hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

2415 Commits

Author SHA1 Message Date
Asger F
82682d9a62 JS: Remove a non-deprecated reference to SanitizerGuardNode 2024-12-03 14:30:03 +01:00
Asger F
bc7753de29 JS: Remove non-deprecated reference to AdditionalBarrierGuardNode 2024-12-03 14:30:02 +01:00
Asger F
0cd2e3f9eb JS: Deprecate old data flow library, except some guard-related nodes 2024-12-03 14:30:01 +01:00
Asger F
054558d7b5 JS: Include content properties in type-tracker properties 
Reminder: we have two PropertyName classes because the one in Contents.qll can't depend on DataFlow::Node.
 2024-12-03 09:58:54 +01:00
Napalys Klicius
08ef0dc1f2 Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md 
Co-authored-by: Asger F <asgerf@github.com>
 2024-12-02 13:35:52 +01:00
Asger F
cab8a40d00 JS: Fix accidental recursion 2024-11-29 14:23:57 +01:00
Asger F
2f0c80a98b JS: Include summary steps in type tracking 2024-11-29 14:23:55 +01:00
Asger F
e34064e3b5 JS: Initial instantiation of sumamry type tracking 
Instantiates the library without using it yet.
 2024-11-29 14:23:50 +01:00
Asger F
df12f255ac JS: Rename propagatesFlowExt -> propagatesFlow 2024-11-29 14:23:49 +01:00
Napalys Klicius
13afd6310b Update javascript/ql/lib/change-notes/2024-11-28-regexp-unknown-flags.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-29 08:26:04 +01:00
Napalys
d2de9a2238 Fixed change notes 2024-11-28 14:24:27 +01:00
Napalys Klicius
9ca0fe4cbf Update RegExp handling and add test case 
Co-authored-by: erik-krogh <erik-krogh@github.com>
 2024-11-28 14:13:40 +01:00
Napalys
fd773603e6 Added change notes 2024-11-28 12:04:09 +01:00
Napalys
9a1c1f4be3 JS: Added in RegExpCreationNode maybeGlobal predicate for more convenience. 2024-11-28 12:03:51 +01:00
Napalys
1d2e08a3b6 JS: now Reg Exp injection treats unknownFlags as sanitization, MetacharEscapeSanitizer 2024-11-28 11:26:58 +01:00
Napalys
e673348ed3 JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information 2024-11-28 11:26:56 +01:00
Napalys
a2c46749c6 JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects 2024-11-28 11:26:55 +01:00
Napalys
c71778f1aa JS: xss does not flag anymore replace with RegExp unknown flags 2024-11-28 11:26:53 +01:00
Napalys
875478c1c6 JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall 2024-11-28 11:26:45 +01:00
Napalys
a0df33c3ac JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives. 2024-11-28 11:26:43 +01:00
Napalys
23b18aeca9 JS: Now unknown flags are not flagged in taint paths 2024-11-28 11:26:41 +01:00
Napalys
eca7a88615 JS: Fixed docs description 2024-11-28 11:26:40 +01:00
Napalys
7db6f7c721 JS: Added test cases with new RegExp for Tainted paths, currently works only with literals 2024-11-28 11:26:39 +01:00
Napalys
faef9dd877 JS: protyte poluting now treats unknownFlags as potentially good sanitization. 2024-11-28 11:26:38 +01:00
Napalys
18c7b18f82 JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged. 2024-11-28 11:26:36 +01:00
Napalys
38be0e4c0a JS: Now BadHtmlSanitizers also flags new RegExp as potential issue 2024-11-28 11:26:34 +01:00
Asger F
805fd0b46e JS: Refine speculative step definition 2024-11-26 15:56:56 +01:00
Asger F
c94a01e6b6 JS: Remove reference to argsParseStep 
This was removed as part of the PR that introduced threat models.
 2024-11-26 15:36:47 +01:00
Asger F
bf62582f53 JS: Implement 'speculativeTaintStep' 
It is a mandatory part of the interface now; just providing a bare-bones implementation for rather than 'none()'
 2024-11-26 15:36:46 +01:00
Asger F
82d61e4194 Merge branch 'js/shared-dataflow-branch' into js/shared-dataflow-merge-main 2024-11-26 15:36:16 +01:00
Napalys Klicius
61e00861e5 Merge pull request #18008 from Napalys/napalys/ES2024-group-functions 
JS: Added support for [Object, Map].groupBy ES2024 feature
 2024-11-21 19:03:57 +01:00
Alexander Eyers-Taylor
c0474c4e45 Revert "Revert "Post-release preparation for codeql-cli-2.19.4"" 2024-11-21 15:37:52 +00:00
Alexander Eyers-Taylor
4effe9e364 Revert "Post-release preparation for codeql-cli-2.19.4" 2024-11-21 14:43:15 +00:00
Napalys Klicius
7ee0a7b398 Update javascript/ql/lib/semmle/javascript/Collections.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-21 14:02:42 +01:00
Napalys Klicius
edb9b47111 Merge pull request #18047 from Napalys/napalys/ES2023-string-protytpe-toWellFormed 
JS: Added taint-step String.prototype.toWellFormed ES2023 feature
 2024-11-21 14:01:21 +01:00
Asger F
9dad2d62d7 JS: Update DataFlowConsistency 2024-11-21 12:54:11 +01:00
Asger F
ce00bd2cc9 JS: More docs 2024-11-21 11:06:43 +01:00
Asger F
4e62a512c5 JS: Only apply exception propagator when no other summary applies 
Previously a few Promise-related methods were special-cased, which is no longer needed.
 2024-11-21 11:01:05 +01:00
Asger F
948d21ca07 JS: Propagate exceptions from summarized callables by default 2024-11-21 10:24:31 +01:00
Asger F
dcdb2e5133 JS: Fix callback check so it works without parameters 2024-11-21 10:24:29 +01:00
Napalys Klicius
82ca369dce Merge pull request #18005 from Napalys/napalys/ES2022-find-functions 
JS: Added support for Array.prototype.[findLastIndex, findLast] ES2022 feature
 2024-11-21 08:01:19 +01:00
Napalys
43eda58f83 Added change notes 2024-11-20 17:44:36 +01:00
Napalys
afc2d3e6d2 JS: Add: String.protytpe.toWellFormed to StringManipulationTaintStep 2024-11-20 17:42:25 +01:00
Napalys
64c45debdb JS: removed unnecessary getALocalSource from ArrayCallBackDataFlowStep 2024-11-20 14:57:00 +01:00
Napalys
9dbf7d1828 JS: removed unnecessary getALocalSource from ArrayCallBackDataTaintStep 2024-11-20 14:54:06 +01:00
Napalys
cdf43f7118 Added change notes 2024-11-20 14:06:44 +01:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Napalys Klicius
a957e00fe5 Merge branch 'main' into napalys/ES2024-group-functions 2024-11-20 14:03:31 +01:00
Napalys
58faa2d71e JS: Add: dataflow step for static method of groupBy from Map. 2024-11-20 13:34:11 +01:00
github-actions[bot]
3909df75dc Post-release preparation for codeql-cli-2.19.4 2024-11-19 17:54:03 +00:00