hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

6335 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
e95cceef1d import all the shared XSS sources and sinks 2019-11-15 15:41:53 +01:00
Esben Sparre Andreasen
8e8215893f JS: fix mjs check for extensionless files 2019-11-15 14:38:27 +01:00
Erik Krogh Kristensen
65a018ceed use flow labels to avoid dual configurations 2019-11-15 14:37:46 +01:00
Erik Krogh Kristensen
f813e06680 Merge pull request #2345 from Semmle/esbena-patch-3 
Update FlowSteps.qll
 2019-11-15 14:04:14 +01:00
Erik Krogh Kristensen
8d2ae136b0 move String.prototype.match taint step to a general AdditionalTaintStep 2019-11-15 12:52:54 +01:00
semmle-qlci
2f63b89941 Merge pull request #2338 from esbena/js/model-get-them-args 
Approved by max-schaefer
 2019-11-15 11:50:45 +00:00
Esben Sparre Andreasen
a3deb7d4e0 Update FlowSteps.qll 2019-11-15 12:44:04 +01:00
Asger F
e3b15a98c4 JS: Add prop names for array element pattern PropReads 2019-11-15 11:16:50 +00:00
Esben Sparre Andreasen
c3fdfdecab JS: rename DefaultParsedCommandLineArgumentsAsSource 2019-11-15 10:40:15 +01:00
Asger F
66db38266b JS: Add qldoc to HostnameRegexpShared 2019-11-15 09:27:21 +00:00
Asger F
6809eed543 JS: Stats and upgrade script 2019-11-15 09:27:21 +00:00
Asger F
607aed37ee Update javascript/ql/src/semmle/javascript/Expr.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
77e5305b9b Update javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:21 +00:00
Asger F
4d1f7836f2 JS: Check for [^.] 2019-11-15 09:27:21 +00:00
Asger F
a7a90b4b7e JS: Disregard capture groups in lookaround assertions 2019-11-15 09:27:20 +00:00
Asger F
2242df920f JS: More qldoc 2019-11-15 09:27:20 +00:00
Asger F
dc6c15cbb9 Update javascript/ql/src/semmle/javascript/Regexp.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-15 09:27:20 +00:00
Asger F
dd9274e42c JS: Docs regarding regexp terms in string literals 2019-11-15 09:27:20 +00:00
Asger F
4680e3a89a JS: Simplify charpred of Match 2019-11-15 09:27:20 +00:00
Asger F
c01005a610 JS: Remove outdated comment 2019-11-15 09:27:20 +00:00
Asger F
153d34638b JS: Fix a FP 2019-11-15 09:27:20 +00:00
Asger F
8c5b9b9195 JS: Add missing post-anchor case to MissingRegExpAnchor 2019-11-15 09:27:20 +00:00
Asger F
17ad97812e JS: Fix FPs from TLDs without a domain name 2019-11-15 09:27:20 +00:00
Asger F
20fb7717d8 JS: Use type inference to refine regexp string tracking 2019-11-15 09:27:20 +00:00
Asger F
e45c361d64 JS: Port IncompleteHostnameRegExp 2019-11-15 09:27:20 +00:00
Asger F
9ecab1b5d5 JS: Port unanchored RegExp query but for hostnames only 2019-11-15 09:27:20 +00:00
Asger F
e5f2f9e43e JS: Do not flag semi-anchored regexps in .replace() 2019-11-15 09:27:20 +00:00
Asger F
3e37950170 JS: Whitelist one more FP case 2019-11-15 09:27:20 +00:00
Asger F
2b151cd587 JS: Include anchor direction in message 2019-11-15 09:27:20 +00:00
Asger F
3e952cf564 JS: Restrict semi-anchored regex query more 2019-11-15 09:27:19 +00:00
Asger F
8bc89ee254 JS: Update semi-anchored regex query 2019-11-15 09:27:19 +00:00
Asger F
c21d095d38 JS: Restrict RegExp queries to actual regular expressions 2019-11-15 09:27:19 +00:00
Asger F
b8711fc642 JS: Extend RegExpTerm in ReDoS 2019-11-15 09:27:19 +00:00
Asger F
b6c1c174a9 JS: Deabstractify RegExpTerm classes 2019-11-15 09:27:19 +00:00
Asger F
e0bdc777b9 JS: Make ReDoS check string-based regexes 2019-11-15 09:27:19 +00:00
Asger F
97e5da1046 JS: Update ReDoS query 2019-11-15 09:27:19 +00:00
Asger F
57de6382cd JS: Update QL API 2019-11-15 09:27:19 +00:00
Asger F
0e1246c0e5 JS: Extract RegExp ASTs from string literals 2019-11-15 09:27:18 +00:00
Esben Sparre Andreasen
8e6a19b3d3 JS: add DefaultParsedCommandLineArgumentsAsSource 2019-11-15 08:42:02 +01:00
Esben Sparre Andreasen
2ea7d141c8 Merge pull request #2310 from max-schaefer/js/insufficient-url-scheme-check 
JavaScript: Add query `IncompleteUrlSchemeCheck`
 2019-11-14 22:13:02 +01:00
Max Schaefer
3b1e6c362c JavaScript: Address review comments. 2019-11-14 17:11:59 +00:00
Erik Krogh Kristensen
e49b5e4afc up precision from low to medium, and fix tab/spaces 2019-11-14 17:42:16 +01:00
Erik Krogh Kristensen
7137a64b7d Added query for detecting XSS that happens through an exception 2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
Esben Sparre Andreasen
bea59ec8ad JS: add some parsed torrent properties as remote flow sources 2019-11-14 13:54:19 +01:00
Erik Krogh Kristensen
538690eee6 remove duplicate reflectiveCallNode method, and removing redundant getExpr() method 2019-11-13 15:53:21 +01:00
semmle-qlci
b11a7427c2 Merge pull request #2270 from erik-krogh/reflectiveExpr 
Approved by max-schaefer
 2019-11-13 13:08:40 +00:00
Max Schaefer
f804d316d7 Update javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-13 12:24:19 +00:00
Max Schaefer
ab583b7994 JavaScript: Add query IncompleteUrlSchemeCheck.ql. 2019-11-13 10:27:18 +00:00
Max Schaefer
155cea7b5b Revert "JavaScript: Improve double-escaping query" 2019-11-12 22:54:12 +00:00