hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

6144 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
e49b5e4afc up precision from low to medium, and fix tab/spaces 2019-11-14 17:42:16 +01:00
Erik Krogh Kristensen
7137a64b7d Added query for detecting XSS that happens through an exception 2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
Esben Sparre Andreasen
bea59ec8ad JS: add some parsed torrent properties as remote flow sources 2019-11-14 13:54:19 +01:00
Erik Krogh Kristensen
538690eee6 remove duplicate reflectiveCallNode method, and removing redundant getExpr() method 2019-11-13 15:53:21 +01:00
semmle-qlci
b11a7427c2 Merge pull request #2270 from erik-krogh/reflectiveExpr 
Approved by max-schaefer
 2019-11-13 13:08:40 +00:00
Max Schaefer
f804d316d7 Update javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-13 12:24:19 +00:00
Max Schaefer
ab583b7994 JavaScript: Add query IncompleteUrlSchemeCheck.ql. 2019-11-13 10:27:18 +00:00
Max Schaefer
155cea7b5b Revert "JavaScript: Improve double-escaping query" 2019-11-12 22:54:12 +00:00
semmle-qlci
6c9f92666e Merge pull request #2285 from asger-semmle/dataflow-syntax-examples 
Approved by max-schaefer
 2019-11-12 16:50:29 +00:00
Erik Krogh Kristensen
67b38ed301 correctly weed out benign calls inside attributes 2019-11-11 15:30:33 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Asger F
a2ff4e9494 JS: member -> property 2019-11-08 16:23:59 +00:00
Asger F
2a473fb9e7 Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:15:08 +00:00
Asger F
4ad03a9061 Update javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-08 16:14:53 +00:00
Asger F
53d470da2f JS: Add syntax examples to DataFlow classes 2019-11-08 15:51:26 +00:00
Esben Sparre Andreasen
9b346b1d52 Merge pull request #2260 from max-schaefer/js/_min 
JavaScript: Classify files with names ending in `_min` as minified.
 2019-11-08 13:52:33 +01:00
semmle-qlci
867ed16777 Merge pull request #2276 from asger-semmle/inclusion-test 
Approved by max-schaefer
 2019-11-08 10:57:11 +00:00
semmle-qlci
e65271dfad Merge pull request #2251 from asger-semmle/barrier-guard-improvements 
Approved by esbena
 2019-11-07 15:50:23 +00:00
semmle-qlci
f79c2a7630 Merge pull request #2224 from asger-semmle/access-paths-with-source-node-root 
Approved by max-schaefer
 2019-11-07 15:46:14 +00:00
Asger F
8544850945 JS: Generalize StringOps::Includes to ::InclusionTest 2019-11-07 14:35:17 +00:00
Erik Krogh Kristensen
e4f6f41634 add DataFlow::getEnclosingExpr to get the an Expr from a potentially reflective call 2019-11-07 14:29:31 +01:00
Max Schaefer
e314869e5c JavaScript: Classify files with names ending in _min as minified. 
We already do the same for `-min` and `.min`. [Here](https://github.com/antoniogarrote/rdfstore-js/blob/master/dist/rdfstore_min.js) is a real-world example.
 2019-11-07 10:33:47 +00:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Asger F
d9beb54dde Merge pull request #2102 from erik-krogh/deferredModel 
JS: add Deferred model in js/use-of-returnless-function
 2019-11-06 14:30:03 +00:00
semmle-qlci
f73caac88d Merge pull request #2254 from asger-semmle/for-of-propread 
Approved by max-schaefer
 2019-11-06 13:44:55 +00:00
Erik Krogh Kristensen
19554ff6e7 change "e.g." to "for example" in qldoc 2019-11-06 13:37:54 +01:00
Asger F
3ec95881b4 Update javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-06 11:58:06 +00:00
Asger F
7e80823cb6 JS: Fix deprecated API usage 2019-11-06 11:58:06 +00:00
Asger F
b373901e11 JS: Avoid leading dot in access paths 2019-11-06 11:58:06 +00:00
Asger F
c365833731 JS: Refactor the public access path API 2019-11-06 11:58:06 +00:00
Asger F
e90516d4d8 JS: Dont use getALocalSource in fromRhs 2019-11-06 11:58:06 +00:00
Asger F
bc35f24f31 JS: Generalize access paths to arbitrary root nodes 2019-11-06 11:58:06 +00:00
Asger F
7a7a8b2b09 JS: More steps in getImmediatePredecessor 2019-11-06 11:58:06 +00:00
semmle-qlci
04f0c22f24 Merge pull request #2203 from erik-krogh/ignorePureFunction 
Approved by max-schaefer, mchammer01
 2019-11-06 09:09:11 +00:00
Erik Krogh Kristensen
16b63b3d01 move deferred model to the query where it is used 2019-11-05 15:45:17 +01:00
Erik Krogh Kristensen
7045cd2648 Merge remote-tracking branch 'upstream/master' into deferredModel 2019-11-05 15:08:47 +01:00
semmle-qlci
1fe5a9e7e7 Merge pull request #2236 from max-schaefer/js/data-flow-exploration 
Approved by erik-krogh, esbena
 2019-11-05 12:15:00 +00:00
semmle-qlci
794d5bda6d Merge pull request #2116 from erik-krogh/arrayCBRet 
Approved by max-schaefer
 2019-11-05 11:32:13 +00:00
Asger F
d8f3a2c550 JS: Add lvalue of for..of loop as a PropRead 2019-11-05 10:01:18 +00:00
semmle-qlci
eb6e8866fa Merge pull request #2247 from max-schaefer/odasa-8149 
Approved by asger-semmle, esbena
 2019-11-05 09:40:54 +00:00
Erik Krogh Kristensen
bdb81c268c change tense 2019-11-04 18:56:03 +01:00
Erik Krogh Kristensen
8ebfe15f0d apply doc feedback from mchammer01 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
 2019-11-04 18:54:43 +01:00
Erik Krogh Kristensen
6cac9619d3 add missing not 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-11-04 18:44:13 +01:00
Max Schaefer
016808b92e JavaScript: Address review comments. 2019-11-04 17:00:12 +00:00
Max Schaefer
770a4703c9 Merge pull request #2237 from asger-semmle/typescript3.7-rc 
TS: Add support for TypeScript 3.7
 2019-11-04 16:36:11 +00:00
Esben Sparre Andreasen
7f55e3f336 JS: classify Doxygen-generated files as "generated" 2019-11-04 09:57:41 +01:00
Asger F
79dbdac8fa TS: Support declare modifier for fields 2019-11-04 07:54:38 +00:00
Asger F
9bc45f351c TS: Fix typo in stats file 2019-11-04 07:54:38 +00:00
Asger F
b81931e402 TS: Support assertion types 2019-11-04 07:54:38 +00:00