hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

4416 Commits

Author SHA1 Message Date
Asger F
32f020ee6f JS: Port tutorial query1 2024-12-02 10:04:00 +01:00
Asger F
9c6b6981e2 JS: Add test to restrict dependencies 2024-11-29 14:23:56 +01:00
Asger F
2f0c80a98b JS: Include summary steps in type tracking 2024-11-29 14:23:55 +01:00
Asger F
440cbb7f0a JS: Add inline-expectation test for type tracking 2024-11-29 14:23:54 +01:00
Asger F
6349903110 JS: Move FlowSummary/Summaries.qll into testUtilities 2024-11-29 14:23:52 +01:00
Napalys
3171f38cdd JS: fixed bad alert messages when it came to incomplete sanitization for new RegExp objects 2024-11-29 11:14:45 +01:00
Napalys Klicius
9ca0fe4cbf Update RegExp handling and add test case 
Co-authored-by: erik-krogh <erik-krogh@github.com>
 2024-11-28 14:13:40 +01:00
Napalys
1d2e08a3b6 JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer 2024-11-28 11:26:58 +01:00
Napalys
62194f5337 JS: add test cases RegExp with unknown flags 2024-11-28 11:26:57 +01:00
Napalys
e673348ed3 JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information 2024-11-28 11:26:56 +01:00
Napalys
a2c46749c6 JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects 2024-11-28 11:26:55 +01:00
Napalys
1ca57cfb9d JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results 2024-11-28 11:26:54 +01:00
Napalys
c71778f1aa JS: xss does not flag anymore replace with RegExp unknown flags 2024-11-28 11:26:53 +01:00
Napalys
dbae553146 JS: add xss test cases with unknownflags for replace using RegExp 2024-11-28 11:26:52 +01:00
Napalys
fe28657c7d JS: add test cases with unknown flags for double escaping, works as expected. 2024-11-28 11:26:51 +01:00
Napalys
98fd97799c JS: imcomplete sanization now handles properly maybe global 2024-11-28 11:26:50 +01:00
Napalys
1ae174849f JS: incomplete sanitization now also works with RegExp objects 2024-11-28 11:26:48 +01:00
Napalys
76318035ff JS: Add test cases for RegExp object usage in replace within incomplete sanitization 2024-11-28 11:26:47 +01:00
Napalys
9c2366a660 JS: Added tests for ReDos with unknownFlags, everything seems to be good 2024-11-28 11:26:46 +01:00
Napalys
875478c1c6 JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall 2024-11-28 11:26:45 +01:00
Napalys
aa557cf950 JS: Added tests for DotRemovingReplaceCall with RegExp Object. 2024-11-28 11:26:44 +01:00
Napalys
a0df33c3ac JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives. 2024-11-28 11:26:43 +01:00
Napalys
155f1fca85 JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal 2024-11-28 11:26:42 +01:00
Napalys
23b18aeca9 JS: Now unknown flags are not flagged in taint paths 2024-11-28 11:26:41 +01:00
Napalys
7db6f7c721 JS: Added test cases with new RegExp for Tainted paths, currently works only with literals 2024-11-28 11:26:39 +01:00
Napalys
faef9dd877 JS: protyte poluting now treats unknownFlags as potentially good sanitization. 2024-11-28 11:26:38 +01:00
Napalys
41fef0f2b3 JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting 2024-11-28 11:26:37 +01:00
Napalys
18c7b18f82 JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged. 2024-11-28 11:26:36 +01:00
Napalys
89f3b6f8d3 JS: Added test case for bad sanitizer with unknown flags, currently not flagged. 2024-11-28 11:26:35 +01:00
Napalys
38be0e4c0a JS: Now BadHtmlSanitizers also flags new RegExp as potential issue 2024-11-28 11:26:34 +01:00
Napalys
41f21d429b JS: Added test case which is not flagged but should be abusing new RegExp with global flag 2024-11-28 11:26:33 +01:00
Asger F
805fd0b46e JS: Refine speculative step definition 2024-11-26 15:56:56 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
82d61e4194 Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main 2024-11-26 15:36:16 +01:00
Asger F
f073f3b791 JS: Rename file to foo.test.js 2024-11-26 13:44:00 +01:00
Asger F
65da9b41b5 JS: Add cross-file test in InsecureRandom 2024-11-26 13:43:24 +01:00
Asger F
b4bd8e701c JS: Add test for file classification change 2024-11-26 12:33:39 +01:00
Napalys Klicius
e9dff4d68f Merge pull request #17953 from Napalys/napalys/ts57 
JS: upgrade TypeScript to 5.7
 2024-11-25 14:16:40 +01:00
Napalys Klicius
d6372aebc7 Update javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-25 12:12:12 +01:00
Napalys
e38b63ebcd JS: previously js/case-sensitive-middleware-path was not taking into consideration unknown flags 2024-11-25 11:56:06 +01:00
Napalys
178da21fb8 JS: Added test case for CWE-178 RegExp with unknown flags 2024-11-25 11:53:00 +01:00
Napalys Klicius
61e00861e5 Merge pull request #18008 from Napalys/napalys/ES2024-group-functions 
JS: Added support for [Object, Map].groupBy ES2024 feature
 2024-11-21 19:03:57 +01:00
Napalys Klicius
edb9b47111 Merge pull request #18047 from Napalys/napalys/ES2023-string-protytpe-toWellFormed 
JS: Added taint-step String.prototype.toWellFormed ES2023 feature
 2024-11-21 14:01:21 +01:00
Asger F
930a7b6e28 JS: Update output changes to nodes/edges/subpaths 2024-11-21 13:33:39 +01:00
Asger F
7a77432024 JS: Update lost result in insecure-download 
The VariableCapture library consumes one component of the access path limit, which means we lose this result
 2024-11-21 13:33:10 +01:00
Asger F
1ac7591faf JS: Update missed flow in capture-flow.js 
We previously caught this flow because of a heuristic in capture flow. We'll have to fix it properly later.
 2024-11-21 12:57:34 +01:00
Asger F
84820adf3c Add test for exception flow out of finally() 2024-11-21 11:01:03 +01:00
Asger F
948d21ca07 JS: Propagate exceptions from summarized callables by default 2024-11-21 10:24:31 +01:00
Asger F
dcdb2e5133 JS: Fix callback check so it works without parameters 2024-11-21 10:24:29 +01:00
Asger F
b7dd455aff JS: Add test case 2024-11-21 09:21:36 +01:00