hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

33 Commits

Author SHA1 Message Date
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
3acd4814de Merge branch 'main' into js/shared-dataflow-merge-main 2024-12-19 10:14:38 +01:00
Napalys
1d2e08a3b6 JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer 2024-11-28 11:26:58 +01:00
Napalys
62194f5337 JS: add test cases RegExp with unknown flags 2024-11-28 11:26:57 +01:00
Asger F
2e2181be2c JS: Update test output that only affects nodes/edges/subpaths 2024-08-27 11:35:33 +02:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Asger F
c54f5858b1 Merge branch 'main' into js/shared-dataflow-merge-main 2024-08-22 13:22:05 +02:00
Asger F
699d3a0a0a JS: Update a RegExp injection test 
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
 2024-08-16 14:20:34 +02:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
dcc73a7f90 JS: Port RegExpInjection 2023-10-13 13:15:05 +02:00
Asger F
40daa9c906 JS: Update RegExpInjection test and expectations 2023-05-26 14:05:36 +02:00
erik-krogh
393649b7ce don't call environment variables for command-line arguments 2023-02-14 14:27:41 +01:00
erik-krogh
36478124ae add process.env and process.argv etc. as source for js/regex-injection 2023-02-14 14:21:53 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
Asger Feldthaus
16e3681fd3 JS: Update RegExpInjection test case 2021-06-22 12:00:04 +02:00
Erik Krogh Kristensen
33641c84f6 recognize sanitizing string replace call for regexp-injection 2021-05-14 11:58:27 +02:00
Erik Krogh Kristensen
ab53f3b380 add array.filter() as a taint-step 2021-05-05 12:03:14 +02:00
Asger Feldthaus
aa1c8c041e JS: Exclude client-side sources from RegExpInjection 2021-03-16 13:28:11 +00:00
Esben Sparre Andreasen
3015dcd310 JS: reformulate js/server-crash. Support promises and shorter paths. 2021-01-19 09:08:52 +01:00
Esben Sparre Andreasen
1bc7d68a50 Update javascript/ql/test/query-tests/Security/CWE-730/server-crash.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-13 14:49:42 +01:00
Esben Sparre Andreasen
d591c519a8 JS: reformulate js/server-crash as a path problem 2021-01-13 00:08:28 +01:00
Esben Sparre Andreasen
2dbd762bd9 JS: reintroduce reverted js/server-crash 
This reverts commit 0a8d15ccc4.
 2021-01-11 14:13:41 +01:00
Erik Krogh Kristensen
0d64a0f2c8 update consistency comment for CWE-730 2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen
15d74b7d03 remove FP from js/regexpinjection where no regexp was constructed 2019-12-19 10:47:03 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Esben Sparre Andreasen
3d3b7b0254 JS: fix typo in test case 2018-09-06 22:54:07 +02:00
Esben Sparre Andreasen
b9d825b379 JS: better matching of String.prototype.search in js/regex-injection 2018-09-05 08:35:00 +02:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00