codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	f0c5a80d1a	apply the explicit this patch to new code	2021-11-13 21:03:54 +01:00
Erik Krogh Kristensen	0ff36cd083	Merge branch 'main' into explicit-this	2021-11-13 21:01:25 +01:00
Erik Krogh Kristensen	80919e39a2	Merge branch 'main' into extractBigReg	2021-11-12 11:45:49 +01:00
Erik Krogh Kristensen	e09c12430d	Merge pull request #7105 from erik-krogh/flagJqueryUI JS: have the aliasPropertyPresenceStep step over extend calls	2021-11-11 14:05:11 +01:00
CodeQL CI	34cc61e51f	Merge pull request #7083 from asgerf/js/type-track-object-literals-with-methods Approved by erik-krogh	2021-11-11 04:35:55 -08:00
Erik Krogh Kristensen	b513033e0f	Merge pull request #7021 from erik-krogh/cwe326 JS: Add insufficient key size query	2021-11-11 12:17:04 +01:00
Erik Krogh Kristensen	891694b50a	Merge pull request #5908 from erik-krogh/protoLib JS: Add library input as source to js/prototype-polluting-assignment	2021-11-11 12:04:05 +01:00
Asger F	7d8284a41c	Apply suggestions from code review Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2021-11-11 10:42:49 +01:00
Erik Krogh Kristensen	5d901ef728	move extend aliasing to `getAnAliasedSourceNode`	2021-11-10 18:08:50 +01:00
Erik Krogh Kristensen	2d907f825e	have the aliasPropertyPresenceStep step over extend calls	2021-11-10 16:26:00 +01:00
Max Schaefer	a8c4455b20	Factor out an auxiliary predicate.	2021-11-10 10:17:59 +00:00
Erik Krogh Kristensen	8727060ca7	add comment about modes of operation Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-11-09 11:15:12 +01:00
Asger Feldthaus	87aa39cef2	JS: Limited tracking of object literals with methods	2021-11-09 11:06:41 +01:00
Asger Feldthaus	f14f9449ee	JS: Use getAMatchedString instead of getConstantString	2021-11-08 15:35:35 +01:00
CodeQL CI	6f80387ac1	Merge pull request #6993 from asgerf/js/tainted-path-regexp-contains-check Approved by erik-krogh	2021-11-08 01:52:28 -08:00
Erik Krogh Kristensen	a19627c72f	optionally ignore everything after a dash	2021-11-04 13:19:44 +01:00
Erik Krogh Kristensen	02f500b9c2	Merge branch 'main' into htmlReg	2021-11-04 12:58:42 +01:00
Erik Krogh Kristensen	99f5f70345	Merge branch 'main' into protoLib	2021-11-04 12:53:53 +01:00
CodeQL CI	5515256e53	Merge pull request #7044 from asgerf/js/proto-pollution-fps Approved by erik-krogh	2021-11-04 02:45:46 -07:00
Erik Krogh Kristensen	523c15cd72	don't include mode-of-operation into the algorithm names	2021-11-03 14:54:50 +01:00
Erik Krogh Kristensen	3638892d35	Merge pull request #6881 from erik-krogh/add-missing-noinline JS: add pragma[noinline] to predicates where the qldoc mentions join-order	2021-11-03 14:21:27 +01:00
Asger Feldthaus	712614a03c	JS: Block prototype pollution flow into this	2021-11-03 13:33:50 +01:00
Asger Feldthaus	08bc80ffdb	JS: Block prototype pollution assignment flows through .replace()	2021-11-03 13:24:29 +01:00
Asger Feldthaus	76e841830f	JS: Check for labeled barriers in reachableFromInput	2021-11-03 13:10:20 +01:00
Erik Krogh Kristensen	9cf34f19bb	Merge branch 'main' into extractBigReg	2021-11-03 13:08:51 +01:00
Erik Krogh Kristensen	d9a214767b	add support for node-rsa	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	49ea53f32b	move ExpressJwt that was inside the Hasha module	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	2c013214f7	add Diffie-Hellman from the crypto library	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	1df8ec2cae	add insufficient key size model for node-forge	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	62039b866c	add cryptographic key model to the crypto-js library	2021-11-02 14:45:33 +01:00
Erik Krogh Kristensen	028799deb6	implement a simple InsufficientKeySize query	2021-11-02 14:45:30 +01:00
Erik Krogh Kristensen	7a9315f146	use set literal	2021-11-02 14:45:14 +01:00
Asger Feldthaus	971f032b5f	JS: Autoformat	2021-11-02 14:12:05 +01:00
Asger Feldthaus	46bd3e58a3	JS: Switch to instanceof base type	2021-11-02 14:12:05 +01:00
Asger Feldthaus	5f4c1dd19b	JS: Support regexp-based path traversal check	2021-11-02 14:12:05 +01:00
Erik Krogh Kristensen	7a96b8e9e1	Merge branch 'main' into ldap	2021-11-02 12:47:28 +01:00
CodeQL CI	d5e2026a26	Merge pull request #6934 from erik-krogh/more-instanceof Approved by MathiasVP, esbena, yoff	2021-11-02 03:46:23 -07:00
CodeQL CI	5d62aa5b29	Merge pull request #6994 from erik-krogh/redundant-cast Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe	2021-11-02 03:45:48 -07:00
Erik Krogh Kristensen	db40ccae81	add explicit this to all member calls	2021-11-01 09:51:15 +01:00
Erik Krogh Kristensen	d36c66cfca	remove redundant inline casts in arguments where the type is inferred by the call target	2021-10-29 14:37:56 +02:00
Max Schaefer	bc91f664ac	JavaScript: Teach API graphs to handle some forms of property copying. In particular, copied promises are now handled better.	2021-10-29 11:19:54 +01:00
Erik Krogh Kristensen	6fffdf6101	Merge pull request #6855 from erik-krogh/secCookie JS: Move cookie queries out of experimental.	2021-10-29 10:23:48 +02:00
Erik Krogh Kristensen	15c90adec5	remove redundant cast where the type is enforced by an equality comparison	2021-10-28 18:08:20 +02:00
Erik Krogh Kristensen	e75448ebb0	remove redundant inline casts	2021-10-28 16:35:53 +02:00
Erik Krogh Kristensen	c34b089bc5	autoformat	2021-10-28 16:02:36 +02:00
Erik Krogh Kristensen	4f6e5c903b	filter out writes to number indexes	2021-10-28 14:27:07 +02:00
Erik Krogh Kristensen	12305aae42	extract regexp literals from string concatenations	2021-10-28 10:44:33 +02:00
Erik Krogh Kristensen	96b6f670d9	filter away paths that start with libary inputs and end with a fixed-property write	2021-10-27 21:01:11 +02:00
Erik Krogh Kristensen	78371894f4	update import after rebasing on main	2021-10-27 20:47:06 +02:00
Erik Krogh Kristensen	a9a9e34265	recognize delete expresssions as a sink for js/prototype-polluting-assignment	2021-10-27 20:37:42 +02:00

... 49 50 51 52 53 ...

2686 Commits