codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Asger F	8ca294ae41	JS: Merge TypeScript/CallSignatures test	2019-09-26 10:17:58 +01:00
Max Schaefer	d4fca84898	JavaScript: Improve XSS sanitizer detection. We now use local data flow to detect more regexp-based sanitizers.	2019-09-23 17:07:06 +01:00
semmle-qlci	825a3d2917	Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars Approved by xiemaisi	2019-09-23 12:10:30 +01:00
semmle-qlci	e2c941c577	Merge pull request #1916 from erik-krogh/taintedLength Approved by asger-semmle, xiemaisi	2019-09-23 11:47:48 +01:00
Max Schaefer	149ae5d7ab	JavaScript: Fix IllegalInvocation. This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.	2019-09-23 07:44:14 +01:00
Asger F	1ce0a48996	JS: Update tests	2019-09-20 15:41:36 +01:00
semmle-qlci	6f2e485ace	Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible Approved by esben-semmle	2019-09-19 12:45:45 +01:00
Asger F	e724f92ee8	JS: Also summarize loads	2019-09-18 16:18:10 +01:00
Asger F	ffc69cb61e	JS: Summarize functions in type tracking	2019-09-18 16:17:59 +01:00
Asger F	3479f02082	JS: Add test showing lack of flow out of inner function	2019-09-18 16:17:22 +01:00
Max Schaefer	3970ead7ab	JavaScript: Add support for `rate-limiter-flexible` package.	2019-09-18 12:25:33 +01:00
Esben Sparre Andreasen	ac6554b7da	Merge branch 'master' into js/improve-getAResponseDataNode	2019-09-17 13:18:41 +02:00
Esben Sparre Andreasen	a5645e168a	JS: exclude keys from whitelist	2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen	0e2d2f8662	JS: whitelist some hardcoded dummy-passwords in two queries	2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen	aa3f4a7048	JS: change passwords in tests	2019-09-16 10:09:59 +02:00
Erik Krogh Kristensen	9dc9adda64	fix capitalization in test case Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen	3fb64abb09	fix consistency and spelling in the documentation suggestions from the documentation team Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen	c4f27ed4cc	rename TaintedLength to LoopBoundInjection	2019-09-13 11:12:01 +01:00
semmle-qlci	d0d3882121	Merge pull request #1919 from esben-semmle/js/fixup-1 Approved by asger-semmle, xiemaisi	2019-09-13 10:40:38 +01:00
semmle-qlci	1313821a25	Merge pull request #1904 from erik-semmle/passportModel Approved by asger-semmle, esben-semmle	2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen	5b2b60f132	change DOS to DoS, and other small documentation fixes Co-Authored-By: Max Schaefer <max@semmle.com>	2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen	119b1ffb80	changes based on review from max	2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen	3d359bc8dc	Merge remote-tracking branch 'upstream/master' into taintedLength	2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen	30f1bcf5bc	updated query ID and expected output	2019-09-12 15:24:33 +01:00
semmle-qlci	72db219c13	Merge pull request #1910 from xiemaisi/js/unused-index-variable Approved by esben-semmle, shati-semmle	2019-09-11 14:33:32 +01:00
Max Schaefer	500cde68c3	JavaScript: Add new query `UnusedIndexVariable`.	2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen	9aa0e711b2	JS: update expected output	2019-09-11 12:33:41 +02:00
Erik Krogh Kristensen	bec522f0df	small changes based on review feedback	2019-09-11 11:26:59 +01:00
Esben Sparre Andreasen	ee106ccff9	JS: simplify `asExpr().getStringValue()` calls	2019-09-11 10:56:57 +02:00
Esben Sparre Andreasen	aab17850d1	JS: eliminate redundant `ConstantString` casts	2019-09-11 10:56:49 +02:00
semmle-qlci	16c95d8c5e	Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting Approved by xiemaisi	2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen	f3de75ae07	JS: update a js/code-injection test	2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen	f7bfc472c1	JS: treat server responses as untrusted for command injections	2019-09-11 09:38:18 +02:00
Erik Krogh Kristensen	97fc10e669	Add query for detecting potential DOS form a tainted .length property	2019-09-10 14:59:48 +01:00
semmle-qlci	df1bf4a95b	Merge pull request #1907 from asger-semmle/mongoose-types Approved by xiemaisi	2019-09-10 12:05:57 +01:00
Max Schaefer	bdba647bf5	Merge pull request #1893 from erik-semmle/addXLinkHref JS: add xlink:href as xss target when using setAttribute	2019-09-09 15:56:47 +01:00
Asger F	ad5abc61cc	JS: Move typed test into separate test	2019-09-09 15:35:26 +01:00
Asger F	ea446f2aa1	JS: Use type info in mongodb/mongoose model	2019-09-09 15:35:26 +01:00
Asger F	8e397ad203	JS: Use type tracking in mongodb/mongoose model	2019-09-09 15:35:23 +01:00
semmle-qlci	e899250e87	Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check Approved by xiemaisi	2019-09-09 15:33:47 +01:00
semmle-qlci	89cba089b4	Merge pull request #1892 from asger-semmle/event-handler-sink Approved by esben-semmle	2019-09-09 15:33:21 +01:00
Erik Krogh Kristensen	3ebe6608c2	updated expected values for the Express test	2019-09-09 13:02:35 +01:00
erik-semmle	d01f84f015	fix comment in passport test Co-Authored-By: Esben Sparre Andreasen <42067045+esben-semmle@users.noreply.github.com>	2019-09-09 12:59:38 +01:00
semmle-qlci	2283195ebd	Merge pull request #1871 from asger-semmle/type-tracking-through-imports Approved by xiemaisi	2019-09-09 12:25:06 +01:00
Erik Krogh Kristensen	26f6b1d186	add model for passport.use in the Express model	2019-09-09 12:01:11 +01:00
Asger F	65862c922c	JS: Update tests	2019-09-09 10:53:13 +01:00
Asger F	631ff27d31	JS: Use ValueNode for all ImportSpecifiers	2019-09-09 10:53:13 +01:00
Asger F	61e1d793df	JS: Fixes in DeadStoreOfLocal	2019-09-09 10:51:21 +01:00
Asger F	5573279580	JS: regression test for DeadStoreOfLocal	2019-09-09 10:51:21 +01:00
Asger F	3b962dce22	JS: Add explicit type tracking test	2019-09-09 10:51:21 +01:00

... 60 61 62 63 64 ...

4104 Commits