Pinned
4,108 contributions in the last year
Contribution activity
February 2023
Created 33 commits in 1 repository
Created a pull request in github/codeql that received 2 comments
PY: Sync a dataflow config
The synced files check is failing on main.
This should fix it.
+35
−35
•
2
comments
Opened 13 other pull requests in 1 repository
github/codeql
6
open
6
merged
1
closed
- PY: delete the cached-stages-pattern from Python
-
JS: Actually extract
.html.erbfiles. - JS: also consider relative exports when finding library inputs
- JS: Add more alias steps to unsafe-html-construction
-
JS: add process.env and process.argv etc. as source for
js/regex-injection - JS: dont recognize regexps that match dot as sanitizers
- JS: More library inputs
-
JS: add
HtmlSanitizeras a sanitizer DOMBasedXss - JS: add express-ws as a source
- JS: Implement diagnostics
- JS: use SSA in the GetLaterAccess module
- QL: simplify the QL-for-QL workflow, which should also fix the cache
- PY: add tracking of strings to compile-sites for poly-redos
Reviewed 15 pull requests in 1 repository
github/codeql
15 pull requests
- Py: add unsafe-shell-command-construction
- JS: Implement diagnostics
-
JS: Sanitizer for
sanitizer(x) === true - JS: add express-ws as a source
-
Move
NumberUtils.qllfrom Ruby into sharedutilpack - Python/Ruby/JS Crypto: Add a few algorithms + block modes
- build(deps): bump serde_json from 1.0.92 to 1.0.93 in /ql
- RB: add query detecting validators that use badly anchored regular expressions on library/remote input
- QL: simplify the QL-for-QL workflow, which should also fix the cache
- build(deps): bump serde_json from 1.0.91 to 1.0.92 in /ql
- Add MacOS Ventura to supported platforms
-
JS: Use shared
CryptographicOperationconcept - Post-release preparation for codeql-cli-2.12.2
- Update JS CleartextLogging qhelp
- Bump tracing from 0.1.35 to 0.1.37 in /ql
67
contributions
in private repositories
Feb 1 – Feb 15