codeql

mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00

Author	SHA1	Message	Date
semmle-qlci	7265e94028	Merge pull request #3578 from erik-krogh/HtmlGuard Approved by asgerf	2020-06-01 13:25:02 +01:00
Asger Feldthaus	707b0f33a0	JS: Use in ContainsHTMLGuard	2020-06-01 12:06:40 +01:00
Robert Brignull	6e0552c074	add more code-scanning suites	2020-06-01 11:45:46 +01:00
Asger Feldthaus	fa1a6eefa7	JS: Add StringOps::RegExpTest	2020-06-01 11:43:50 +01:00
semmle-qlci	14be4fedf7	Merge pull request #3594 from erik-krogh/CachedExprStringValue Approved by asgerf	2020-05-30 16:56:40 +01:00
Erik Krogh Kristensen	dfd35aee61	autoformat	2020-05-30 14:50:13 +02:00
Erik Krogh Kristensen	3b4e57ab8d	autoformat	2020-05-30 12:45:51 +02:00
Erik Krogh Kristensen	f7ad210331	use SSA instead of internal AccessPath API	2020-05-29 13:08:19 +02:00
Erik Krogh Kristensen	05bfba4f99	use getImmediatePredecessor instead of getALocalSource()	2020-05-29 13:01:09 +02:00
Erik Krogh Kristensen	5bb308dc8f	sanitize variables used in an HTML escaping switch-case	2020-05-28 12:37:41 +02:00
Erik Krogh Kristensen	1a2db10a90	recognize barrier guard where the result is stored in a variable	2020-05-28 10:24:42 +02:00
Erik Krogh Kristensen	562a38cdd5	add ContainsHTMLGuard	2020-05-28 10:24:42 +02:00
semmle-qlci	083b8ef8e5	Merge pull request #3568 from asger-semmle/js/avoid-accidental-string-coercion Approved by erik-krogh	2020-05-27 20:46:54 +01:00
Erik Krogh Kristensen	33da82d884	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566	2020-05-27 12:21:14 +00:00
Erik Krogh Kristensen	d05a61c745	Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3566	2020-05-27 12:12:08 +00:00
Erik Krogh Kristensen	dbc25ca3fb	cache Expr::getStringValue	2020-05-26 22:17:00 +02:00
Erik Krogh Kristensen	63a14d1b96	use HtmlConcatenationLeaf	2020-05-26 18:33:29 +02:00
Erik Krogh Kristensen	9b047f6f03	use the DOTALL flag	2020-05-26 14:53:33 +02:00
Erik Krogh Kristensen	fd561d1ce2	remove temporary comment Co-authored-by: Asger F <asgerf@github.com>	2020-05-26 14:37:02 +02:00
Erik Krogh Kristensen	124c4cb15e	Merge branch 'master' of github.com:github/codeql into OptionalSanitizer	2020-05-26 13:59:57 +02:00
Erik Krogh Kristensen	e5afdc53be	use HtmlSanitizerCall to recognize sanitizers	2020-05-26 13:34:49 +02:00
Erik Krogh Kristensen	3e3372be4b	recognize DOMPurify.sanitize as a HTML sanitizer	2020-05-26 13:34:33 +02:00
Jonas Jensen	5deeda0337	Merge pull request #3387 from geoffw0/tostringperf C++: Eliminate recursion from toString().	2020-05-26 13:24:43 +02:00
semmle-qlci	be5b343a0c	Merge pull request #3564 from max-schaefer/js/reflective-argument-access Approved by asgerf	2020-05-26 12:09:13 +01:00
Asger Feldthaus	75fee22f1e	JS: Avoid string coercion in JSXName.getValue	2020-05-26 12:03:02 +01:00
Erik Krogh Kristensen	ad40c4b0f2	add a sanitizer guard for safe attribute string concatenations	2020-05-26 12:36:47 +02:00
Erik Krogh Kristensen	a9bea63019	recognize more HTML attribute concatenations	2020-05-26 12:36:24 +02:00
semmle-qlci	4b0354c4bc	Merge pull request #3555 from max-schaefer/js/require-flow Approved by asgerf	2020-05-26 10:54:21 +01:00
semmle-qlci	4b56229ca0	Merge pull request #3527 from esbena/js/fastify Approved by asgerf	2020-05-26 10:44:59 +01:00
Max Schaefer	9d3a9d71f1	JavaScript: Add basic support for reasoning about reflective parameter accesses. Currently, only `arguments[c]` for a constant value `c` is supported. This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.	2020-05-26 09:59:29 +01:00
Erik Krogh Kristensen	9254df1f78	sanitize optionally sanitized values	2020-05-26 00:09:11 +02:00
Erik Krogh Kristensen	8fac3a1403	add IsEmptyGuard to TaintTracking	2020-05-26 00:09:08 +02:00
Jonas Jensen	6fc9e1d84c	C++/JavaScript: Improve CodeDuplication.qll QLDoc I took most of the docs from the corresponding predicates in JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding predicate but didn't have QLDoc, I added new QLDoc to both.	2020-05-25 18:59:48 +02:00
Max Schaefer	573fdaa424	JavaScript: Track `require` through local data flow.	2020-05-24 20:00:10 +01:00
semmle-qlci	b9ecf1a304	Merge pull request #3447 from erik-krogh/LibCmdInjection Approved by asgerf, mchammer01	2020-05-22 17:10:57 +01:00
Erik Krogh Kristensen	b297837969	Apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2020-05-21 14:32:02 +02:00
Esben Sparre Andreasen	e588e59f9b	JS: fixup	2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen	c400b45cd6	JS: make the Fastify model support `isUserControlledObject`	2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen	894033df8a	JS: de-boilerplate the fastify model: address expr/dataflow comments	2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen	74fc33e2a8	JS: make the qldoc check happy	2020-05-21 13:42:27 +02:00
Esben Sparre Andreasen	a76c70d2d7	JS: model fastify	2020-05-21 13:42:27 +02:00
semmle-qlci	8df7b7c42a	Merge pull request #3525 from erik-krogh/ZipTaint Approved by asgerf	2020-05-20 16:45:02 +01:00
Erik Krogh Kristensen	a23cde1354	autoformat	2020-05-20 15:36:46 +02:00
Erik Krogh Kristensen	5a3eec87c0	rename isTaintedPathStep to isPosixPathStep	2020-05-20 13:44:14 +02:00
Erik Krogh Kristensen	97c199e10d	update docstring Co-authored-by: Asger F <asgerf@github.com>	2020-05-20 13:40:12 +02:00
semmle-qlci	2bbc1c2af0	Merge pull request #3478 from erik-krogh/PromiseAll Approved by asgerf, esbena	2020-05-20 11:03:05 +01:00
semmle-qlci	29b8a0db92	Merge pull request #3508 from asger-semmle/js/shared-data-flow-node Approved by esbena	2020-05-20 10:58:09 +01:00
Erik Krogh Kristensen	33e0f25f3c	use NodeJSLib::Path instead of DataFlow::moduleMember	2020-05-20 10:30:23 +02:00
Erik Krogh Kristensen	7c51dff0f7	share implementation between TaintedPath and ZipSlip	2020-05-20 10:10:04 +02:00
Erik Krogh Kristensen	5b569a4d6d	add a sanitizer for chained replace-calls	2020-05-19 19:16:58 +02:00

... 66 67 68 69 70 ...

6144 Commits