hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

2325 Commits

Author SHA1 Message Date
erik-krogh
26fcf6b25b apply suggestions from review 2022-08-18 15:00:57 +02:00
erik-krogh
de3e1c39e4 use the shared regular expression libraries in js/case-sensitive-middleware-path 2022-08-18 10:07:55 +02:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
Erik Krogh Kristensen
bd4947fdbd Merge pull request #10046 from erik-krogh/protoFunc 
JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters
 2022-08-17 14:50:54 +02:00
Harry Maclean
f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
erik-krogh
3355a7a046 generalize BarrierGuardFunctionto work on function that have multiple parameters 2022-08-16 09:13:15 +02:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
erik-krogh
4cbfbfe170 add call-edge for dynamic dispatch to unknown property from an object literal 2022-08-11 12:29:50 +02:00
Erik Krogh Kristensen
da4da229b1 move tests to new test location 2022-08-09 16:25:00 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen
add9e9dac4 Merge pull request #9548 from erik-krogh/exports 
JS: support the "exports" property in a package.json
 2022-08-09 12:16:12 +02:00
Asger F
855d4c2ea1 Merge pull request #9718 from asgerf/js/case-sensitive-middleware 
JS: Add 'case sensitive middleware' query
 2022-07-14 10:47:58 +02:00
Asger F
18c5a8c8da Merge branch 'main' into js/case-sensitive-middleware 2022-07-14 09:38:35 +02:00
Erik Krogh Kristensen
fd10947ca0 use small steps in TypeBackTracker correctly 2022-07-13 10:29:57 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Erik Krogh Kristensen
7dd095c0d2 Merge pull request #9756 from erik-krogh/greyMatter 
JS: add model for the gray-matter library to js/code-injection
 2022-07-01 12:19:12 +02:00
Erik Krogh Kristensen
ef0ec396c4 Merge pull request #9754 from erik-krogh/chownr 
JS: add model for chownr
 2022-06-30 22:02:45 +02:00
Erik Krogh Kristensen
f71a64b99d recognize when the js engine in gray-matter is set to something safe 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
22d285f777 add model for the gray-matter libary to js/code-injection 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
7cef4322e7 add model for chownr 2022-06-29 22:09:23 +02:00
Erik Krogh Kristensen
0e4954a68c add navigation.navigate as an XSS / URL sink 2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen
34e7589844 sanitize non-strings from unsafe-html-construction 2022-06-27 13:53:44 +02:00
Asger F
d92430b0e7 JS: Fix FP from char class 2022-06-27 09:08:37 +02:00
Asger F
9e4116618a JS: Add CaseSensitiveMiddlewarePath query 2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen
2e4c2df67e move the JS ReDoS test to a more appropriate folder 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
e1c34c11ed add all jquery plugin parameters as source to js/html-constructed-from-input 2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen
dde7e9e2e8 add test for jquery plugin parameters in js/html-constructed-from-input 2022-06-21 13:21:57 +02:00
Erik Krogh Kristensen
cb0a6936ad add support for the "exports" property in a package.json 2022-06-14 13:31:47 +02:00
CodeQL CI
9dd20f113d Merge pull request #8603 from github/max-schaefer/better-amd-modelling 
Approved by asgerf, erik-krogh
 2022-05-31 03:10:32 -07:00
Erik Krogh Kristensen
6cfd790cda Merge pull request #9356 from erik-krogh/getRouting 
JS: rewrite js/sensitive-get-query to use routing trees
 2022-05-31 11:08:54 +02:00
Erik Krogh Kristensen
95fae8155e fix wrong comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-31 08:38:03 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Max Schaefer
47e425a184 Improve inVoidContext to take conditional expressions into account. 2022-05-30 12:37:50 +02:00
Erik Krogh Kristensen
adb40f9360 Merge pull request #9289 from erik-krogh/es2022 
JS: Support the remaining of the finished ES2022 proposals
 2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Erik Krogh Kristensen
63e637503d rewrite js/sensitive-get-query to use routing trees 2022-05-30 11:55:09 +02:00
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Asger F
5964be4463 Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-25 15:53:24 +02:00
Asger F
877a9d8bcc JS: Fix FP in js/type-confusion-through-parameter-tampering 2022-05-25 09:53:46 +02:00
Asger F
db4b6d620a JS: Remove Buffer.from as sink for js/resource-exhaustion 2022-05-24 14:18:05 +02:00
Erik Krogh Kristensen
82c6c22d50 make a model for hasOwnProperty calls and similar 2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen
2a97dd9f6f add support for Object.hasOwn(obj, key) 2022-05-24 13:59:25 +02:00
Erik Krogh Kristensen
aa01cf11c2 Merge pull request #9125 from erik-krogh/exportObj 
JS: recognize functions that return object of methods as library input
 2022-05-23 19:57:34 +02:00
Erik Krogh Kristensen
ba844aa0ab Merge branch 'main' into exportObj 2022-05-23 14:18:31 +02:00
Erik Krogh Kristensen
7a3bbede1b remove support for passport in the session-fixation query 2022-05-23 12:55:11 +02:00
Erik Krogh Kristensen
23981cb323 Merge pull request #7626 from erik-krogh/CWE-377 
JS: add query for detecting insecure temporary files
 2022-05-16 15:25:17 +02:00