hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

2325 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
f67219965e Merge pull request #11082 from erik-krogh/shellArr 
JS: treat arrays that gets executed with shell:true as a sink for `js/shell-command-constructed-from-input`
 2022-11-22 13:03:50 +01:00
Erik Krogh Kristensen
06386b2cdd Merge pull request #11072 from erik-krogh/slicing 
JS: poly-redos: don't sanitize calls through substring calls that just remove the start
 2022-11-22 13:02:09 +01:00
erik-krogh
6b5cd9abc3 use RegExpTreeView insteaed of RegexTreeView in JS 2022-11-22 12:55:48 +01:00
erik-krogh
ba2734909f JS: don't use deprecated files in tests 2022-11-17 22:12:50 +01:00
erik-krogh
29cf695b07 update expected output of the queries (some sorting changed due to locations being used slightly differently in the shared pack) 2022-11-15 17:14:38 +01:00
erik-krogh
e18ceba49e port the JS regex/redos queries to use the shared pack 2022-11-15 17:14:38 +01:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Erik Krogh Kristensen
724a31b746 fix comment that wasn't updated in test 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-11-10 15:56:44 +01:00
Asger F
83291f378b Merge pull request #11157 from asgerf/js/yaml-locations 
JS: fix issue with zero-column yaml locations
 2022-11-09 15:57:54 +01:00
Erik Krogh Kristensen
c537c80ed6 Merge pull request #11095 from erik-krogh/exportRead 
JS: recognize more re-exported values as exported
 2022-11-09 12:39:41 +01:00
erik-krogh
23add8a72b recognize passcode as sensitive 2022-11-09 11:30:57 +01:00
erik-krogh
e0bcfe2afb add failing test 2022-11-09 11:30:31 +01:00
Erik Krogh Kristensen
e01cbb2ffa Merge pull request #10378 from erik-krogh/aliasFlow 
JS: expand localFieldStep to use access-paths, and build access-paths in more cases
 2022-11-08 14:26:12 +01:00
Asger F
92e8f059c8 JS: Avoid emitting column zero in yaml files 2022-11-08 11:38:26 +01:00
Asger F
a887ff4f09 JS: Add test cases to include results with column-zero end locations 2022-11-07 15:13:25 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
40032f295a treat arrays that gets executed with shell:true as a sink for js/shell-command-constructed-from-input 2022-11-07 09:19:05 +01:00
erik-krogh
bc5b7455cf add failing test 2022-11-07 09:14:52 +01:00
erik-krogh
655b4a4d17 recognize more re-exported values as exported 2022-11-03 11:08:00 +01:00
erik-krogh
94e864e933 add failing test 2022-11-03 11:04:04 +01:00
erik-krogh
851d53d56b don't sanitize calls through substring calls that just remove the start 2022-11-01 22:51:07 +01:00
erik-krogh
08bc14f598 add failing test 2022-11-01 22:50:13 +01:00
erik-krogh
15416a9c86 fix getCanonicalCharClass in NfaUtils 2022-11-01 21:35:07 +01:00
erik-krogh
78e35e2f29 add failing test 2022-11-01 21:33:19 +01:00
erik-krogh
6f3ca40fed expand the explanation to include with arguments make the commands vulnerable 2022-11-01 14:24:23 +01:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
erik-krogh
0a7e797090 update expected outputs after reordering tests 2022-10-28 10:16:21 +02:00
erik-krogh
946720f414 reorder the CWE-078 tests into subdirectories 2022-10-28 10:16:21 +02:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Erik Krogh Kristensen
cecb498bf3 Merge pull request #10984 from tyage/add-next-js-source 
JS: Add Next.js parameters as source
 2022-10-27 10:36:12 +02:00
tyage
54050bf1b6 update test result XssWithAdditionalSources 2022-10-27 10:23:37 +09:00
erik-krogh
0f9b4334cc remove some FPs in js/password-in-configuration-file 2022-10-26 11:51:56 +02:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
tyage
1f4fc7fc2d add params, query to test 2022-10-26 10:53:11 +09:00
tyage
06925681b0 add test for context.params 2022-10-26 10:53:11 +09:00
erik-krogh
7500a31814 fix that js/file-system-race could have FPs related to loops 2022-10-11 13:41:51 +02:00
Asger F
67cef92f94 JS: Rewrite to use DataFlow::Node API and restrict context 2022-10-10 16:08:21 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
tyage
f47c02431a Merge branch 'main' into property-stringify 2022-10-04 09:57:54 +01:00
tyage
192c1f3d89 make test json.stringify 2022-10-04 17:40:52 +09:00
tyage
726cd2ca8a refactor test 2022-10-04 17:11:37 +09:00
tyage
2006ae8332 rename file 2022-10-04 17:05:15 +09:00
tyage
33d204913c add test for json stringify xss 2022-10-04 14:45:09 +09:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
erik-krogh
9f2d7dfb29 update expected output 2022-09-29 22:48:41 +02:00
erik-krogh
0a5ff1b79a recognize another kind of dummy passwords to fix an FP in hardcoded-credentials 2022-09-29 21:25:40 +02:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00