codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Asger F	53efb5837b	JS: Update some tests with provenance columns Only includes the changes that purely contain the new provenance columns	2024-06-26 13:51:44 +02:00
Asger F	fcfab5238e	JS: Port CodeInjection	2023-10-13 13:15:03 +02:00
jorgectf	2ac334bf15	Adapt `Webix` modeling to support HTML use-cases	2023-06-28 15:26:30 +02:00
jorgectf	6947e99c15	Add models for `webix` Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>	2023-06-22 01:07:33 +02:00
Asger F	1a9956354e	JS: Restrict getInput to indirect command injection query	2023-05-03 16:10:03 +02:00
Asger F	08785a4063	JS: Add sources from actions/core	2023-05-01 11:42:17 +02:00
Asger F	cb95dbfa14	JS: Add tests	2023-05-01 11:42:17 +02:00
erik-krogh	6192544fb4	add test for express-ws as a source	2023-02-13 15:26:50 +01:00
erik-krogh	02da718786	add code-injection sink for node-pty	2023-01-30 15:14:25 +01:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
erik-krogh	a35fe1ffab	Merge branch 'main' into js-followMsg	2022-09-08 13:09:15 +02:00
erik-krogh	6447234428	recognize calls to Function where spread arguments are used	2022-09-07 22:55:51 +02:00
erik-krogh	e829387cdb	add failing test for call the Function with a spread argument	2022-09-07 22:54:21 +02:00
erik-krogh	aa56ca37ae	make the alert messages of taint-tracking queries more consistent	2022-09-05 14:04:52 +02:00
Erik Krogh Kristensen	68a5c1f5b5	add code-injection sink for calls to node	2022-02-07 13:34:18 +01:00
Max Schaefer	ce24215dd5	JavaScript: Improve modelling of `Module.prototype._compile` sink.	2021-07-12 15:32:21 +01:00
Erik Krogh Kristensen	2ba2642c7a	add more template sinks for the `js/code-injection` query	2021-06-22 20:24:42 +02:00
Asger Feldthaus	710cca5395	JS: Update expectations with new sources	2021-03-16 13:28:12 +00:00
Erik Krogh Kristensen	39591687ba	add `js/code-injection` sink for script tags in React	2021-01-29 12:50:17 +01:00
Asger Feldthaus	6211fe718b	JS: Add test	2020-12-01 17:05:48 +00:00
Max Schaefer	e1d90e90ad	JavaScript: Add modelling for `Module.prototype._compile`.	2020-10-19 09:42:17 +01:00
Erik Krogh Kristensen	b8154d41b1	type-track objects where the "$where" property has been written	2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen	210e71cd93	update expected output	2020-06-16 21:52:59 +02:00
Erik Krogh Kristensen	c375a0c611	fix compilation and update expected output	2020-06-11 11:16:38 +02:00
semmle-qlci	14664be467	Merge pull request #3468 from p0/imp/nodejs-vm-sinks Approved by esbena	2020-05-18 11:10:13 +01:00
Pavel Avgustinov	ab2d059ed4	JavaScript: Model extra sinks in `vm` module	2020-05-14 10:01:40 +01:00
Esben Sparre Andreasen	7722d77c86	JS: add the NoSQL $where as a sink for js/code-injection	2020-05-13 08:30:22 +02:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Max Schaefer	6964945c74	JavaScript: Restrict `edges` to only contain `nodes`.	2019-10-29 15:03:52 +00:00
Esben Sparre Andreasen	f3de75ae07	JS: update a js/code-injection test	2019-09-11 09:45:54 +02:00
Asger F	f7654d6f1c	JS: Add test	2019-09-06 14:42:07 +01:00
Max Schaefer	28d8011bcf	JavaScript: Add models for popular base64 transcoders.	2019-03-13 08:20:58 +00:00
Asger F	50a77ea843	JS: update test expectations	2019-03-06 08:41:03 +00:00
Max Schaefer	b4f400fb23	Merge remote-tracking branch 'upstream/next' into qlucie/master	2019-01-04 10:35:57 +00:00
Asger F	bc3b983768	JS: move CodeInjection tests into subfolder	2018-11-20 14:24:37 +00:00

35 Commits