github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
67 318 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

9667 Коммитов

Автор SHA1 Сообщение Дата
github-actions[bot] 906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot] 33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Erik Krogh Kristensen c743abad54
Merge pull request #14294 from am0o0/amammad-js-CodeInjection_execa 
JS: provide command execution sinks for execa package
 2024-05-24 09:20:19 +02:00
Dave Bartolomeo 613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
erik-krogh c80f48b23a
Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-23 08:02:22 +02:00
Dave Bartolomeo ffe4c8c87b Update all pack versions to `1.0.0` 2024-05-22 13:39:08 -04:00
erik-krogh a30bac14e9
add change-note 2024-05-21 22:14:39 +02:00
erik-krogh 61c72361cd
move the "isFileTooLarge" earlier in the pipeline, so we're only doing it once 2024-05-21 20:01:24 +02:00
erik-krogh 241f977488
fix that very large TypeScript files would crash the extractor 2024-05-21 19:52:43 +02:00
Joe Farebrother 01a6c5e82f
Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
erik-krogh c166cb406a
Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
Erik Krogh Kristensen 03cf9b702c
Merge pull request #14291 from am0o0/amammad-js-CodeInjection_Shelljs 
JS: Shelljs improvement
 2024-05-17 11:14:11 +02:00
am0o0 42a9962519 make shellJSMember predicate private, improve predicate document 2024-05-16 14:05:06 +02:00
Asger F 499c4df79b
Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh 56dff8540f
add an example of how to get a floating point value between 0 and 1 2024-05-16 11:15:07 +02:00
erik-krogh 066f3b61a2
RandomSource is deprecated, it's crypto now 2024-05-16 11:14:50 +02:00
github-actions[bot] 32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot] 100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Chuan-kai Lin 1758a1e04b
Merge pull request #16422 from github/cklin/javascript-entities-reorder 
JS: Use entities in reorder directives
 2024-05-13 10:26:41 -07:00
Joe Farebrother da93a08639 Add change notes 
No change note is needed for Swift, as the new heuristics are unused and thus should not affect any queries.
 2024-05-09 10:03:20 +01:00
Joe Farebrother 9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother 5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
Chuan-kai Lin 9b51e0e0ee JS: Use entities in reorder directives 2024-05-03 11:17:13 -07:00
erik-krogh 39a8b49222
add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh b209fc67cb
test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
erik-krogh d9e8e0e00a
use some more standard values for credentials-kind for NodeJS client credentials 2024-05-03 13:58:37 +02:00
erik-krogh ff85db36e2
exclude credentials as kind `key` from hardcoded-credentials when the key looks like a dummy password 2024-05-03 13:58:11 +02:00
Owen Mansel-Chan 83249cd9c2
Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan 16dcc0969b
Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan 09e59ccf44
Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
github-actions[bot] 99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot] 5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Erik Krogh Kristensen 7e839792da
Merge pull request #16330 from erik-krogh/del-deps-apr-2024 
All: delete outdated deprecations
 2024-04-30 10:43:39 +02:00
erik-krogh 800d7546fa
change all the change-notes to breaking 2024-04-26 17:17:23 +02:00
erik-krogh 14d88eb3ce
add change-notes 2024-04-26 12:56:28 +02:00
erik-krogh baa31e1469
delete outdated deprecations 2024-04-25 22:19:28 +02:00
Asger F d0c9e3f7ad JS: Expose InternalModuleNaming 2024-04-25 13:33:17 +02:00
Asger F 9082972842
Merge pull request #16061 from RasmusWL/js-extractor-fix 
JS: More robust CommonJS/ES2015 detection logic for extractor
 2024-04-25 13:26:56 +02:00
Rasmus Wriedt Larsen 290b0fc4ab
Merge pull request #16308 from asgerf/js/model-generation-quote 
JS: Fix naming issue in generated models
 2024-04-25 11:36:36 +02:00
Paolo Tranquilli 9f5782b67b Bazel: introduce buildifier formatting 
This introduces tooling and enforcement for formatting bazel files.

The tooling is provided as a bazel run target from
[keith/buildifier-prebuilt](https://github.com/keith/buildifier-prebuilt).

This is used in a [`pre-commit`](https://pre-commit.com/) hook for those
having that installed. In turn this is used in a CI check. Relying on a
`pre-commit` action gives us easy checking that buildifying did not
change anything in the files and printing the diff, without having to
hand-roll the check ourselves.

This enforcement will make usage of gazelle easier, as gazelle itself
might reformat files, even outside of `go`. Having them properly
formatted will allow gazelle to leave them unchanged, without needing
to configure awkward exclude directives.
 2024-04-24 15:49:48 +02:00
Asger F db07c162e4 JS: Allow generated models to use (package) 2024-04-23 20:25:55 +02:00
Asger F 9d00f660f1 Update ModelGeneration.expected 2024-04-23 20:08:21 +02:00
Asger F e4f23b31c6 JS: Add quotes around package name to correct parsing 2024-04-23 20:04:23 +02:00
Nick Rolfe 003d208574 JS: do fewer regexp matches in SensitiveActions 2024-04-23 15:31:38 +01:00
Asger F ac34b922ec
Merge pull request #16241 from asgerf/js/re-export 
JS: Improve support for `export * as ...` declarations
 2024-04-19 10:03:17 +02:00
Asger F decd576a6b
Merge pull request #15386 from asgerf/js/graph-export 
JS: Add library for exporting graphs as type models
 2024-04-18 11:56:17 +02:00
Asger F 3c885f3969 JS: Fix bug in MkClassInstance use-nodes 
This only worked when the RHS was a SourceNode, which is not generally the case
 2024-04-18 10:06:11 +02:00
Asger F 64321b314f
Merge branch 'main' into js-extractor-fix 2024-04-17 20:55:54 +02:00
Asger F da33c220a6 JS: Update test output 2024-04-17 20:11:11 +02:00
Asger F eab96988bf JS: Add test for use steps 2024-04-17 14:46:00 +02:00