hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

10661 Commits

Author SHA1 Message Date
Asger F
c951a29e2a JS: Migrate UnvalidatedDynamicMethodCall 2024-12-16 15:35:34 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Asger F
820f81fc10 JS: Migrate UnsafeDynamicMethodAccess 2024-12-13 11:32:25 +01:00
Asger F
a9e89ed8e3 JS: Migrate PrototypePollutingAssignment 2024-12-13 11:23:31 +01:00
Asger F
bcc1669f4c JS: Migrate InsecureDownload 2024-12-13 11:10:14 +01:00
Asger F
4e25036cdc JS: Follow naming convention in InsecureModuleFlow module 2024-12-13 11:09:59 +01:00
Asger F
d381ab1260 JS: Migrate IncompleteHtmlAttributeSanitization 2024-12-13 10:55:00 +01:00
Asger F
2112ecc44d JS: Migrate HardcodedDataInterpretedAsCode 2024-12-13 10:48:43 +01:00
Asger F
dc3d7a0159 Update ExceptionXssCustomizations.qll 2024-12-13 10:47:04 +01:00
Asger F
42a7208704 JS: Migrate ExceptionXss 2024-12-13 10:29:32 +01:00
Asger F
d9a43dbd85 JS: Migrate UnsafeHtmlConstruction 2024-12-13 10:08:17 +01:00
Asger F
8907252814 JS: Migrate TemplateObjectInjection 2024-12-13 10:08:16 +01:00
Asger F
3573f0b065 JS: Migrate SecondOrderCommandInjection 2024-12-13 10:08:15 +01:00
Asger F
355f7cdd54 JS: Migrate PrototypePollutingMergeCall 2024-12-13 10:08:13 +01:00
Asger F
c38e3a23eb JS: Migrate NoSqlInjection 2024-12-13 10:08:12 +01:00
Asger F
8e8de5cf23 JS: Migrate LoopBoundInjection 2024-12-13 10:08:11 +01:00
Asger F
daddff0dc6 JS: Avoid deprecation warning in XssThroughDom 2024-12-13 10:08:10 +01:00
Asger F
15d999a9dc JS: Migrate DeepObjectResourceExhaustion 2024-12-13 10:08:09 +01:00
Asger F
5f42a715f6 JS: Migrate TaintedObject to a CommonFlowState 2024-12-13 10:08:08 +01:00
Asger F
14ca1c134b JS: Update TaintedUrlSuffix test 2024-12-13 10:08:07 +01:00
Asger F
12289d4c39 JS: Migrate DomBasedXssQuery to FlowState 2024-12-13 10:08:06 +01:00
Asger F
114d4a141a JS: Move FlowState definition into CommonFlowState 
Needed for migrating the XSS query
 2024-12-13 10:08:05 +01:00
Asger F
3cf14d8506 JS: Migrate ClientSideUrlRedirect to flow state 2024-12-13 10:08:03 +01:00
Asger F
cca980298f JS: Use flow state in barrier and step relations 2024-12-13 10:08:02 +01:00
Asger F
a8fdd759f9 JS: Add FlowState class to TaintedUrlSuffix 2024-12-13 10:08:01 +01:00
Asger F
a53d294d91 Merge pull request #18203 from asgerf/jss/document-url 
JS: Use TaintedUrlSuffix in ClientSideUrlRedirect
 2024-12-12 15:47:51 +01:00
Michael Nebel
0bfc1b6ea8 Also move the postprocessing queries to the library pack. 2024-12-12 15:03:03 +01:00
Michael Nebel
941b0abbf6 Move modules to the library packs. 2024-12-12 15:03:01 +01:00
Geoffrey White
44a0ad2942 Update data-flow -> data flow in all versions of ConceptsShared.qll. 2024-12-12 13:36:26 +00:00
Michael Nebel
c3fe3e468c Javascript: Update all test util paths to point to the new location. 2024-12-12 13:54:25 +01:00
Michael Nebel
0f146f1486 Javascript: Move test utilities into the query pack. 2024-12-12 13:54:23 +01:00
Asger F
97b78e752b JS: Added more qldoc 2024-12-12 13:10:52 +01:00
Asger F
77f8e8ef4e JS: Use FlowState::fromFlowLabel instead of Label::toFlowState 
This works better for other queries where we don't already have a module named Label
 2024-12-10 11:57:18 +01:00
Asger F
38c9023dd9 JS: FlowLabel -> FlowState in ZipSlip 2024-12-10 11:16:07 +01:00
Asger F
0cd01cb96f JS: Use node1,state1,node2,state2 naming convention in tainted path 2024-12-10 11:16:05 +01:00
Asger F
0802107d9a JS: Flow label -> flow state in TaintedPath 2024-12-10 11:16:04 +01:00
Asger F
66eb458134 JS: Handle match/matchAll and unknown regexps 2024-12-09 15:38:36 +01:00
Asger F
6e7c5a3707 JS: Slightly more general getRoot() 2024-12-09 15:05:45 +01:00
Asger F
be617cee4a JS: More precise handling of .exec() 2024-12-09 15:03:51 +01:00
Asger F
703cad9e95 Expand test case 2024-12-09 15:00:56 +01:00
Asger F
2a2a4d2b67 JS: Add TaintedUrlSuffixCustomizations 
Importing TaintedUrlSuffix.qll causes the flow label to materialised in unrelated queries, so:

- Renames TaintedUrlSuffix.qll to TaintedUrlSuffixCustomizations.qll
- Make the flow label class abstract
- Adds a new TaintedUrlSuffix.qll that re-exports the above file and also materialises the flow label
- Import the *Customizations.qll file from contexts where we don't want to materialise the flow label
 2024-12-09 14:59:29 +01:00
Asger F
d1694013ff JS: Update test showing accidental flow label materialisation 
This wouldn't be an issue once FlowLabel is completely deprecated but it will cause perf issues in the interim, so this is fixed in the next commit
 2024-12-09 14:59:28 +01:00
Asger F
8fe39bdd38 JS: Update query's own output after test changes 2024-12-09 14:59:27 +01:00
Asger F
71a6a47713 JS: Fix issue with new RegExp().exec() 2024-12-09 14:59:25 +01:00
Asger F
f6d0835c64 JS: Show problem with new RegExp().exec() 2024-12-09 14:59:24 +01:00
Asger F
ef833de60e JS: Replace DocumentUrl with TaintedUrlSuffix 2024-12-09 14:59:23 +01:00
Asger F
e2b2d1c9ab JS: Allow arbitrary comments in ConsistencyChecking 
Because line comments cannot be used inside JSX elements
 2024-12-09 14:59:21 +01:00
Asger F
712c69ebc8 JS: Fixup the test expectations 2024-12-09 14:59:19 +01:00
Asger F
f8ff504f5c JS: Add ClientSideUrlRedirect test consistency 
Update Consistency.ql again
 2024-12-09 14:59:18 +01:00
github-actions[bot]
cf71a1525b Post-release preparation for codeql-cli-2.20.0 2024-12-04 18:36:17 +00:00