hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

6335 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
26c1397216 CPP/CSharp/Javascript: Clean up QLDoc and bring the different XML.qll files closer. 2018-09-26 15:36:20 +02:00
semmle-qlci
a93939b827 Merge pull request #230 from esben-semmle/js/ad-hoc-whitelisting 
Approved by xiemaisi
 2018-09-26 14:14:25 +01:00
Aditya Sharad
75680dbfef Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Esben Sparre Andreasen
7c006d4530 Merge pull request #222 from xiemaisi/js/identity-replacement 
JavaScript: Add new query flagging identity replacements.
 2018-09-26 09:25:19 +02:00
Asger F
a47b1dc774 JS: recognize Express header access with dynamic name 2018-09-26 08:22:21 +01:00
Esben Sparre Andreasen
52061b35d8 JS: address review comments: improve regex, limit sanitizer usage 2018-09-26 09:20:07 +02:00
Asger F
ce11b5330d JS: recognize Express headers as RequestInputAccess 2018-09-26 07:58:44 +01:00
Max Schaefer
659c67c715 JavaScript: Produce friendlier message for empty-string replacements. 2018-09-25 11:27:12 +01:00
Max Schaefer
5fb22ba021 JavaScript: Handle zero-width assertions and sequences. 2018-09-25 11:27:12 +01:00
Max Schaefer
ec9a3c87a7 JavaScript: Do not flag case-insensitive replace. 2018-09-25 11:27:11 +01:00
Max Schaefer
1ab11109f9 JavaScript: Add new query flagging identity replacements. 2018-09-25 11:27:11 +01:00
Asger F
0936cda0e9 JS: avoid expensive join_rhs in callInputStep 2018-09-25 10:16:40 +01:00
Asger F
52c913b325 JavaScript: cache AdditionalPartialInvokeNode 2018-09-25 10:16:40 +01:00
Asger F
3ca7d6b4bf JavaScript: address comments 2018-09-25 10:16:40 +01:00
Asger F
269bbc9a1a JavaScript: add flow steps through partial function application 2018-09-25 10:16:40 +01:00
semmle-qlci
7f56be6fe2 Merge pull request #216 from asger-semmle/lusca-csrf 
Approved by esben-semmle
 2018-09-24 11:34:24 +01:00
semmle-qlci
46178271d1 Merge pull request #213 from asger-semmle/sendfile 
Approved by xiemaisi
 2018-09-24 11:32:46 +01:00
Esben Sparre Andreasen
42fc28bc55 JS: add ad hoc whitelist checks as sanitizers 2018-09-24 11:17:35 +02:00
Dave Bartolomeo
26abf5d4a2 Force LF for basically everything. 2018-09-23 16:24:31 -07:00
Denis Levin
8152cefa60 Squished changes for HttpToFileAccess commint 2018-09-21 16:44:01 -07:00
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
Esben Sparre Andreasen
2cedc81774 JS: polish js/enabling-electron-renderer-node-integration meta info 2018-09-19 13:45:42 +02:00
semmle-qlci
89f2dbf8db Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames 
Approved by asger-semmle
 2018-09-19 12:42:22 +01:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Asger F
e2cdf5d7ed JavaScript: add string concatenation library 2018-09-17 12:47:37 +01:00
Asger F
b20fd3c084 JS: recognize res.sendfile as alias for res.sendFile in Express 2018-09-17 11:31:10 +01:00
Esben Sparre Andreasen
bb48421d77 JS: address doc review comments 2018-09-17 11:08:35 +02:00
semmle-qlci
782e91bb97 Merge pull request #167 from bnxi/NodeIntegration 
Approved by esben-semmle
 2018-09-15 21:35:56 +01:00
Esben Sparre Andreasen
444a09a17c JS: add models of five file system libraries 2018-09-14 15:30:44 +02:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
Asger F
a3562aa4a7 Merge pull request #193 from esben-semmle/js/reduce-precision-of-remote-property-injection 
JS: lower @precision of js/remote-property-injection
 2018-09-14 11:14:13 +01:00
Esben Sparre Andreasen
e2fac8a03c JS: introduce concept: FileNameSource 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
6d3c1a1d22 JS: introduce fsModuleMember 2018-09-14 11:09:29 +02:00
Esben Sparre Andreasen
8de269e1fb JS: add support for fs-extra in NodeJSFileSystemAccess 2018-09-14 11:09:29 +02:00
semmle-qlci
abbadf24f0 Merge pull request #192 from esben-semmle/js/additional-array-taint-steps 
Approved by asger-semmle
 2018-09-14 10:02:36 +01:00
Esben Sparre Andreasen
81aeda69e1 JS: lower @precision of js/remote-property-injection 2018-09-14 07:37:47 +02:00
semmle-qlci
961ecfb43f Merge pull request #187 from esben-semmle/js/additional-whitelisting-form-unbound-event-handlers 
Approved by asger-semmle
 2018-09-14 06:35:39 +01:00
Esben Sparre Andreasen
4c13e6b46b JS: add additional array-specific taint steps 2018-09-13 21:36:53 +02:00
Jonas Jensen
9886e4a056 Merge remote-tracking branch 'upstream/master' into merge-master-next-20180913 2018-09-13 20:28:17 +02:00
Esben Sparre Andreasen
763da72ce5 JS: modernize old array taint steps 2018-09-13 15:52:25 +02:00
Esben Sparre Andreasen
ea37665ec6 JS: move array-specific taint steps to separate class 2018-09-13 15:52:25 +02:00
semmle-qlci
3d022298dc Merge pull request #186 from Semmle/rc/1.18 
Approved by esben-semmle
 2018-09-13 12:34:54 +01:00
Esben Sparre Andreasen
fcc33ce93d JS: whitelist auto-bind methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen
eb10f603ab JS: whitelist decorator-bound methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen
1220b50737 JS: whitelist _.bindAll-methods in js/unbound-event-handler-receiver 2018-09-13 08:41:41 +02:00
Aditya Sharad
767045b55d Merge rc/1.18 into next. 2018-09-12 14:59:54 +01:00
semmle-qlci
9e0ba51280 Merge pull request #179 from esben-semmle/js/classify-multi-license-fix 
Approved by asger-semmle
 2018-09-11 21:30:10 +01:00
Behrang Fouladi Azarnaminy
fc087ffb71 Replaceing query and test files with suggested ones 2018-09-11 12:32:56 -07:00