hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

1899 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
d643904faf JS: improve tests for fixup js/incomplete-hostname-regexp 2019-04-12 08:51:28 +02:00
Esben Sparre Andreasen
fd429ce639 JS: whitelist delimiter unwrapping for js/incomplete-sanitization 2019-04-12 08:38:44 +02:00
Esben Sparre Andreasen
a0ed362310 JS: add test case for js/incomplete-sanitization 2019-04-12 08:37:47 +02:00
Esben Sparre Andreasen
52d86471af JS: whitelist another emptiness check for the type-confusion query 2019-04-08 09:52:27 +02:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
semmle-qlci
02f4695a5b Merge pull request #1152 from esben-semmle/js/koa-improvements 
Approved by xiemaisi
 2019-04-02 08:51:19 +01:00
Esben Sparre Andreasen
00c8387bb3 JS: model Koa redirects 2019-04-01 22:55:17 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
semmle-qlci
35ea746045 Merge pull request #1172 from asger-semmle/hostname-prefix-sanitizer 
Approved by xiemaisi
 2019-03-28 11:55:10 +00:00
Asger F
99dc2435af JS: update test 2019-03-27 15:03:04 +00:00
Asger F
d4c7312d80 JS: more sanitizing prefixes 2019-03-27 11:22:31 +00:00
Asger F
50f2afb622 JS: add test 2019-03-27 11:20:39 +00:00
Max Schaefer
4533e1f6fe JavaScript: Add model of adm-zip library for ZipSlip query. 2019-03-21 08:04:06 +00:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Max Schaefer
77c383aee2 JavaScript: Simplify flow-summary queries. 
Previously, `AllConfigurations.qll` would pull in (almost) all taint
tracking configurations, which has started causing OOMEs during
compilation.

I've pruned it down to only the most interesting configurations. Since
flow summaries are experimental at this point and require a bit of manual
configuration anyway, this shouldn't be much of an issue in practice.
 2019-03-19 10:58:49 +00:00
Jason Reed
4475dd4b9f JavaScript: Add test and fix change note. 2019-03-15 14:40:48 -04:00
Jason Reed
6589813ec7 JavaScript: Add tar-stream extraction to ZipSlip query. 2019-03-15 09:31:26 -04:00
Max Schaefer
28d8011bcf JavaScript: Add models for popular base64 transcoders. 2019-03-13 08:20:58 +00:00
Max Schaefer
48c0949705 Merge pull request #1036 from asger-semmle/hide-implicit-ssa-defs 
JS: Omit uninteresting nodes from path explanations
 2019-03-06 13:30:11 +00:00
Jason Reed
8829fde86b JS: Add test for zipslip basename sanitization. 2019-03-06 09:46:41 +00:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Max Schaefer
8dcd8715b9 Merge pull request #889 from jcreedcmu/jcreed/tarslip 
JavaScript: Add new query for ZipSlip (CWE-022).
 2019-03-01 08:16:35 +00:00
Jason Reed
c5e57dacf8 JS: Actually use fileName in examples 2019-02-28 15:46:14 -05:00
Jason Reed
b0636dd410 JS: Better local flow through .pipe chaining 2019-02-28 15:45:33 -05:00
Jason Reed
23d37c7167 JS: Unbreak TaintedPath 2019-02-28 15:45:26 -05:00
Jason Reed
baa4f08259 JS: Add new query for ZipSlip (CWE-022) 2019-02-28 15:45:08 -05:00
Max Schaefer
2ecabad553 Merge pull request #1004 from asger-semmle/suffix-check-bug 
JS: Recognize '+' in suffix check
 2019-02-28 14:23:26 +00:00
Asger F
8e8085ea1f JS: add test 2019-02-28 10:09:36 +00:00
semmle-qlci
6602b4dbda Merge pull request #992 from xiemaisi/js/socket.io 
Approved by asger-semmle
 2019-02-27 18:43:40 +00:00
Max Schaefer
739705865b JavaScript: Add basic model of socket.io. 2019-02-26 15:53:29 +00:00
Esben Sparre Andreasen
4ce7ec1661 JS: add XSS vector for Vue's v-html 2019-02-25 12:17:56 +01:00
Esben Sparre Andreasen
305a249280 JS: add taint steps for fs.realpath and fs.realpathSync 2019-02-21 09:48:35 +01:00
Max Schaefer
2fce626c3a JavaScript: Add Range.prototype.createContextualFragment as an XSS sink. 2019-02-12 16:32:30 +00:00
semmle-qlci
c133362660 Merge pull request #910 from xiemaisi/js/regexp-taint 
Approved by esben-semmle
 2019-02-12 13:15:16 +00:00
semmle-qlci
10b00254ec Merge pull request #915 from asger-semmle/closure-uri-methods 
Approved by xiemaisi
 2019-02-11 10:51:07 +00:00
semmle-qlci
986afa1b1b Merge pull request #909 from xiemaisi/js/improve-incomplete-sanitization-alerts 
Approved by esben-semmle
 2019-02-08 17:39:36 +00:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00
Asger F
fd2e9f1fcb JS: shift line numbers in RequestForgery test 2019-02-08 15:13:33 +00:00
semmle-qlci
937049e060 Merge pull request #891 from xiemaisi/js/simplify-sensitive-actions 
Approved by esben-semmle
 2019-02-08 14:12:47 +00:00
Max Schaefer
25d06ad0cf JavaScript: Treat regexp replacements of HTML metacharacters as sanitizers for XSS queries. 2019-02-08 09:57:06 +00:00
Max Schaefer
18c23ecfd4 JavaScript: Introduce shared library for modelling XSS-relevant concepts. 
As its first application, this library makes it possible for `StoredXss` to reuse the `Source` classes of `DomBasedXss` and `ReflectedXss` without having to pull in their libraries (which contain their `Configuration` classes, causing `StoredXss` to recompute all flow information for the other two queries).
 2019-02-08 09:53:51 +00:00
Max Schaefer
3e26bc6446 JavaScript: Improve alert location and message for IncompleteSanitization. 
We now highlight the `replace` call (instead of the regular expression), and the alert message for the case of missing backslash escapes clarifies that it is talking about failure to escape backslashes in the input, not in the replacement text.
 2019-02-08 09:13:40 +00:00
Max Schaefer
aebc5bc6c3 JavaScript: Update qhelp example for CleartextStorage. 2019-02-08 08:43:22 +00:00
Max Schaefer
6389f32847 JavaScript: Update expected output for ExtractSinkSummaries query. 2019-02-08 08:43:22 +00:00
semmle-qlci
b4b37b3a7b Merge pull request #880 from esben-semmle/js/better-alert-message-1 
Approved by xiemaisi
 2019-02-07 08:01:21 +00:00
semmle-qlci
a2691b32b5 Merge pull request #851 from xiemaisi/js/post-message-star 
Approved by esben-semmle
 2019-02-06 09:57:04 +00:00
Esben Sparre Andreasen
b72441f9c2 JS: use StringOps:: in js/incomplete-url-substring-sanitization 2019-02-05 15:17:55 +01:00
Max Schaefer
b87abc9602 JavaScript: Extend suspiciousCredentials predicate to recognise authKey and similar. 2019-01-31 09:03:23 +00:00
Max Schaefer
87e62f0bd5 JavaScript: Teach PostMessageStar to reason about partially tainted objects. 2019-01-31 08:59:47 +00:00