hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

6144 Commits

Author SHA1 Message Date
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Asger Feldthaus
71e3041370 JS: Fewer spurious reflected xss sinks 2021-04-23 13:15:35 +01:00
Asger Feldthaus
4f53a1ab40 JS: Cache ClassNode::Range 2021-04-23 13:15:35 +01:00
Asger Feldthaus
671e968936 JS: Model NestJS 2021-04-23 13:15:35 +01:00
Asger Feldthaus
109d1ad27f JS: Model fs.promises 2021-04-23 11:59:48 +01:00
Asger Feldthaus
822d4525af JS: Drive-by change in LogInjection 2021-04-23 11:59:48 +01:00
Asger Feldthaus
ad12f383d9 JS: Reduce reliance on RouteHandler in Express model 2021-04-23 11:59:48 +01:00
CodeQL CI
635fb4c25a Merge pull request #5685 from erik-krogh/markdownIt 
Approved by asgerf
 2021-04-22 14:55:31 -07:00
CodeQL CI
bdb41423e2 Merge pull request #5748 from asgerf/js/rate-limiting-fixes 
Approved by erik-krogh
 2021-04-22 05:56:50 -07:00
Asger Feldthaus
fe8deeaf6b JS: Autoformat 2021-04-21 23:13:57 +01:00
Asger Feldthaus
e98bfe921e JS: QLDoc 2021-04-21 22:14:50 +01:00
Asger Feldthaus
c113cfd8b7 JS: Autoformat 2021-04-21 21:13:07 +01:00
Asger Feldthaus
2c9a6e7bef JS: Cache function-wrapping steps in type-tracking stage 2021-04-21 13:45:58 +01:00
Rasmus Wriedt Larsen
08e86fdfe5 JS: Make CredentialsFunctionName use nameIndicatesSensitiveData 
Someone from JS team needs to verify that this is actually OK.
 2021-04-21 11:38:52 +02:00
Rasmus Wriedt Larsen
e977d6eb75 JS: Rewrite to use notSensitiveRegexp 2021-04-21 11:36:39 +02:00
Rasmus Wriedt Larsen
b9a1a1fd5c JS: Rewrite to use nameIndicatesSensitiveData 
I added this predicate mostly because it was nice with an easy shortcut for it,
but also since I spotted the `CredentialsFunctionName` not checking agaisnt the
regexps in `notSensitive`, which looked suspicious. So the main goal of adding
`nameIndicatesSensitiveData` is that you don't accidentially forget to ensure
that the name doesn't match against `notSensitve`.
 2021-04-21 11:36:38 +02:00
Rasmus Wriedt Larsen
b6f8e5057b JS: Rewrite to use SensitiveDataClassification::password (and like) 2021-04-21 11:36:17 +02:00
Rasmus Wriedt Larsen
94fec5f8b7 JS: Rewrite to use SensitiveDataClassification 2021-04-21 11:34:02 +02:00
Rasmus Wriedt Larsen
0d08718f08 JS: Adapt SensitiveActions to use shared lib 
Although there are warnings for the new deprecated classes/predicates, the test
in javascript/ql/test/library-tests/SensitiveActions/ passes 👍
 2021-04-21 11:34:01 +02:00
Rasmus Wriedt Larsen
775ed41592 Python: Update SensitiveDataHeuristics with newer JS version 
which also prompted me to rewrite the QLDoc for `nameIndicatesSensitiveData`
 2021-04-21 11:34:01 +02:00
Rasmus Wriedt Larsen
16b62486e9 Python: Extract SensitiveDataHeuristics to be shared with JS 
Initially I had called `nameIndicatesSensitiveData` for `maybeSensitiveName`,
which made the relationship with `maybeSensitive` and `notSensitive` quite
strange -- and therefore I added the more informative `maybeSensitiveRegexp` and
`notSensitiveRegexp`.

