hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

2332 Commits

Author SHA1 Message Date
Asger F
cf5450dbd5 JS: Port XssThroughDom 2023-10-13 13:15:03 +02:00
Asger F
5f05232e02 JS: Port StoredXss 2023-10-13 13:15:03 +02:00
Asger F
46b90e51fc JS: Port ReflectedXss 2023-10-13 13:15:03 +02:00
Asger F
e091fdefa4 JS: Port DomBasedXss 2023-10-13 13:15:03 +02:00
Asger F
2818fa62d6 JS: Updates to shared Xss.qll 2023-10-13 13:15:03 +02:00
Asger F
547a8a958a JS: Port SqlInjection 2023-10-13 13:15:03 +02:00
Asger F
65e9706c8e JS: Port TaintedPath 2023-10-13 13:15:03 +02:00
Asger F
fcfab5238e JS: Port CodeInjection 2023-10-13 13:15:03 +02:00
Asger F
17233a6749 JS: Port CommandInjection 2023-10-13 13:15:03 +02:00
Asger F
aa5a2836f5 JS: Update barriers in TaintedObject 2023-10-13 13:15:03 +02:00
Asger F
bc68b6a7f8 JS: Add AdHocWhitelistSanitizer::getABarrierNode() 
This sanitizer guard is opt-in, i.e. not an AdditionalSanitizerGuardNode.
 2023-10-13 13:15:03 +02:00
Asger F
26f7f94246 JS: Expose default taint steps/sanitizers 
We need access to these in order to port taint-tracking configurations
where only some flow labels should use taint steps. This isn't supported
by the shared data flow library.

Such queries must therefore be converted to plain data-flow
configurations that explicitly add taint steps to the relevant flow
states.
 2023-10-13 13:15:03 +02:00
Asger F
c924b4a220 JS: Expose shared API in DataFlow/TaintTracking modules 2023-10-13 13:15:03 +02:00
Asger F
1ed3235639 JS: use BarrierGuards 2023-10-13 13:15:03 +02:00
Asger F
277292e3b9 JS: Improve performance of barrier guards without pruning 2023-10-13 13:15:03 +02:00
Asger F
06fd9c2359 JS: Add barrier guard library 2023-10-13 13:14:43 +02:00
Asger F
46e4cdc623 JS: Disallow consecutive captured contents 2023-10-13 13:14:43 +02:00
Asger F
7bcf8b858b JS: Capture flow 2023-10-13 13:14:43 +02:00
Asger F
16df2c31bb Create DataFlowImplConsistency.qll 2023-10-13 12:42:41 +02:00
Asger F
3ef478669b JS: Collapse some cached stages 2023-10-13 12:42:41 +02:00
Asger F
9fef8803ed JS: Avoid BarrierGuardNode's range from depending on Configuration 2023-10-13 12:42:41 +02:00
Asger F
e31ae3a1bf JS: Model JSON.stringify with "deep" read operators 2023-10-13 12:42:41 +02:00
Asger F
0c2e52baba JS: Summary/steps for iterators and generators 2023-10-13 12:42:41 +02:00
Asger F
da3a0de814 JS: Port String#replace to flow summary 2023-10-13 12:42:41 +02:00
Asger F
f0c2afe39e JS: Add flow summaries for maps and sets 2023-10-13 12:42:40 +02:00
Asger F
5054c43b18 JS: Add flow summaries/steps for promises and async/await 2023-10-13 12:42:40 +02:00
Asger F
4319b07798 JS: Add flow summaries for Arrays 2023-10-13 12:42:40 +02:00
Asger F
a31e251529 JS: Add flow summaries for core methods 2023-10-13 12:42:40 +02:00
Asger F
46fec8ea7e JS: Add AdditionalFlowInternal 
This provides access to more features than we want to expose publicly at the moment, but is useful for modelling certain language features.
 2023-10-13 12:42:40 +02:00
Asger F
3f20d71a9b JS: Add legacy post-update step 
This is to ensure getALocalSource() can be replaced by getPostUpdateNode() as the base of a store
 2023-10-13 12:42:40 +02:00
Asger F
6037ff553c JS: Add LegacyPreUpdateStep 
This contributes to both LegacyFlowStep and SharedTypeTrackingStep.

That is, this is for steps that are used by type-tracking and the old data flow library, but not the new data flow library.
 2023-10-13 12:42:40 +02:00
Asger F
27c7d5004a JS: Do the same for additional taint steps 2023-10-13 12:42:40 +02:00
Asger F
1afe06e3a5 JS: Add "additional" and "legacy" steps 
See the comment at the top of AdditionalFlowSteps.qll
 2023-10-13 12:42:40 +02:00
Asger F
c24a0e00f5 JS: Move SharedTaintStep to AdditionalTaintSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
5bccc652c8 JS: Move SharedFlowStep to AdditionalFlowSteps.qll 
NOTE that this commit only moves around code. There are no changes.
 2023-10-13 12:42:40 +02:00
Asger F
293899d648 JS: Add 'Awaited' token 2023-10-13 12:42:40 +02:00
Asger F
32070abb27 JS: Implicitly treat array steps as taint steps 2023-10-13 12:42:40 +02:00
Asger F
60101f5e6a JS: Instantiate flow summary library 2023-10-13 12:42:40 +02:00
Asger F
8dc0800526 JS: Add the shared FlowSummaryImpl.qll file 2023-10-13 12:42:40 +02:00
Asger F
f316da78d2 JS: Add FunctionSelfReferenceNode 2023-10-13 12:42:40 +02:00
Asger F
760873c01c JS: Basic instantiation of shared library 2023-10-13 12:42:40 +02:00
Asger F
3455463e71 JS: Add instantiation boilerplate 
Note that this commit won't compile on its own, but putting the boilerplate in its own commit
 2023-10-13 12:42:40 +02:00
Asger F
c839822eb9 JS: Add PostUpdateNode 2023-10-13 12:42:40 +02:00
Asger F
01952f17bf JS: Add some missing getContainer() predicates 2023-10-13 12:42:40 +02:00
Asger F
21300eef4c JS:Add ConstructorThisArgumentNode 2023-10-13 12:42:40 +02:00
Asger F
b499c6075a JS: Add Contents.qll 2023-10-13 12:42:40 +02:00
Asger F
79e7aae9f6 JS: Add TEarlyStageNode 2023-10-13 12:42:39 +02:00
Asger F
51ef0e5836 JS: Move TNode into a cached module 2023-10-13 12:42:39 +02:00
Arthur Baars
a4d0ef6350 Add changenote 2023-10-12 13:04:00 +02:00
Arthur Baars
a9a21aa313 Rename DynamicImportExpr::getImport{Attributes => Options} 2023-10-12 13:00:39 +02:00