hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

4435 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c82d8cbacc Merge pull request #11013 from erik-krogh/sndCmd 
JS: second-order-command-injection
 2022-11-04 10:58:50 +01:00
erik-krogh
655b4a4d17 recognize more re-exported values as exported 2022-11-03 11:08:00 +01:00
erik-krogh
94e864e933 add failing test 2022-11-03 11:04:04 +01:00
erik-krogh
851d53d56b don't sanitize calls through substring calls that just remove the start 2022-11-01 22:51:07 +01:00
erik-krogh
08bc14f598 add failing test 2022-11-01 22:50:13 +01:00
erik-krogh
15416a9c86 fix getCanonicalCharClass in NfaUtils 2022-11-01 21:35:07 +01:00
erik-krogh
78e35e2f29 add failing test 2022-11-01 21:33:19 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
erik-krogh
6f3ca40fed expand the explanation to include with arguments make the commands vulnerable 2022-11-01 14:24:23 +01:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
erik-krogh
0a7e797090 update expected outputs after reordering tests 2022-10-28 10:16:21 +02:00
erik-krogh
946720f414 reorder the CWE-078 tests into subdirectories 2022-10-28 10:16:21 +02:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Erik Krogh Kristensen
cecb498bf3 Merge pull request #10984 from tyage/add-next-js-source 
JS: Add Next.js parameters as source
 2022-10-27 10:36:12 +02:00
tyage
54050bf1b6 update test result XssWithAdditionalSources 2022-10-27 10:23:37 +09:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
Alvaro Muñoz
a80b691358 Remove unnecessary TaggedTemplateEntryPoint 2022-10-25 11:44:45 +02:00
Alvaro Muñoz
37ea3f23f1 Refactored ReplySource to ReplyCall. Got rid of unnecessary ref() 2022-10-25 11:42:48 +02:00
Alvaro Muñoz
c7ac237968 Update test results after merging new XSS improvements 2022-10-19 23:41:37 +02:00
Alvaro Muñoz
2ad5a70cf1 Merge branch 'main' into restify_improvements 2022-10-19 21:57:37 +02:00
Alvaro Muñoz
245be44eac Merge branch 'main' into javascript_xss_improvements 2022-10-19 18:18:19 +02:00
Alvaro Muñoz
31d271b8e1 Fix format errors 2022-10-19 17:32:34 +02:00
Alvaro Muñoz
b79f7f3e95 Address code review comments 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-18 21:42:15 +02:00
Alvaro Muñoz
6ab62da015 Add Restify/Spife support 2022-10-18 21:41:34 +02:00
Alvaro Muñoz
744cea9baa add tests 2022-10-13 15:19:29 +02:00
Alvaro Muñoz
468628525e Change to camelcase 2022-10-13 12:18:07 +02:00
Alvaro Muñoz
ea8edb8408 initial tests 2022-10-13 11:32:21 +02:00
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
tyage
f47c02431a Merge branch 'main' into property-stringify 2022-10-04 09:57:54 +01:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
erik-krogh
9f2d7dfb29 update expected output 2022-09-29 22:48:41 +02:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Asger F
d1e19a313b JS: Update test case to clarify choice of sinks 2022-09-23 09:18:15 +02:00
erik-krogh
dcdff7a995 Merge branch 'main' into aliasFlow 2022-09-22 16:01:31 +02:00
Asger F
718649d505 Merge pull request #10490 from asgerf/js/remove-old-docs 
JS: Remove old Portal-based flow summary implementation
 2022-09-22 16:01:30 +02:00
Erik Krogh Kristensen
2fe6d1f562 Merge pull request #10470 from erik-krogh/flowParse 
JS: Try to parse files without using our parser extensions before enabling the extensions
 2022-09-22 14:58:43 +02:00
Asger F
df44076435 JS: Remove Portal-based flow summary implementation 2022-09-22 11:28:31 +02:00
Erik Krogh Kristensen
0720fa75df Merge pull request #10286 from erik-krogh/js-followMsg 
JS: change alert messages of path queries to use the same template
 2022-09-20 16:12:45 +02:00