Although I'm no longer using `maybeSensitiveName`, and I no longer have a strong
argument for making this name change, I still like it. If someone thinks this is
a terrible idea, I'm happy to change it though 👍
 2021-04-21 11:31:28 +02:00
Asger Feldthaus
02707f0777 JS: informational -> info 2021-04-20 19:51:16 +01:00
Erik Krogh Kristensen
357e1c0802 Update javascript/ql/src/semmle/javascript/frameworks/Markdown.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-04-20 19:57:47 +02:00
Asger Feldthaus
9f8a9b9cad JS: Add taint source/sink summary queries 2021-04-20 17:10:31 +01:00
Asger Feldthaus
43ca8ea5f7 JS: Fix perf issue in forwardsParameter 2021-04-20 15:15:12 +01:00
Erik Krogh Kristensen
62dfd1fa7d improve the markdown-it model 2021-04-20 15:23:03 +02:00
Erik Krogh Kristensen
19c5889775 use mayHaveBooleanValue 2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
7046f1a902 add taint-step for markdown-it when the HTML flag is set 2021-04-20 14:39:54 +02:00
Asger Feldthaus
f8d428cb2d JS: Use function-forwarding steps when tracking rate limiters 2021-04-20 13:00:42 +01:00
Asger Feldthaus
581f4ed757 JS: Generalize handling of route handler wrapper functions 2021-04-20 12:46:40 +01:00
Erik Krogh Kristensen
9e6f28e335 fix bad join order in Xss.qll 2021-04-19 13:17:49 +02:00
Erik Krogh Kristensen
fd23e0bdda use more API nodes in XmlParsers, and recognize more results from parsing XML 2021-04-14 11:48:31 +02:00
CodeQL CI
f341d5010d Merge pull request #5662 from asgerf/js/simpler-json-api 
Approved by erik-krogh
 2021-04-13 04:37:56 -07:00
CodeQL CI
646639bc73 Merge pull request #5460 from erik-krogh/forgery-2 
Approved by asgerf
 2021-04-13 03:57:04 -07:00
Asger Feldthaus
e77117f902 JS: Autoformat 2021-04-13 10:29:14 +01:00
Asger Feldthaus
929d9da4b4 JS: Migrate to new JSON API 2021-04-13 10:29:13 +01:00
Asger Feldthaus
7c13163413 JS: Lift JSON accessors to JSONValue 2021-04-13 10:29:13 +01:00
CodeQL CI
310a2c8bb3 Merge pull request #5655 from erik-krogh/cert 
Approved by esbena
 2021-04-12 07:31:04 -07:00
Asger Feldthaus
24de826133 JS: Add file diagnostics errors 2021-04-12 14:11:38 +01:00
Erik Krogh Kristensen
172d6139e2 support all ClientRequests in js/disabling-certificate-validation 2021-04-12 15:06:10 +02:00
CodeQL CI
e8d835b422 Merge pull request #5638 from erik-krogh/smartInliner 
Approved by esbena
 2021-04-12 04:17:25 -07:00
Max Schaefer
cd57e61f65 Rename MkHasUnderlyingType to MkTypeUse. 2021-04-12 11:30:15 +02:00
Erik Krogh Kristensen
91d28fb8b0 cleanup in API-graphs 2021-04-12 11:30:15 +02:00
Erik Krogh Kristensen
17c4bbbc4e allow parameters that end with "Command" in js/shell-command-constructed-from-input 2021-04-12 09:57:40 +02:00
CodeQL CI
6fd4a8afff Merge pull request #5567 from asgerf/js/sql-models 
Approved by esbena
 2021-04-09 07:11:10 -07:00
CodeQL CI
be2fe6e171 Merge pull request #5630 from erik-krogh/urlStep 
Approved by esbena
 2021-04-09 07:05:43 -07:00
CodeQL CI
8d2768b2ce Merge pull request #5634 from erik-krogh/fileSource 
Approved by asgerf
 2021-04-09 07:04:42 -07:00
Erik Krogh Kristensen
595bdedb22 rename predicate to getStem, and update regexp 2021-04-09 13:07:54 +02:00
CodeQL CI
652e8b4872 Merge pull request #5586 from asgerf/js/tsconfig-file-inclusion-handling 
Approved by esbena
 2021-04-09 02:50:51 -07:00
CodeQL CI
ad267404c9 Merge pull request #5137 from asgerf/js/redux-less 
Approved by erik-krogh
 2021-04-09 01:24:19 -07:00