18:16:02 +01:00
aegilops
86afd54a9b Moved new query to 'experimental' 
Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io
 2024-07-09 16:38:01 +01:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
aegilops
5a3328b07a Merge branch 'aegilops/js/insecure-helmet-middleware' of https://github.com/aegilops/codeql into aegilops/js/insecure-helmet-middleware 2024-07-08 11:31:15 +01:00
aegilops
2aff2a7385 Fixed code markup 2024-07-08 11:31:06 +01:00
Paul Hodgkinson
d896fdf9fa Merge branch 'main' into aegilops/js/insecure-helmet-middleware 2024-07-08 11:25:47 +01:00
aegilops
c003f265b0 Fixed missing li closing tag 2024-07-08 10:58:06 +01:00
aegilops
1fe14e26b1 Split out "compromised" functionality 2024-07-08 10:56:12 +01:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
Erik Krogh Kristensen
1c0c51faaf Merge pull request #16904 from igfoo/igfoo/shouldExtract 
JS: Remove call to shouldExtract
 2024-07-04 12:44:54 +02:00
Ian Lynagh
95a418aa14 JS: Remove call to shouldExtract 
It always returns true nowadays.
 2024-07-04 09:42:07 +01:00