hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

4819 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
f71a64b99d recognize when the js engine in gray-matter is set to something safe 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
22d285f777 add model for the gray-matter libary to js/code-injection 2022-06-30 09:00:10 +02:00
Erik Krogh Kristensen
7cef4322e7 add model for chownr 2022-06-29 22:09:23 +02:00
Erik Krogh Kristensen
0e4954a68c add navigation.navigate as an XSS / URL sink 2022-06-29 14:56:20 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Erik Krogh Kristensen
34e7589844 sanitize non-strings from unsafe-html-construction 2022-06-27 13:53:44 +02:00
Asger F
d92430b0e7 JS: Fix FP from char class 2022-06-27 09:08:37 +02:00
Asger F
9e4116618a JS: Add CaseSensitiveMiddlewarePath query 2022-06-27 09:08:37 +02:00
Erik Krogh Kristensen
2e4c2df67e move the JS ReDoS test to a more appropriate folder 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
e1c34c11ed add all jquery plugin parameters as source to js/html-constructed-from-input 2022-06-21 13:22:56 +02:00
Erik Krogh Kristensen
dde7e9e2e8 add test for jquery plugin parameters in js/html-constructed-from-input 2022-06-21 13:21:57 +02:00
Asger F
835c9bb0b9 JS: Add test 2022-06-20 20:16:07 +02:00
Erik Krogh Kristensen
cb0a6936ad add support for the "exports" property in a package.json 2022-06-14 13:31:47 +02:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00
CodeQL CI
9dd20f113d Merge pull request #8603 from github/max-schaefer/better-amd-modelling 
Approved by asgerf, erik-krogh
 2022-05-31 03:10:32 -07:00
Erik Krogh Kristensen
6cfd790cda Merge pull request #9356 from erik-krogh/getRouting 
JS: rewrite js/sensitive-get-query to use routing trees
 2022-05-31 11:08:54 +02:00
Erik Krogh Kristensen
95fae8155e fix wrong comment 
Co-authored-by: Asger F <asgerf@github.com>
 2022-05-31 08:38:03 +02:00
Asger F
c188aa87c7 Merge branch 'main' into js/madman-prep 2022-05-30 15:03:14 +02:00
Asger F
5f42866de3 Merge pull request #9318 from asgerf/js/type-confusion-parmaeter-tampering-barrier 
JS: Fix FP in js/type-confusion-through-parameter-tampering
 2022-05-30 12:52:37 +02:00
Max Schaefer
ea70aaff57 Improve detection of UMD modules. 
We previously required the `define` to appear directly as an expression statement, but there are common patterns where this is not the case.
 2022-05-30 12:37:50 +02:00
Max Schaefer
47e425a184 Improve inVoidContext to take conditional expressions into account. 2022-05-30 12:37:50 +02:00
Erik Krogh Kristensen
adb40f9360 Merge pull request #9289 from erik-krogh/es2022 
JS: Support the remaining of the finished ES2022 proposals
 2022-05-30 12:27:19 +02:00
Erik Krogh Kristensen
c7a8008897 Merge pull request #9235 from kaeluka/extractor-update-typescript-4_7 
JS: Update the extractor to use TypeScript 4.7
 2022-05-30 12:02:06 +02:00
Erik Krogh Kristensen
63e637503d rewrite js/sensitive-get-query to use routing trees 2022-05-30 11:55:09 +02:00
Asger F
cc42f2f824 Merge pull request #8606 from asgerf/js/api-graph-api 
JS/Python/Ruby: Document how API graphs should be interpreted
 2022-05-30 10:49:14 +02:00
Erik Krogh Kristensen
62fd3fd90f add test that we detect the used type variable in an infer type 2022-05-27 14:15:27 +00:00
Erik Krogh Kristensen
d199173923 add a getAPrimaryQlClass predicate to ExpressionWithTypeArguments 2022-05-25 16:10:13 +00:00
Asger F
5964be4463 Merge branch 'main' into js/type-confusion-parmaeter-tampering-barrier 2022-05-25 15:53:24 +02:00
Erik Krogh Kristensen
efa895e912 update expected output 2022-05-25 10:33:39 +00:00
Erik Krogh Kristensen
f38d1f9a4e merge main into ts47 2022-05-25 10:13:25 +00:00
Asger F
877a9d8bcc JS: Fix FP in js/type-confusion-through-parameter-tampering 2022-05-25 09:53:46 +02:00
Asger F
d7e3e9e5db JS: Fix extraction of identifiers in EXPORT_BASE context 
This is needed to ensure that the base of the RHS of an ImportEqualsDeclaration is bound to a namespace. That is, B below should be bound to a namespace:

import A = B.C.D;
 2022-05-24 14:30:36 +02:00
Asger F
665fa2af59 JS: Add test for export base scope 2022-05-24 14:30:36 +02:00
Asger F
c8bb0e2117 JS: Treat d.ts as a single extension in Folder.getJavaScriptFile 2022-05-24 14:30:36 +02:00
Asger F
987a830029 JS: Add test for import of d.ts file 2022-05-24 14:30:36 +02:00
Asger F
db4b6d620a JS: Remove Buffer.from as sink for js/resource-exhaustion 2022-05-24 14:18:05 +02:00
Erik Krogh Kristensen
82c6c22d50 make a model for hasOwnProperty calls and similar 2022-05-24 14:13:53 +02:00
Erik Krogh Kristensen
2a97dd9f6f add support for Object.hasOwn(obj, key) 2022-05-24 13:59:25 +02:00
Erik Krogh Kristensen
1717d17fb3 add flow step for Array.prototype.at 2022-05-24 12:41:27 +02:00
Asger F
631527fe49 JS: Rename Node.{getASource -> asSource, getASink -> asSink} 2022-05-24 11:57:30 +02:00
Asger Feldthaus
9fad4b883b JS: Autoformat 2022-05-24 11:57:30 +02:00
Asger Feldthaus
76ba78294f JS: Make API::EntryPoint overrides optional 2022-05-24 11:57:30 +02:00
Asger Feldthaus
ce9c3b3eb5 JS: Also rename predicates on API::EntryPoint 2022-05-24 11:57:30 +02:00
Asger Feldthaus
19a5db9f89 JS: Rename getARhs -> getASink 2022-05-24 11:57:30 +02:00
Asger Feldthaus
4c6192670e JS: Rename getAnImmediateUse -> getASource 2022-05-24 11:57:30 +02:00
Erik Krogh Kristensen
d58fe8e193 add explicit this 2022-05-24 10:59:13 +02:00
Erik Krogh Kristensen
aa01cf11c2 Merge pull request #9125 from erik-krogh/exportObj 
JS: recognize functions that return object of methods as library input
 2022-05-23 19:57:34 +02:00
Erik Krogh Kristensen
0c10927adc Merge pull request #9261 from erik-krogh/passport 
JS: remove support for passport in the session-fixation query
 2022-05-23 19:56:42 +02:00