hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

2325 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer
3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00
Asger F
ef1ad0d3b7 JS: Summary expected output (not taint-tracking config anymore) 2019-05-28 12:05:51 +01:00
Asger F
9f1617a6a8 JS: Update TaintedPath.expected (4x paths) 2019-05-28 11:22:08 +01:00
Max Schaefer
bad5465aad Merge pull request #1360 from asger-semmle/customize-window-document 
JS: Make some DOM concepts customizable
 2019-05-28 07:58:44 +01:00
Esben Sparre Andreasen
eb13ab52cf JS: sharpen js/prototype-pollution with version analysis 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
1cea29d89f JS: improve prototype pollution tests 2019-05-27 22:32:32 +02:00
Esben Sparre Andreasen
af3f0b1d04 JS: add test for missing support for package-lock.json 2019-05-27 22:32:32 +02:00
Asger F
37fa2446d4 JS: review comments 2019-05-23 10:16:31 +01:00
Asger F
07d508d1bf JS: Track taint through .replace() 2019-05-23 09:23:48 +01:00
Asger F
1ec3475457 JS: All of TaintedPath 2019-05-23 09:23:47 +01:00
Asger F
9046fd15f7 JS: Update expected output of XSS query (benign) 2019-05-23 08:56:01 +01:00
Asger F
153e778f7f JS: Remove jump-to-namespace 2019-05-22 14:42:48 +01:00
semmle-qlci
2b5b8751ea Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps 
Approved by esben-semmle, xiemaisi
 2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b Merge pull request #1318 from asger-semmle/prototype-pollution-query2 
Move prototype pollution query into suite
 2019-05-21 12:23:41 +02:00
Asger F
65cbd47a2d Merge pull request #1314 from xiemaisi/js/fix-hardcoded-pw-fps 
JavaScript: Further broaden the whitelist in `PasswordInConfigurationFile`.
 2019-05-16 14:42:09 +01:00
Asger F
9293010e4c JS: Fix some FPs in IncorrectSuffixCheck 2019-05-16 10:56:17 +01:00
Asger F
aaf503837d JS: Move prototype pollution into real query 2019-05-13 15:20:25 +01:00
Max Schaefer
b478c0ddaa JavaScript: Further broaden the whitelist in PasswordInConfigurationFile. 2019-05-09 17:07:59 +01:00
semmle-qlci
9653fbd4f7 Merge pull request #1311 from emarteca/unreachableThrows 
Approved by xiemaisi
 2019-05-09 10:37:41 +01:00
Ellen Arteca
a12d12d59a JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert 2019-05-08 16:25:54 +01:00
Max Schaefer
c16e9a77f3 JavaScript: Fix a few false positives in PasswordInConfigurationFile. 2019-05-08 08:26:05 +01:00
semmle-qlci
3f70d91a11 Merge pull request #1288 from xiemaisi/js/fix-end-node-labels 
Approved by asger-semmle
 2019-04-30 07:32:29 +01:00
semmle-qlci
52d6626547 Merge pull request #1242 from esben-semmle/js/whitelist-trailing-newline-removal 
Approved by xiemaisi
 2019-04-29 07:35:15 +01:00
Asger F
47ba7d3004 Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Max Schaefer
455dbccd05 JavaScript: Fix definitions of SourcePathNode and SinkPathNode. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Asger F
08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Esben Sparre Andreasen
ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen
bdbd00e046 JS: add newline removal tests for js/incomplete-sanitization 2019-04-23 08:37:39 +02:00
Max Schaefer
a61ca489f1 Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Asger F
48ca4ae0d8 JS: prototype pollution query template 2019-04-16 17:40:41 +01:00
Esben Sparre Andreasen
c80ee3df01 Mergeback: rc/1.20 into Semmle/master 2019-04-16 08:46:15 +02:00
Max Schaefer
1d5bb97121 JavaScript: Refine PasswordInConfigurationFile to avoid FPs. 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
 2019-04-15 12:10:21 +01:00
Esben Sparre Andreasen
9c65277b53 JS: reformulate js/incomplete-hostname-regexp with type tracking 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
5a7101481c JS: make message for js/incomplete-hostname-regexp more informative 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
Esben Sparre Andreasen
52d86471af JS: whitelist another emptiness check for the type-confusion query 2019-04-08 09:52:27 +02:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
Esben Sparre Andreasen
00c8387bb3 JS: model Koa redirects 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
semmle-qlci
35ea746045 Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer 
Approved by xiemaisi
 2019-03-28 11:55:10 +00:00
Asger F
99dc2435af JS: update test 2019-03-27 15:03:04 +00:00