hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

2704 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
e01cbb2ffa Merge pull request #10378 from erik-krogh/aliasFlow 
JS: expand localFieldStep to use access-paths, and build access-paths in more cases
 2022-11-08 14:26:12 +01:00
Mauro Baluda
8b33e6d175 Improved Hapi support 
- server defined by Glue
 2022-11-07 16:29:44 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
erik-krogh
fc38bf0429 Merge branch 'main' into aliasFlow 2022-11-07 09:46:48 +01:00
erik-krogh
40032f295a treat arrays that gets executed with shell:true as a sink for js/shell-command-constructed-from-input 2022-11-07 09:19:05 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Erik Krogh Kristensen
c82d8cbacc Merge pull request #11013 from erik-krogh/sndCmd 
JS: second-order-command-injection
 2022-11-04 10:58:50 +01:00
Michael Nebel
3c8fb0520e C#: Sync files. 2022-11-04 08:20:53 +01:00
erik-krogh
655b4a4d17 recognize more re-exported values as exported 2022-11-03 11:08:00 +01:00
erik-krogh
851d53d56b don't sanitize calls through substring calls that just remove the start 2022-11-01 22:51:07 +01:00
erik-krogh
15416a9c86 fix getCanonicalCharClass in NfaUtils 2022-11-01 21:35:07 +01:00
erik-krogh
6f3ca40fed expand the explanation to include with arguments make the commands vulnerable 2022-11-01 14:24:23 +01:00
Erik Krogh Kristensen
ff2a5e8c27 Merge pull request #10986 from erik-krogh/tsPerf 
JS: push more context into load/store steps from the exploratory flow-analysis
 2022-11-01 09:03:24 +01:00
erik-krogh
fc2112831c add second-order-command-injection query 2022-10-30 21:20:47 +01:00
Erik Krogh Kristensen
bbdda9ef70 Merge pull request #10727 from erik-krogh/js-last-msg 
JS: fix some more style-guide violations in the alert-messages
 2022-10-27 15:48:12 +02:00
Erik Krogh Kristensen
cecb498bf3 Merge pull request #10984 from tyage/add-next-js-source 
JS: Add Next.js parameters as source
 2022-10-27 10:36:12 +02:00
tyage
c22f9443f2 Refactoring Next.js parameter 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-27 10:28:51 +09:00
tyage
ac27307a2b Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-27 10:23:59 +09:00
erik-krogh
21e7e27e1f push more context into load/store steps from the exploratory flow-analysis 2022-10-26 10:52:47 +02:00
Asger F
414bd40c41 JS: Do not track returned values out of the enclosing function 2022-10-26 09:29:49 +02:00
tyage
95dca7c3ed update comment 2022-10-26 15:13:59 +09:00
tyage
09f8ca8cc0 add query in comment 2022-10-26 15:13:03 +09:00
tyage
232893aafa make query parameters in ServerSideProps and next/router 
as a RemoteFlowSource
 2022-10-26 14:41:07 +09:00
Alvaro Muñoz
9830d2bebc Format Restify.qll 2022-10-25 12:53:44 +02:00
Alvaro Muñoz
a80b691358 Remove unnecessary TaggedTemplateEntryPoint 2022-10-25 11:44:45 +02:00
Alvaro Muñoz
37ea3f23f1 Refactored ReplySource to ReplyCall. Got rid of unnecessary ref() 2022-10-25 11:42:48 +02:00
Alvaro Muñoz
742e4aa471 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-24 16:17:11 +02:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Alvaro Muñoz
c10087b9a3 Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements 2022-10-19 22:18:29 +02:00
Alvaro Muñoz
009403b61e Add QLDoc for FormatterSetup.getAFormatterHandler 2022-10-19 22:18:13 +02:00
Alvaro Muñoz
2ad5a70cf1 Merge branch 'main' into restify_improvements 2022-10-19 21:57:37 +02:00
Alvaro Muñoz
245be44eac Merge branch 'main' into javascript_xss_improvements 2022-10-19 18:18:19 +02:00
Alvaro Muñoz
976dd7f99f Fix format errors 2022-10-19 18:14:25 +02:00
Alvaro Muñoz
b79f7f3e95 Address code review comments 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-10-18 21:42:15 +02:00
Alvaro Muñoz
6ab62da015 Add Restify/Spife support 2022-10-18 21:41:34 +02:00
Alvaro Muñoz
41fea776e8 Do not discard XSS sinks when non-content-type headers are local to the sendArgument expression 2022-10-13 17:50:43 +02:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
124c5544cf spelling: predicates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
5d94733078 spelling: ambiguously 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:25 -04:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
c7ae0728f3 spelling: javascript 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
98b317d1a5 spelling: escape 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Josh Soref
08a79531cf spelling: response 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 04:40:26 -04:00