codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
erik-krogh	23add8a72b	recognize `passcode` as sensitive	2022-11-09 11:30:57 +01:00
erik-krogh	e0bcfe2afb	add failing test	2022-11-09 11:30:31 +01:00
Erik Krogh Kristensen	e01cbb2ffa	Merge pull request #10378 from erik-krogh/aliasFlow JS: expand localFieldStep to use access-paths, and build access-paths in more cases	2022-11-08 14:26:12 +01:00
Asger F	92e8f059c8	JS: Avoid emitting column zero in yaml files	2022-11-08 11:38:26 +01:00
Asger F	a887ff4f09	JS: Add test cases to include results with column-zero end locations	2022-11-07 15:13:25 +01:00
Erik Krogh Kristensen	d67235b3c1	Merge pull request #11071 from erik-krogh/fixCanon ReDoS: fix canonicalization in NfaUtils	2022-11-07 14:10:50 +01:00
erik-krogh	fc38bf0429	Merge branch 'main' into aliasFlow	2022-11-07 09:46:48 +01:00
erik-krogh	40032f295a	treat arrays that gets executed with shell:true as a sink for `js/shell-command-constructed-from-input`	2022-11-07 09:19:05 +01:00
erik-krogh	bc5b7455cf	add failing test	2022-11-07 09:14:52 +01:00
erik-krogh	655b4a4d17	recognize more re-exported values as exported	2022-11-03 11:08:00 +01:00
erik-krogh	94e864e933	add failing test	2022-11-03 11:04:04 +01:00
erik-krogh	851d53d56b	don't sanitize calls through substring calls that just remove the start	2022-11-01 22:51:07 +01:00
erik-krogh	08bc14f598	add failing test	2022-11-01 22:50:13 +01:00
erik-krogh	15416a9c86	fix getCanonicalCharClass in NfaUtils	2022-11-01 21:35:07 +01:00
erik-krogh	78e35e2f29	add failing test	2022-11-01 21:33:19 +01:00
erik-krogh	6f3ca40fed	expand the explanation to include with arguments make the commands vulnerable	2022-11-01 14:24:23 +01:00
erik-krogh	fc2112831c	add second-order-command-injection query	2022-10-30 21:20:47 +01:00
erik-krogh	0a7e797090	update expected outputs after reordering tests	2022-10-28 10:16:21 +02:00
erik-krogh	946720f414	reorder the CWE-078 tests into subdirectories	2022-10-28 10:16:21 +02:00
Erik Krogh Kristensen	bbdda9ef70	Merge pull request #10727 from erik-krogh/js-last-msg JS: fix some more style-guide violations in the alert-messages	2022-10-27 15:48:12 +02:00
Erik Krogh Kristensen	cecb498bf3	Merge pull request #10984 from tyage/add-next-js-source JS: Add Next.js parameters as source	2022-10-27 10:36:12 +02:00
tyage	54050bf1b6	update test result `XssWithAdditionalSources`	2022-10-27 10:23:37 +09:00
erik-krogh	0f9b4334cc	remove some FPs in `js/password-in-configuration-file`	2022-10-26 11:51:56 +02:00
tyage	232893aafa	make query parameters in ServerSideProps and next/router as a RemoteFlowSource	2022-10-26 14:41:07 +09:00
tyage	1f4fc7fc2d	add params, query to test	2022-10-26 10:53:11 +09:00
tyage	06925681b0	add test for context.params	2022-10-26 10:53:11 +09:00
erik-krogh	7500a31814	fix that js/file-system-race could have FPs related to loops	2022-10-11 13:41:51 +02:00
Asger F	67cef92f94	JS: Rewrite to use DataFlow::Node API and restrict context	2022-10-10 16:08:21 +02:00
erik-krogh	368f84785b	fix some more style-guide violations in the alert-messages	2022-10-07 11:22:22 +02:00
tyage	ddc8f72ef7	accept test result Xss.qlref	2022-10-06 18:23:10 +09:00
tyage	f47c02431a	Merge branch 'main' into property-stringify	2022-10-04 09:57:54 +01:00
tyage	192c1f3d89	make test json.stringify	2022-10-04 17:40:52 +09:00
tyage	726cd2ca8a	refactor test	2022-10-04 17:11:37 +09:00
tyage	2006ae8332	rename file	2022-10-04 17:05:15 +09:00
tyage	33d204913c	add test for json stringify xss	2022-10-04 14:45:09 +09:00
Nick Rolfe	ef8ec0878a	Merge pull request #10641 from github/nickrolfe/a_an JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 12:17:15 +01:00
Nick Rolfe	ed74e0aad1	JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 10:37:52 +01:00
erik-krogh	9f2d7dfb29	update expected output	2022-09-29 22:48:41 +02:00
erik-krogh	0a5ff1b79a	recognize another kind of dummy passwords to fix an FP in hardcoded-credentials	2022-09-29 21:25:40 +02:00
Asger F	11ba0f0bbe	Merge pull request #10253 from asgerf/js/type-defs-squashed JS: Add generated typings to SQL models	2022-09-23 11:34:01 +02:00
erik-krogh	dcdff7a995	Merge branch 'main' into aliasFlow	2022-09-22 16:01:31 +02:00
Asger F	718649d505	Merge pull request #10490 from asgerf/js/remove-old-docs JS: Remove old Portal-based flow summary implementation	2022-09-22 16:01:30 +02:00
Erik Krogh Kristensen	2fe6d1f562	Merge pull request #10470 from erik-krogh/flowParse JS: Try to parse files without using our parser extensions before enabling the extensions	2022-09-22 14:58:43 +02:00
Asger F	df44076435	JS: Remove Portal-based flow summary implementation	2022-09-22 11:28:31 +02:00
Erik Krogh Kristensen	0720fa75df	Merge pull request #10286 from erik-krogh/js-followMsg JS: change alert messages of path queries to use the same template	2022-09-20 16:12:45 +02:00
Asger F	47f1d62569	JS: Add generated typings to SQL models	2022-09-20 11:40:16 +02:00
erik-krogh	fb5a04a71d	filter out "file read after existence check" from js/file-system-race	2022-09-19 13:26:10 +02:00
erik-krogh	ccae0933c7	try to parse JS files without using the supported extensions	2022-09-19 12:20:20 +02:00
erik-krogh	a16233aa7d	add failing parse test	2022-09-19 12:16:45 +02:00
Asger F	ab296d4d62	Merge pull request #10396 from asgerf/js/regexp-always-matches-fp JS: Fix FP in js/regexp/always-matches	2022-09-19 09:32:00 +02:00

... 7 8 9 10 11 ...

2315 Commits