codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Asger Feldthaus	9249b92d85	JS: Fix typo in comment	2020-02-17 12:48:13 +00:00
Esben Sparre Andreasen	8a9587fc91	JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts	2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen	d1a58f1d17	Merge remote-tracking branch 'upstream/master' into CVE74	2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen	b07f3d36d8	qldoc on splitPath	2020-02-17 13:17:12 +01:00
Erik Krogh Kristensen	5375604109	calling `pop` or `shift` on a SplitPath returns a PosixPath	2020-02-17 13:15:46 +01:00
Esben Sparre Andreasen	c5ee436b16	JS: add RegExp::getSuccessor/getPredecessor tests	2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen	3855268201	use RegExpCreationNode	2020-02-17 13:02:47 +01:00
Erik Krogh Kristensen	46cbeb0bc6	add more steps to the SplitPath label	2020-02-17 12:58:27 +01:00
semmle-qlci	23ed2bcc64	Merge pull request #2782 from asger-semmle/js/export-as-ns Approved by erik-krogh, max-schaefer	2020-02-17 11:22:58 +00:00
Erik Krogh Kristensen	a6d644bac0	add support for path.normalize(path.realtive(...))	2020-02-14 13:10:35 +01:00
Erik Krogh Kristensen	94814fa721	fix typos in the test	2020-02-14 13:03:35 +01:00
Erik Krogh Kristensen	d765a33b8d	add support for "../" prefixes in sanitizer	2020-02-14 12:36:54 +01:00
Erik Krogh Kristensen	9d61004128	remove redundant constructor on sink	2020-02-14 12:31:12 +01:00
Max Schaefer	f181111886	JavaScript: Add model of `http2` compatibility API. Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.	2020-02-14 11:14:31 +00:00
Erik Krogh Kristensen	3a146514ce	add sanitizer for relative ".." in js/path-injection	2020-02-14 10:51:48 +01:00
semmle-qlci	da566a4484	Merge pull request #2828 from erik-krogh/CVE24 Approved by esbena	2020-02-14 09:12:48 +00:00
semmle-qlci	769dce511b	Merge pull request #2788 from erik-krogh/CVE42-sink Approved by esbena	2020-02-14 08:00:00 +00:00
Erik Krogh Kristensen	897bb4d801	add test for chrome-remote-interface	2020-02-13 15:12:45 +01:00
Erik Krogh Kristensen	1ab5ca4e64	typo in docstring Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>	2020-02-13 14:15:28 +01:00
Erik Krogh Kristensen	d6afd438ba	add model for chrome-remote-interface as a ClientRequest	2020-02-13 10:58:07 +01:00
Erik Krogh Kristensen	35d8151374	add a few arrary methods to TaintedPath.qll	2020-02-11 12:23:51 +01:00
Erik Krogh Kristensen	8e316d2f05	add unary type-tracking predicates	2020-02-10 12:51:09 +01:00
Erik Krogh Kristensen	0f511c92b4	Merge remote-tracking branch 'upstream/master' into FalsySanitizer	2020-02-10 09:54:58 +01:00
semmle-qlci	37360e7d93	Merge pull request #2794 from esbena/js/move-EnumeratedPropName Approved by asgerf	2020-02-07 21:31:37 +00:00
semmle-qlci	76ba48c6fb	Merge pull request #2790 from esbena/js/model-send Approved by asgerf	2020-02-07 21:30:54 +00:00
Asger Feldthaus	e4844bfad2	JS: Fix deprecated API usage	2020-02-07 17:17:48 +00:00
Asger Feldthaus	ad10414604	JS: Update expected output of existing test	2020-02-07 16:57:57 +00:00
Erik Krogh Kristensen	06e13cb3a1	Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer	2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen	c6668da02e	expand how indirectCommandArguments are found	2020-02-07 15:00:05 +01:00
Asger Feldthaus	254af4f3a8	JS: Rewrite LodashUnderscore::AnalyzedThisInBoundCallback	2020-02-07 13:58:07 +00:00
Erik Krogh Kristensen	dd9e3d2fec	expose TaintTracking::arrayFunctionTaintStep and add a step for "concat"	2020-02-07 14:57:32 +01:00
Asger Feldthaus	fea5a4331d	JS: Rewrite React::AnalyzedThisInBoundCallback	2020-02-07 13:55:42 +00:00
Asger Feldthaus	3b28bdbeed	JS: Rewrite AnalyzedThisInArrayIterationFunction	2020-02-07 13:55:36 +00:00
Asger Feldthaus	f942e69482	JS: Improve flow through partial invokes	2020-02-07 13:54:14 +00:00
Esben Sparre Andreasen	dcdaa96570	JS: remove unused imports	2020-02-07 14:10:50 +01:00
Esben Sparre Andreasen	cb30329b3d	JS: make DynamicPropertyAccess.qll from PrototypePollutionUtility.ql	2020-02-07 13:57:52 +01:00
Erik Krogh Kristensen	1ece6b9afe	update expected output of tests	2020-02-07 12:57:51 +01:00
semmle-qlci	125c6a071c	Merge pull request #2787 from asger-semmle/js/lazy-cache-test-case Approved by esbena	2020-02-07 11:53:04 +00:00
Esben Sparre Andreasen	736ccb98c2	JS: model the `send` library for `js/path-injection`	2020-02-07 12:45:32 +01:00
Erik Krogh Kristensen	8ea6070120	add indirect command injection sink for a concatenated array	2020-02-07 11:04:34 +01:00
Asger Feldthaus	a2fa6bb41f	JS: Add test case for lazy-cache	2020-02-07 09:50:37 +00:00
Asger Feldthaus	a628f787e8	JS: Fix qldoc comment	2020-02-06 14:59:52 +00:00
Asger Feldthaus	f84af74d1d	JS: Handle more libraries	2020-02-06 14:59:52 +00:00
Asger Feldthaus	c559ab13e7	JS: Add test and handle parameter with source object	2020-02-06 14:59:52 +00:00
Asger Feldthaus	34a9dce33d	JS: Detect property enumeration through for-own	2020-02-06 14:59:52 +00:00
Asger Feldthaus	418f841749	JS: Handle imports through lazy-cache	2020-02-06 14:59:52 +00:00
semmle-qlci	180e9d4731	Merge pull request #2779 from asger-semmle/js/protopol-regression-fix Approved by esbena	2020-02-06 14:58:19 +00:00
Erik Krogh Kristensen	75f23a189d	update docstring Co-Authored-By: Asger F <asgerf@github.com>	2020-02-06 15:53:03 +01:00
Erik Krogh Kristensen	2865723059	add test for new barrier	2020-02-06 15:44:33 +01:00
Erik Krogh Kristensen	ade93e66e1	move the if(!x) from DataFLow to TaintTracking	2020-02-06 15:44:22 +01:00

... 6 7 8 9 10 ...

3270 Commits