github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
61 816 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

9332 Коммитов

Автор SHA1 Сообщение Дата
erik-krogh e8f9e366d5
remove redundant imports for JS 2023-12-08 16:56:54 +01:00
Felicity Chapman 4cb2f53223
Remove unwanted period from query name 
Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name
 2023-11-30 14:31:17 +00:00
Rafael 1a05c2e704
Added Django test 2023-11-29 08:26:49 +01:00
Rafael 0a74a3a765
Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael 0b0c9e3e48
Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael 286e3951bf
Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
erik-krogh abb8d65483
Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
erik-krogh 43c76468c9
add change-note 2023-11-23 21:17:33 +01:00
amammad 60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
erik-krogh dd1e71ace9
update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
amammad eb552b7c93 add failingPositiveTests to inlinetests 2023-11-22 08:00:38 +01:00
amammad 0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad 999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
Max Schaefer 2c5ce3216e
Merge pull request #14846 from github/max-schaefer/js/path-injection 
Update qhelp for js/path-injection.
 2023-11-21 13:50:41 +00:00
Max Schaefer dfffa1e237
Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
erik-krogh 5611a3e417
use exact version 2023-11-20 20:48:51 +01:00
erik-krogh 10b3efa667
update to the stable version of TypeScript 5.3 2023-11-20 20:32:24 +01:00
erik-krogh dde9a7cd7e
Merge branch 'main' into ts53-ts 2023-11-20 20:31:00 +01:00
Max Schaefer d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
github-actions[bot] bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot] 6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Henry Mercer de83929a60 Remove LoC metrics from the analysis summary 2023-11-16 11:36:44 +00:00
Remco Vermeulen 52540b42fc
Merge branch 'main' into rvermeulen/javascript-adjust-security-severity 2023-11-14 11:21:38 -08:00
Remco Vermeulen 6bd7047e41
Restore XssThroughDom.ql's severity 2023-11-14 11:20:51 -08:00
Cornelius Riemenschneider 97fd2033f1 Take our node, not the one that comes first on the PATH. 2023-11-09 22:00:00 +01:00
Cornelius Riemenschneider b4ec13235d Address review. 2023-11-09 09:40:29 +01:00
Cornelius Riemenschneider 6b37d2009b
Merge branch 'main' into criemen/js-bazel 2023-11-08 16:11:47 +01:00
Rasmus Wriedt Larsen 43d9d2ceb7
Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Erik Krogh Kristensen f643fd7d74
Merge pull request #14716 from erik-krogh/invalid-main 
JS: catch when the main: path is invalid on Windows
 2023-11-08 08:33:58 +01:00
Geoffrey White b63294764b
Merge pull request #14705 from geoffw0/qhelplink 
Fix a dead ReDoS link in docs
 2023-11-07 17:40:19 +00:00
erik-krogh ae577d1e44
catch when the main: path is invalid on Windows 2023-11-07 17:42:21 +01:00
Geoffrey White e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Cornelius Riemenschneider be02512dfe Add a build system for the junit tests. 
This is a bit more complicated than our usual setup, as we both need to
unzip the typescript parser wrapper, and make node accessible on the path.
 2023-11-06 17:58:28 +01:00
amammad 36f0a78450 fix typeorm test.ts according to Review 2023-11-06 16:23:35 +01:00
amammad d7f1e19d40 fix sqlite.js test according to Review 2023-11-06 15:22:36 +01:00
amammad cc5dd3180a fix better-sqlite3 tests according to Review 2023-11-06 15:18:55 +01:00
amammad c858e4974d fix Sqlite and BetterSqlite3 issues according to Review 2023-11-06 14:57:40 +01:00
Cornelius Riemenschneider 52fcc5f435 Export test data directories. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider 63854e36b4 Use the TestPaths helper to lookup files. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider a773532d07 Refactor JS test suite to be more in line with other Java projects. 
Therefore, we move the test suite out of the `src` directory.
 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider 6c7ea86a12 Introduce a bazel-based build for the entire JS pack. 2023-11-06 13:47:56 +01:00
Cornelius Riemenschneider 465eb00228 More fine-grained dependency on internal extractors. 2023-11-06 13:44:28 +01:00
Arthur Baars 01e7d57dba Add changenote 2023-11-06 13:38:33 +01:00
Arthur Baars 7f4bcdfa64 Rename test files 2023-11-06 13:38:33 +01:00
Arthur Baars eecf32db4d Add tests for deprecated 'assert' syntax 2023-11-06 13:38:33 +01:00
Arthur Baars 4192d09e5c Add tests for deprecated 'assert' syntax 2023-11-06 13:38:33 +01:00
Arthur Baars b4d89f7554 Replace 'assert' with 'with' in QL test files 2023-11-06 13:38:33 +01:00
Arthur Baars 3d45944649 Rename 'assertions' to 'attributes' in JS extractor 2023-11-06 13:38:32 +01:00
Arthur Baars bd62ec294e Support TS 5.3 import attributes (previously import assertions) 2023-11-06 13:38:32 +01:00
Arthur Baars 1067dd9dd3 Auto-format 2023-11-06 13:38:32 +01:00