github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
62 622 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

9363 Коммитов

Автор SHA1 Сообщение Дата
Aditya Sharad b1803d0ac2
Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
github-actions[bot] 8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot] 19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
erik-krogh a694928dd3
use the extractor option directly instead 2023-12-15 10:39:36 +01:00
erik-krogh ad4f464850
add warnOnImplicitThis 2023-12-15 09:55:30 +01:00
erik-krogh 9cc708b122
add integration test for the new extractor option to disable type extraction 2023-12-15 09:53:13 +01:00
Erik Krogh Kristensen a700aa4cde
Merge pull request #15110 from rvermeulen/rvermeulen/xml-attr-data-flow-node 
JavaScript: Add support for XML attributes in the data flow graph
 2023-12-14 21:45:57 +01:00
erik-krogh c752f26f91
use direct string comparison instead, that doesn't crash on invalid values 2023-12-14 20:43:16 +01:00
erik-krogh 5bbf79bf26
fix the parsing of boolean environment variables in the TypeScript extractor 2023-12-14 20:43:16 +01:00
erik-krogh 1a0d29ba8a
rename extractor environment variable to `CODEQL_EXTRACTOR_JAVASCRIPT_OPTION_SKIP_TYPES` 2023-12-14 20:43:16 +01:00
erik-krogh 62205f6a7f
add environment variable to skip extraction of types in TypeScript 2023-12-14 20:43:16 +01:00
erik-krogh b5fe0e5709
make sure `reset()` is called when manually invoking the TS extractor, so environment-variables are read 2023-12-14 20:43:16 +01:00
erik-krogh 96d1573978
move `TypeVarDepth` further up, so its declared before it's used 2023-12-14 20:43:15 +01:00
erik-krogh 10cf53b8d3
fix a `this` reference 
`this` didn't refer to anything specific, and it was in fact `undefined` in the context it was invoked. There was already a  `let typeTable = this;` further up (where `this` refers to the class instance), so I used `typeTable`.
 2023-12-14 20:43:15 +01:00
erik-krogh 43b228dbb4
exclude all the lib.d.ts files when running the TS extractor directly 
e.g. the `lib.es5.d.ts` file was not excluded
 2023-12-14 20:43:15 +01:00
Remco Vermeulen 133a243298
Add support for XML attributes in the data flow graph 2023-12-14 11:33:53 -08:00
erik-krogh 0db788bb10
use direct string comparison instead, that doesn't crash on invalid values 2023-12-14 14:50:17 +01:00
erik-krogh 5e91b2f5bc
fix the parsing of boolean environment variables in the TypeScript extractor 2023-12-14 14:40:10 +01:00
Erik Krogh Kristensen 063f69c10e
Merge pull request #15072 from erik-krogh/ts-various 
JS: Various TypeScript extraction fixes.
 2023-12-14 14:17:42 +01:00
erik-krogh 72e99b5b9d
rename extractor environment variable to `CODEQL_EXTRACTOR_JAVASCRIPT_OPTION_SKIP_TYPES` 2023-12-14 12:52:49 +01:00
Tom Hvitved c8b4a215bc
Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Jeroen Ketema 99e65df6ce
Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
Tom Hvitved a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
erik-krogh 896432b646
add environment variable to skip extraction of types in TypeScript 2023-12-12 12:25:00 +01:00
erik-krogh cf31ef4960
make sure `reset()` is called when manually invoking the TS extractor, so environment-variables are read 2023-12-12 10:51:09 +01:00
erik-krogh c246a9c12c
move `TypeVarDepth` further up, so its declared before it's used 2023-12-12 10:34:42 +01:00
erik-krogh 13a01e1545
fix a `this` reference 
`this` didn't refer to anything specific, and it was in fact `undefined` in the context it was invoked. There was already a  `let typeTable = this;` further up (where `this` refers to the class instance), so I used `typeTable`.
 2023-12-12 10:32:31 +01:00
erik-krogh ca95a6e9cf
exclude all the lib.d.ts files when running the TS extractor directly 
e.g. the `lib.es5.d.ts` file was not excluded
 2023-12-12 10:29:09 +01:00
Tom Hvitved 28373e0fdf JS: Adapt to changes in shared code 2023-12-10 11:25:43 +01:00
erik-krogh e8f9e366d5
remove redundant imports for JS 2023-12-08 16:56:54 +01:00
github-actions[bot] 92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot] c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Felicity Chapman 4cb2f53223
Remove unwanted period from query name 
Our style guide states that names should not end in a period. I'm updating this now to allow us to automate a process for GitHub docs, see: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name
 2023-11-30 14:31:17 +00:00
Rafael 1a05c2e704
Added Django test 2023-11-29 08:26:49 +01:00
Rafael 0a74a3a765
Update javascript/ql/src/change-notes/2023-11-28-django-urls.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-11-29 08:23:02 +01:00
Rafael 0b0c9e3e48
Create 2023-11-28-django-urls.md 2023-11-28 22:29:53 +01:00
Rafael 286e3951bf
Detect Django template URLs 
Django URLs are currently not detected, but flask and nunjucks URL are. (See https://github.com/github/codeql/issues/12267)
 2023-11-28 22:22:07 +01:00
erik-krogh abb8d65483
Merge branch 'main' into amammad-js-SQLI 2023-11-23 21:17:58 +01:00
erik-krogh 43c76468c9
add change-note 2023-11-23 21:17:33 +01:00
amammad 60b422a35c fix second round of code review. improve documents, fix better-sqlite3 method 2023-11-23 14:01:38 +01:00
erik-krogh dd1e71ace9
update the JS change notes to mention security severity instead of just severity 2023-11-23 10:28:22 +01:00
amammad eb552b7c93 add failingPositiveTests to inlinetests 2023-11-22 08:00:38 +01:00
amammad 0328a2986d move TypeORM library file and tests to experimental 
add inline tests :)
Fix TypeORM fuzzy method according to Review
 2023-11-21 19:59:06 +01:00
amammad 999ec7053e fix Query class docstring 2023-11-21 18:56:05 +01:00
Max Schaefer 2c5ce3216e
Merge pull request #14846 from github/max-schaefer/js/path-injection 
Update qhelp for js/path-injection.
 2023-11-21 13:50:41 +00:00
Max Schaefer dfffa1e237
Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-11-21 10:07:11 +00:00
erik-krogh 5611a3e417
use exact version 2023-11-20 20:48:51 +01:00
erik-krogh 10b3efa667
update to the stable version of TypeScript 5.3 2023-11-20 20:32:24 +01:00
erik-krogh dde9a7cd7e
Merge branch 'main' into ts53-ts 2023-11-20 20:31:00 +01:00
Max Schaefer d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00