hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

10661 Commits

Author SHA1 Message Date
Henry Mercer
bebf4ca8fc Merge pull request #7357 from github/henrymercer/js-atm-only-featurize-with-flow 
JS: Only featurize endpoints that are part of a flow path
 2021-12-17 18:03:40 +00:00
Henry Mercer
055432530f Bump ATM pack version to 0.0.2 2021-12-17 16:49:59 +00:00
Henry Mercer
c1864531cd JS: Push FeaturizationConfig context into more predicates 2021-12-17 16:31:56 +00:00
Henry Mercer
383437c571 JS: Only featurize endpoints that are part of a flow path 2021-12-17 16:31:56 +00:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
CodeQL CI
de4b655ddb Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation 
Approved by erik-krogh
 2021-12-17 14:07:57 +00:00
CodeQL CI
39ec7132af Merge pull request #7049 from asgerf/js/routing-trees 
Approved by erik-krogh
 2021-12-17 12:26:38 +00:00
Asger Feldthaus
89775428b4 JS: Autoformat 2021-12-17 10:32:02 +01:00
Asger Feldthaus
3e6389cad6 JS: Bump extractor version string 2021-12-17 10:32:00 +01:00
Asger Feldthaus
95a93fe033 JS: Change note 2021-12-17 10:31:50 +01:00
Asger Feldthaus
e2c6dd7d56 JS: Recognize {{& ... }} as an XSS sink 2021-12-17 10:31:50 +01:00
Asger Feldthaus
61cc84ba69 JS: Recognize leading/trailing ~ and & in mustache-tags 2021-12-17 10:31:50 +01:00
Asger Feldthaus
ce68a6d1c5 JS: Remove unneeded qualifier in static field access 2021-12-17 10:31:50 +01:00
Andrew Eisenberg
50ee4ab330 Solorigate: Extract to separate qlpack 
Extracts solorigate to separate qlpacks in preparation for
publishing them to the registry.
 2021-12-16 16:09:20 -08:00
Chris Gavin
4a1e2ed408 Add a severity and select the correct number of columns. 2021-12-16 14:02:36 +00:00
Chris Gavin
407c265daf Add kind metadata to example query. 2021-12-16 12:12:36 +00:00
Asger Feldthaus
0e9c2377e3 JS: Use a field in RouterHandlerParameter 2021-12-16 10:26:35 +01:00
CodeQL CI
f274f06d9b Merge pull request #7409 from asgerf/js/track-functions-with-methods 
Approved by erik-krogh
 2021-12-16 09:01:42 +00:00
CodeQL CI
acbf7913b2 Merge pull request #7408 from asgerf/js/trusted-types-sinks 
Approved by esbena
 2021-12-16 08:59:51 +00:00
Asger Feldthaus
53b3581ed0 JS: Add test to stress flow through properties 2021-12-15 17:16:56 +01:00
Asger F
784991cce5 Update javascript/ql/lib/semmle/javascript/Routing.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:38:38 +01:00
Asger Feldthaus
79e6dcaf68 JS: Rename getValueAtAccessPath->getValueImplicitlyStoredInAccessPath 2021-12-15 16:37:28 +01:00
Asger Feldthaus
8aa4d8227e JS: Rename RouteHandlerInput->RouteHandlerParameter 2021-12-15 16:32:18 +01:00
Asger Feldthaus
218b746f6f JS: Rename getAUseSite -> getRouteInstallation 2021-12-15 16:21:41 +01:00
Asger Feldthaus
4d85799fc7 JS: Add test for fastify-rate-limit 2021-12-15 16:18:22 +01:00
Asger Feldthaus
615b2ec539 JS: Fix handling of fastify-plugin 2021-12-15 16:04:46 +01:00
Asger Feldthaus
b226f767ad JS: Fix tracking of fastify server instance 2021-12-15 16:04:45 +01:00
Asger Feldthaus
0ca9feb854 JS: Always treat routers as resuming dispatch 2021-12-15 16:01:59 +01:00
Asger F
1b20506947 Update javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:00:19 +01:00
Asger Feldthaus
995e33158f JS: Add test for res.locals flow to template 2021-12-15 16:00:19 +01:00
Asger Feldthaus
04bdba85ea JS: Shift line numbers in test expectations 2021-12-15 16:00:19 +01:00
Asger F
c1bb40f439 Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:00:19 +01:00
Asger Feldthaus
b2016bddac JS: Merge concepts of client/database in MongoDB model 2021-12-15 16:00:19 +01:00
Asger Feldthaus
e64a6dc12a JS: Add qldoc 2021-12-15 12:47:23 +01:00
Asger Feldthaus
43ec721a87 JS: Add link to MDN docs for trusted types 2021-12-15 11:52:58 +01:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00
Dave Bartolomeo
fa40d59332 Move older change notes to old-change-notes 
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there.

