hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

10776 Commits

Author SHA1 Message Date
bananabr
57fac949fd included ClipboardEvent and DragEvent as XSS sources 2022-04-11 16:37:00 -05:00
Erik Krogh Kristensen
aafa8ddc9f add support for domNode.onpaste for copy-paste events 2022-04-11 20:10:56 +02:00
Erik Krogh Kristensen
6713b2c671 add support for domNode.ondrop for drag-and-drop events 2022-04-11 20:06:12 +02:00
bananabr
121aad7fd2 updated change notes 2022-04-11 12:45:37 -05:00
CodeQL CI
9c8dee2a4d Merge pull request #8687 from asgerf/js/missing-flow-fixes 
Approved by erik-krogh
 2022-04-11 14:08:15 +01:00
bananabr
0f1582f3f6 included JavaScript drag and drop API Xss sources 2022-04-09 22:33:30 -05:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
annarailton
8ae905aef9 Update endpointTypeEncoded -> label 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
 2022-04-08 10:22:13 +01:00
annarailton
b0ab7218db Add test for query mappings 2022-04-08 10:22:13 +01:00
annarailton
4808eb9926 Change encoding -> label and description -> labelName 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
 2022-04-08 10:22:13 +01:00
annarailton
de4e01a8f2 Change NotASinkType to NegativeType 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1819
 2022-04-08 10:22:13 +01:00
Asger Feldthaus
b85739cb7e JS: Update test output 2022-04-07 13:23:26 +02:00
Asger Feldthaus
81cf3d4574 JS: Use Class#getAnInstanceReference 2022-04-07 10:43:29 +02:00
Asger Feldthaus
2a67085d9d JS: Change note 2022-04-07 10:02:21 +02:00
Asger Feldthaus
4eda6f643f JS: Recognize subclasses of HTMLElement in domValueRef 2022-04-07 09:57:31 +02:00
Asger Feldthaus
cff8dc0537 JS: Improve flow through Array.prototype.reduce 2022-04-07 09:57:31 +02:00
Erik Krogh Kristensen
943af17d10 Merge pull request #8619 from erik-krogh/atmSteps 
JS-ML: fix isKnownStepSrc such that it recognizes taint-steps
 2022-04-06 12:56:53 +02:00
Erik Krogh Kristensen
0435cee57f add a taint-step through URL.createObjectURL for js/xss-through-dom 2022-04-06 12:18:47 +02:00
Erik Krogh Kristensen
b11d48e749 add files in the DOM as a source for js/xss-through-dom 2022-04-06 12:09:07 +02:00
Asger F
de169277cb Merge pull request #8576 from asgerf/js/decorated-method-or-class 
JS: Add decorator edges in API graphs and corresponding MaD tokens
 2022-04-04 12:49:28 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Stephan Brandauer
2cbb25acaa another review fix 2022-03-31 16:04:04 +02:00
Tom Hvitved
46d69cf544 Regex: Further tweaks to concretise computations 2022-03-31 12:52:43 +02:00
Tom Hvitved
5181544790 Sync shared files 2022-03-31 12:52:42 +02:00
Tom Hvitved
0fb28f4bc9 Sync shared files 2022-03-31 12:52:42 +02:00
Stephan Brandauer
8f1a3597a7 autoformat 2022-03-31 12:32:29 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Stephan Brandauer
a6d2ecdc4d review comments 2022-03-31 10:49:33 +02:00
Erik Krogh Kristensen
67e1ffdd3e fix isKnownStepSrc such that it actually includes taint/dataflow-steps 2022-03-31 09:46:01 +02:00
Erik Krogh Kristensen
e038baed36 add .gitignore ignoring test dbs 2022-03-31 09:45:28 +02:00
Chuan-kai Lin
48015e5a2e Merge pull request #8597 from cklin/run-js-ml-tests 
JS: Fix expected test output for ATM queries
 2022-03-30 13:10:02 -07:00
Chuan-kai Lin
a8dabb238d JS: Fix expected test output for ATM queries 2022-03-30 11:35:17 -07:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Erik Krogh Kristensen
48ef3b106f fix mistake in inlining 2022-03-29 23:39:22 +02:00
Erik Krogh Kristensen
090c5c39f6 add explicit this 2022-03-29 22:44:03 +02:00
Erik Krogh Kristensen
cebba05b8b rename getAClassReferenceStep to getAClassReferenceRec 2022-03-29 22:44:03 +02:00
Erik Krogh Kristensen
be6c122b27 improve the join order of getAClassReference 2022-03-29 22:44:02 +02:00
Erik Krogh Kristensen
979fa2386a autoformat 2022-03-29 22:38:23 +02:00
Asger Feldthaus
8bb58a3222 Merge branch 'js/decorated-method-or-class' of github.com:asgerf/codeql into js/decorated-method-or-class 2022-03-29 16:13:54 +02:00
Asger Feldthaus
75a84378ac JS: Do not generate def-nodes for decorated parameters 2022-03-29 16:13:45 +02:00
Asger Feldthaus
ca145f21b0 JS: Add test showing why parameter-sinks wont actually work well in JS 2022-03-29 16:06:53 +02:00
Asger Feldthaus
3bcfca421f JS: Add test case for decorated parameter sinks 2022-03-29 15:55:43 +02:00
Asger F
6e630cccc2 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-03-29 15:41:20 +02:00
Erik Krogh Kristensen
ae3b32409a update expected output of tests that relied on API::Node::toString() 2022-03-29 10:59:08 +02:00
Stephan Brandauer
9c3fcb6268 precise tracking of handlebars arguments 2022-03-28 17:26:43 +02:00
Asger Feldthaus
cf596a1856 JS: Add decorator edges in API graphs and corresponding MaD tokens 2022-03-28 15:34:40 +02:00
Erik Krogh Kristensen
20599d1846 Merge branch 'main' of github.com:github/codeql into labelNaming 2022-03-28 15:30:33 +02:00
Asger Feldthaus
e152416317 JS: write all CSV rows as literals 2022-03-28 15:30:18 +02:00