hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

2303 Commits

Author SHA1 Message Date
Asger Feldthaus
a03cb11257 JS: Include $().prop() source in XssThroughDom 2021-03-11 16:27:31 +00:00
Asger Feldthaus
18cfe72e99 JS: Add model of d3 2021-03-11 10:05:05 +00:00
Erik Krogh Kristensen
11793800ad support subrouters, and engine registrations with file extensions 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
28951e98c4 add engine filter to js/template-object-injection 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
b30484dd69 behaviour preserving refactorization into modules 2021-03-09 16:17:29 +01:00
Erik Krogh Kristensen
caf1dbdc46 move TemplateObjectInjection out of experimental 2021-03-09 11:29:45 +01:00
Erik Krogh Kristensen
29ae737475 update expected output for MalformedRegExp 2021-03-08 13:50:58 +01:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
CodeQL CI
15049ca853 Merge pull request #5183 from erik-krogh/next 
Approved by asgerf
 2021-03-04 04:57:43 -08:00
Asger Feldthaus
6e0322dc60 JS: Add DeepResourceExhaustion test 2021-03-02 13:56:43 +00:00
Asger Feldthaus
88e5348da9 JS: Move RemotePropertyInjection test into subfolder 2021-03-02 13:56:39 +00:00
Asger Feldthaus
fd9604c5ef JS: Update expected output for poly ReDoS 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
36049f05f8 update Next.js xss example such that the attack is viable 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
Max Schaefer
2e252ba3e4 JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes. 2021-02-25 09:06:58 +00:00
Max Schaefer
ae2a5da63f JavaScript: Add new tests for recognising receiver of event handler as DOM element. 2021-02-25 09:04:46 +00:00
Asger F
b8e1987cad Update javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-02-22 10:08:56 +00:00
Asger Feldthaus
e964771e9c JS: Add test 2021-02-22 09:47:21 +00:00
CodeQL CI
8716cbd7ee Merge pull request #5140 from erik-krogh/mark 
Approved by asgerf
 2021-02-17 11:50:11 -08:00
CodeQL CI
b5143dbdb4 Merge pull request #5117 from erik-krogh/parseForm 
Approved by asgerf
 2021-02-15 04:30:59 -08:00
Erik Krogh Kristensen
69d8aa143c add taint step for the snarkdown libary 2021-02-11 16:16:46 +01:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen
e2fbf8a68c add files uploaded with multer as RemoteFlowSource 2021-02-11 09:33:15 +01:00
Erik Krogh Kristensen
7cff1f441b add model for the unified and remark libraries 2021-02-10 18:13:01 +01:00
Erik Krogh Kristensen
0d497e8b9a add model for the showdown library 2021-02-10 17:22:42 +01:00
Erik Krogh Kristensen
f76018c039 add taint step for the markdown-table library 2021-02-10 15:11:41 +01:00
Erik Krogh Kristensen
b4704f7016 add taint-step for the marked library 2021-02-10 14:51:08 +01:00
Erik Krogh Kristensen
101d4358a9 detect DOM nodes from event callbacks 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
be9636491b add source for react-hook-form in xss-through-dom 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
65d93c9061 detect for DOM elements from DOM events in React 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
458dda9d25 add xss-through-dom source from react-final-form 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
ff3950ce98 add model for formik 2021-02-10 14:17:49 +01:00
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00