hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

4395 Commits

Author SHA1 Message Date
Asger F
f87f6c8556 JS: Add test to unsafe jquery plugin 2023-04-17 12:15:05 +02:00
Asger F
62dca44ee5 Update UntrustedDataToExternalAPI.expected 2023-04-17 08:23:04 +02:00
Asger F
b0d4b31103 JS: Trim whitespace in test 2023-04-17 08:23:04 +02:00
Asger F
c7f16cd224 JS: Add test 2023-04-17 08:23:03 +02:00
Erik Krogh Kristensen
cece307c60 Merge pull request #12802 from erik-krogh/history-xss 
JS: add browser history as XSS sink
 2023-04-14 13:35:19 +02:00
jarlob
d80c541da6 Encapsulate composite actions 2023-04-14 10:06:35 +02:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
Asger F
b819f55203 Merge pull request #12792 from asgerf/js/redux-model-perf 
JS: add getForwardingFunction and use to sharpen useSelector model
 2023-04-12 14:09:59 +02:00
erik-krogh
b1957623c1 add browser history as XSS sink 2023-04-12 13:38:18 +02:00
Asger F
2c65a49d7c JS: Add getForwardingFunction() to API graphs 2023-04-11 14:00:30 +02:00
Asger F
4ce03d4dc4 JS: Restrict useSelector steps to local callbacks 2023-04-11 13:33:46 +02:00
Asger F
3cc931306f JS: Add test for selector nodes with multiple access paths 2023-04-11 13:33:27 +02:00
tyage
320cb99dbf Add replace method test 2023-04-08 18:31:48 +09:00
tyage
668e1accaa Remove unnecessary whiteline 2023-04-08 18:24:31 +09:00
tyage
7f9b8557ac Add Next.js router push as XSS sink 2023-04-08 18:18:34 +09:00
jarlob
9c7eecf547 Add support for composite actions 2023-04-06 22:53:59 +02:00
jarlob
baefeab2d1 fix tests 2023-04-06 19:11:04 +02:00
jarlob
0a878d4db9 Support yAml extensions 2023-04-06 19:07:38 +02:00
jarlob
eef1973b93 Change UI message 2023-04-05 10:05:24 +02:00
jarlob
5c5b9f99a8 Add simple taint tracking for env variables 2023-04-05 10:03:46 +02:00
jarlob
39ff3c72a2 Remove label sanitizer because it is prone to race conditions 2023-04-03 23:28:31 +02:00
jarlob
8ea418216c Look for script injections in actions/github-script 2023-04-03 23:13:28 +02:00
jarlob
c6eaf194a5 Remove empty.js as it is not needed anymore 2023-04-03 15:09:40 +02:00
jarlob
99d634c8a4 Add more sources, more unit tests, fixes to the GitHub Actions injection query 2023-04-03 15:02:02 +02:00
Erik Krogh Kristensen
b382465078 Merge pull request #12679 from ctbellanti/improved-certificate-validation 
JS: Improved coverage for disabled certificate validation
 2023-03-30 16:24:33 +02:00
erik-krogh
47783326c2 add test for https.createServer in DisablingCertificateValidation.ql 2023-03-30 14:15:25 +02:00
Asger F
43174cfe3a Merge pull request #12668 from asgerf/js/jquery-callback-sinks 
JS: fix handling of jQuery sinks involving callback
 2023-03-30 12:42:53 +02:00
Erik Krogh Kristensen
451f6f01bb Merge pull request #12633 from erik-krogh/more-global-flow 
JS: better callgraph support for global variables
 2023-03-28 15:19:50 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Asger F
92a681213d JS: Step through jQuery callback return values 2023-03-27 11:17:27 +02:00
Asger F
bc2a772f3b JS: Add test case showing false negative 2023-03-27 11:08:39 +02:00
erik-krogh
e189b36e3f materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
erik-krogh
0462e2a6ea update some expected output 2023-03-22 20:47:53 +01:00
Alex Ford
0f267e012a Merge pull request #12631 from alexrford/js/weak-cryptographic-algorithm_space 
JS: add a missing space in alert message for `js/weak-cryptographic-algorithm`
 2023-03-22 14:12:35 +00:00
erik-krogh
2bba9057a0 better callgraph support for global variables 2023-03-22 13:49:33 +01:00
Alex Ford
b000b9b5c0 JS: add a missing space in alert message for js/weak-cryptographic-algorithm 2023-03-22 11:12:13 +00:00
erik-krogh
b071d3557e JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
erik-krogh
801e0ff050 ReDoS: implement a better super-linear algorithm, with better worst-case performance 2023-03-22 10:13:16 +01:00
erik-krogh
34fe1a8f5e use SSA in the GetLaterAccess module 2023-03-21 15:19:15 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00
Erik Krogh Kristensen
540542ceb5 Merge pull request #12518 from erik-krogh/more-express-sources 
JS: recognize more express URL related sources
 2023-03-20 08:49:11 +01:00
Asger F
d537f86324 Merge pull request #12555 from asgerf/js/block-modes 
JS: Include weak block modes as sink in weak crypto algorithm
 2023-03-17 13:23:23 +01:00
erik-krogh
a63739915d add test confirming support for const type parameters 2023-03-16 22:37:35 +01:00
erik-krogh
2c1c41d8a3 add test confirming end-to-end support for well-typed decorators with the new TS 5.0 type ClassMethodDecoratorContext 2023-03-16 22:37:35 +01:00
Asger F
86a06bde72 JS: Flag crypto operations with weak block mode 2023-03-16 14:52:52 +01:00
Asger F
e907d685f4 JS: Add crypto test with AES-ECB 2023-03-16 14:52:18 +01:00
erik-krogh
54ec047433 ReDoS: put an artificial limitation on the analysis in polynomial-redos for large regular expressions 2023-03-16 12:20:53 +01:00
erik-krogh
a72436f6f1 recognize more express URL related sources 2023-03-15 10:14:31 +01:00
Asger F
feb7c49006 Merge pull request #12382 from asgerf/js/import-assertion 
JS: Support import assertions
 2023-03-14 14:56:32 +01:00
Asger F
d953ad63fe Merge pull request #12445 from asgerf/js/react-forward-ref 
JS: Handle forwardRef in React
 2023-03-14 13:21:16 +01:00