I'm working on a document to describe how and when to create change notes for packs separately.
 2021-12-14 12:35:04 -05:00
Dave Bartolomeo
a62f181d42 Move new change notes to appropriate packs 2021-12-14 12:05:15 -05:00
Asger Feldthaus
7e947b2a65 JS: Use return value of trusted type policy callback as a sink 2021-12-14 13:28:46 +01:00
Ian Wright
1c79d1f985 Merge pull request #7352 from github/esbena/atm-endpoint-polish 
ATM Endpoint filtering improvements
 2021-12-14 08:19:23 +00:00
Esben Sparre Andreasen
1949a4e59a autoformat 2021-12-13 22:21:52 +01:00
Erik Krogh Kristensen
de4458346f Merge pull request #7344 from SZFsir/main 
JS: Improve inter-procedural type inference for FunctionExpr
 2021-12-13 21:58:53 +01:00
Andrew Eisenberg
0669ef505e Fix semver for upgrades references 
Ensure the version range is flexible enough to handle
future version changes.
 2021-12-13 09:03:33 -08:00
Esben Sparre Andreasen
c66d29998e update test output for additional DatabaseAccesses 2021-12-13 13:42:28 +01:00
JrXnm
efc9e67ec2 Update javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll 
Fix multiple declare may mismatch issue

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-13 18:36:06 +08:00
JrXnm
fad95d8935 Update javascript/ql/lib/semmle/javascript/dataflow/internal/InterProceduralTypeInference.qll 
Commit coding style suggestion

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-13 18:32:11 +08:00
Rasmus Wriedt Larsen
1e45fa9ed4 JS/Py/Ruby: Add more CWEs to bad-tag-filter queries 
CWE-185: Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to
be improperly matched or compared.

https://cwe.mitre.org/data/definitions/185.html

CWE-186: Overly Restrictive Regular Expression

> A regular expression is overly restrictive, which prevents dangerous values from being detected.
>
> (...) [this CWE] is about a regular expression that does not match all
> values that are intended. (...)

https://cwe.mitre.org/data/definitions/186.html

From my understanding,
CWE-625: Permissive Regular Expression, is not applicable. (since this
is about accepting a regex match where there should not be a match).
 2021-12-13 10:23:24 +01:00
Aditya Sharad
1857de1f33 JS: Speed up detection of jQuery marker comments 
Combine two regexes into a single one.
This saves up to 5s on large databases by reducing the number
of separate scans of the comments table before regex matching.

The combined regex is slightly more permissive than the
original two, since it allows a combination of the two
matched formats. A string that matches one of the original
regexes will match the combined regex.
 2021-12-10 15:30:02 -08:00
Aditya Sharad
6a1aea740f JS: Avoid scanning individual comment lines to find generated code markers 
Some subclasses of GeneratedCodeMarkerComment regex match against `getLine(_)`.
When evaluated, this results in multiple scans (one per subclass that uses it)
of all comment lines in the database, before regex matching against those lines.

To make these scans smaller, regex match against the entire comment text
without splitting them into lines.
This is achieved using `?m` (multiline) and line boundaries in the regexes.
 2021-12-10 11:41:54 -08:00
Aditya Sharad
c9a87234ef JS: Factor helper predicate to improve SensitiveWrite performance 2021-12-10 11:41:53 -08:00