hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

10661 Commits

Author SHA1 Message Date
erik-krogh
9549cac3e5 add an additional barrier guard that finds "=== true" versions of previous barrier guards 2023-02-14 14:15:23 +01:00
erik-krogh
c355a26657 add failing test 2023-02-14 14:12:35 +01:00
erik-krogh
3f0fe96f85 add getBoolValue() as a utility predicate on BooleanLiteral 2023-02-14 14:12:35 +01:00
Erik Krogh Kristensen
2f8c9a5a2c Merge pull request #12171 from erik-krogh/reg-dot 
JS: dont recognize regexps that match dot as sanitizers
 2023-02-14 14:10:44 +01:00
Erik Krogh Kristensen
e3e2df3247 Merge pull request #12166 from erik-krogh/more-html-san 
JS: add `HtmlSanitizer` as a sanitizer DOMBasedXss
 2023-02-14 14:09:56 +01:00
Erik Krogh Kristensen
028fcc7edf Merge pull request #11959 from erik-krogh/ssrfSan 
JS: add encodeURIComponent as a sanitizer for request-forgery
 2023-02-14 13:39:53 +01:00
Erik Krogh Kristensen
a498936f16 Merge pull request #12170 from erik-krogh/more-lib 
JS: More library inputs
 2023-02-14 13:38:00 +01:00
erik-krogh
4140598769 update expected output for experimental query 2023-02-14 00:08:13 +01:00
erik-krogh
c17d057520 default to index.js when no main: is specified in package.json, and recognize more classes as library inputs 2023-02-13 21:24:41 +01:00
erik-krogh
68656274f4 dont recognize regexps that match dot as sanitizers 2023-02-13 17:36:51 +01:00
erik-krogh
6192544fb4 add test for express-ws as a source 2023-02-13 15:26:50 +01:00
erik-krogh
b85bfc8ba6 add HtmlSanitizer as a sanitizer for DOMBasedXss 2023-02-13 11:57:29 +01:00
erik-krogh
c258e44772 add failing test for spurious edge through sanitizer 2023-02-13 11:49:57 +01:00
Rasmus Wriedt Larsen
5235964b07 sync files 2023-02-13 10:44:12 +01:00
erik-krogh
91393a7bc8 add change-note 2023-02-12 23:28:01 +01:00
erik-krogh
6474cfd4c8 add support for express-ws 2023-02-12 23:25:27 +01:00
Henry Mercer
e972cb069e Merge branch 'main' into codeql-ci/atm/release-0.4.7 2023-02-07 21:31:08 +00:00
github-actions[bot]
4f76ebbb0b JS: Bump version of ML-powered library and query packs to 0.4.8 2023-02-07 19:44:25 +00:00
github-actions[bot]
30b2644f17 JS: Bump patch version of ML-powered library and query packs 2023-02-07 19:34:58 +00:00
erik-krogh
ecafce8191 improve the CryptoJS model by using API::Node 2023-02-03 21:44:23 +01:00
Alex Ford
7768026e70 Merge branch 'main' into js-use-shared-cryptography 2023-02-03 15:18:30 +00:00
Alex Ford
6c35feaa98 ConceptsShared: add a default implementation of BlockMode CryptographicOperation#getBlockMode() for compatibility with external code 2023-02-03 14:39:32 +00:00
Alex Ford
b968b59afc CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only if that algorithm is the most specific match 2023-02-03 14:15:32 +00:00
Alex Ford
e17b3d975d JS: pick up CryptographicKeys used in asmCrypto encrypt/decrypt calls 2023-02-03 12:16:25 +00:00
Alex Ford
6b2a92a7ca JS: update CryptographicKey.expected 2023-02-03 12:12:47 +00:00
Mathias Vorreiter Pedersen
4e7ca1a175 Merge pull request #12082 from github/post-release-prep/codeql-cli-2.12.2 
Post-release preparation for codeql-cli-2.12.2
 2023-02-03 09:40:57 +00:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
Alex Ford
b0b8f8725e JS: add some CryptographicOperation#getBlockMode() tests 2023-02-02 20:30:30 +00:00
Alex Ford
aa2c532a78 JS: adjust test whitespace 2023-02-02 20:30:30 +00:00
Alex Ford
c25dc978df JS: add blockMode to CryptographicOperation tests 2023-02-02 20:30:30 +00:00
Alex Ford
1435ef1862 CryptoAlgorithms: make CryptographicAlgorithm#matchesName split on underscores 2023-02-02 20:30:30 +00:00
Alex Ford
983055b8f9 JS: Use shared CryptographicOperation concept and implement BlockMode getBlockMode() 2023-02-02 20:30:30 +00:00
Alex Ford
e5dfbe2c8d ConceptsShared: Add BlockMode#matchesString(string) predicate 2023-02-02 20:27:52 +00:00
Alex Ford
61095b3c58 ConceptsShared: Add deprecated DataFlow::Node CryptographicOperation#getInput() predicate 2023-02-02 20:27:05 +00:00
Kristen Newbury
231110ddca Update javascript/ql/src/Security/CWE-312/CleartextLogging.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-02-02 11:12:44 -05:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Kristen Newbury
dc5eb40d5f Update JS CleartextLogging qhelp 2023-02-01 16:29:13 -05:00
yoff
7ae389bb28 Merge pull request #12026 from erik-krogh/nodePty 
JS: add code-injection sink for node-pty
 2023-01-31 13:27:32 +01:00
erik-krogh
0cefa98490 add missing word to the change-note 2023-01-31 11:53:17 +01:00
erik-krogh
95c19698c7 add change-note 2023-01-31 11:09:07 +01:00
erik-krogh
e5e8496084 fix QL-for-QL warnings 2023-01-31 10:55:27 +01:00
erik-krogh
02da718786 add code-injection sink for node-pty 2023-01-30 15:14:25 +01:00
erik-krogh
e3455a9b21 add support for axios used as a global variable 2023-01-29 22:55:20 +01:00
Erik Krogh Kristensen
99bad77972 Merge pull request #11906 from erik-krogh/moreStem 
JS: expand what is parsed as the stem of a pathexpr
 2023-01-25 08:44:44 +01:00
erik-krogh
49f5e89f36 update expected output for experimental query 2023-01-23 22:29:49 +01:00
Erik Krogh Kristensen
fc66c905ff Merge pull request #11859 from erik-krogh/moreShell 
JS: slightly broaden the regular expression that recognizes bad string-concats used as shell commands
 2023-01-23 22:26:17 +01:00
Henry Mercer
241951f53e Merge branch 'main' into codeql-ci/atm/release-0.4.6 2023-01-23 18:24:36 +00:00
github-actions[bot]
be481d975c JS: Bump version of ML-powered library and query packs to 0.4.7 2023-01-23 18:22:18 +00:00
github-actions[bot]
40a67d61d2 JS: Bump patch version of ML-powered library and query packs 2023-01-23 18:15:56 +00:00
erik-krogh
11894144aa remove regular expression that did nothing 2023-01-23 16:38:09 +01:00