hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

72 Commits

Author SHA1 Message Date
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Asger F
e6680dec8f JS: Avoid use of LabeledSanitizerGuardNode in TaintedObject 
Drive-by bugfix: Rename sanitizes -> blocksExpr.
This fixes a bug that caused the sanitizer guard not to work in df2.

The test output reflects the fact that the barrier guard works now.
 2024-12-03 14:30:24 +01:00
Asger F
0ce1fe767d JS: Deprecate ConsistencyChecking to avoid deprecation warnings 2024-12-03 14:30:23 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Asger F
52ba91a7f8 JS: Updates to nodes/edges in tests 
Only changes to nodes/edges for various reasons, no actual result changes
 2024-10-29 08:32:13 +01:00
Rasmus Wriedt Larsen
1726287bf4 JS: Add e2e threat-model test 2024-10-25 15:03:44 +02:00
Asger F
12e316b99d JS: Update test output after merging in 'main' 
- Paths are now relative to the test case, not the qlpack
- Paths going through an implicit reads have changed slightly
 2024-10-08 10:11:15 +02:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
c3806a2210 JS: Messy test output updates 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
 2024-06-27 11:59:56 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
547a8a958a JS: Port SqlInjection 2023-10-13 13:15:03 +02:00
erik-krogh
3fd9f26b52 use consistent indentation in mongoose.js 2023-06-12 16:40:42 +02:00
erik-krogh
cd6f738f72 add mongoose.Types.ObjectId.isValid as a sanitizer-guard for NoSQL injection 2023-06-12 16:38:11 +02:00
erik-krogh
b343dcaadd put string/object in the alert-message for sql-injection 2023-05-31 08:06:04 +02:00
Asger F
d4b4d22378 JS: Step through HTML sanitizers in SQL injection query 2023-03-06 15:10:26 +01:00
erik-krogh
9549cac3e5 add an additional barrier guard that finds "=== true" versions of previous barrier guards 2023-02-14 14:15:23 +01:00
erik-krogh
c355a26657 add failing test 2023-02-14 14:12:35 +01:00
erik-krogh
ba2734909f JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Asger F
47f1d62569 JS: Add generated typings to SQL models 2022-09-20 11:40:16 +02:00
Asger Feldthaus
708408a458 JS: Recognize "sql" option as a query string 2022-01-13 13:04:41 +01:00
Esben Sparre Andreasen
c66d29998e update test output for additional DatabaseAccesses 2021-12-13 13:42:28 +01:00
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
9b5ff66b68 naively port tests from ldap examples 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
416c986cbc add support for graphql in @actions/github 2021-06-15 09:43:11 +02:00
Erik Krogh Kristensen
50d574d20d add graphql injection to the sql-injection query 2021-06-10 21:01:54 +02:00
Erik Krogh Kristensen
be7abede22 add model for the joi library 2021-06-07 20:04:17 +02:00
Asger Feldthaus
67ad6d9a0f JS: Update test output 2021-03-29 15:30:29 +01:00
Asger Feldthaus
49ca88957c JS: Use types 2021-03-29 12:25:15 +01:00
Asger Feldthaus
603843e698 JS: Add task tests 2021-03-29 12:05:47 +01:00
Asger Feldthaus
149af57eac JS: Add model of pg-promise 2021-03-29 11:25:28 +01:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Erik Krogh Kristensen
bce06d3194 add test that promisify is not imprecise 2020-10-28 11:59:03 +01:00
Erik Krogh Kristensen
2e514c4d7b add model for Node Redis 2020-10-28 09:52:54 +01:00
Erik Krogh Kristensen
abdbe92720 refactor the NoSQL model to use API graphs 2020-10-02 10:42:49 +02:00
CodeQL CI
a4f8b19ae4 Merge pull request #3876 from erik-krogh/CWE078-Correctness 
Approved by esbena
 2020-08-03 15:38:51 +01:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
Erik Krogh Kristensen
3157cd724d add noSQL tests for type-tracking req.query 2020-07-01 11:45:09 +02:00
Esben Sparre Andreasen
20cf04442c JS: model marsdb and minimongo 2020-05-13 08:28:59 +02:00
Esben Sparre Andreasen
833d1b1ab0 JS: fixup mongoose test 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
9d9926fdbf JS: model Mongoose Document for additional js/nosql-injection sinks 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
55ab519fbe JS: add Mongoose Document tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
dc27a8f52c JS: model mongoose Model on createConnection.<model/models> 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
730396df12 JS: add Mongoose createConnection tests 2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen
5c8800a1c7 JS: make autoformatter happy 2020-03-10 13:11:31 +01:00