codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Asger F	9f07b1011d	JS: bugfix in server-side redirect query	2018-10-01 12:34:13 +01:00
Asger F	46336a5643	JS: Add HostHeaderPoisoningInEmailGeneration query	2018-09-27 10:20:35 +01:00
Aditya Sharad	75680dbfef	Merge branch 'next' into qlucie/master	2018-09-26 12:08:33 +01:00
Esben Sparre Andreasen	7c006d4530	Merge pull request #222 from xiemaisi/js/identity-replacement JavaScript: Add new query flagging identity replacements.	2018-09-26 09:25:19 +02:00
Max Schaefer	0e63ea1b51	JavaScript: Update tests.	2018-09-25 11:27:12 +01:00
Max Schaefer	1ab11109f9	JavaScript: Add new query flagging identity replacements.	2018-09-25 11:27:11 +01:00
Asger F	269bbc9a1a	JavaScript: add flow steps through partial function application	2018-09-25 10:16:40 +01:00
Denis Levin	1438cae362	Correction to the test's expected file as the test was modified.	2018-09-24 10:45:54 -07:00
semmle-qlci	7f56be6fe2	Merge pull request #216 from asger-semmle/lusca-csrf Approved by esben-semmle	2018-09-24 11:34:24 +01:00
semmle-qlci	46178271d1	Merge pull request #213 from asger-semmle/sendfile Approved by xiemaisi	2018-09-24 11:32:46 +01:00
Denis Levin	8152cefa60	Squished changes for HttpToFileAccess commint	2018-09-21 16:44:01 -07:00
Asger F	4797924bea	JS: review comments	2018-09-21 14:46:21 +01:00
Asger F	5f467d2fc5	JS: recognize CSRF middleware from lusca package	2018-09-21 13:15:40 +01:00
Asger F	6f109a742f	JS: add a test case for res.sendfile	2018-09-21 11:04:33 +01:00
alexet	b94df82833	JavaScript: Fix expected output due to qltest change.	2018-09-20 15:56:20 +01:00
semmle-qlci	f146e34e26	Merge pull request #207 from dave-bartolomeo/dave/JSNewlines Approved by esben-semmle	2018-09-20 14:49:54 +01:00
Dave Bartolomeo	b12c739915	JavaScript: Normalize line endings of .js and .html files Added .gitattributes files for the two directories where we intentionally have line endings other than LF	2018-09-19 21:33:27 -07:00
semmle-qlci	4aca8f4fd3	Merge pull request #201 from asger-semmle/string-concatenation-squashed Approved by esben-semmle	2018-09-19 21:59:17 +01:00
Asger F	1d793c0a7b	JavaScript: fix expected output	2018-09-19 14:33:23 +01:00
semmle-qlci	89f2dbf8db	Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames Approved by asger-semmle	2018-09-19 12:42:22 +01:00
Asger F	9384b85bcc	JavaScript: ensure prefix sanitizers work for array.join()	2018-09-17 14:31:26 +01:00
semmle-qlci	782e91bb97	Merge pull request #167 from bnxi/NodeIntegration Approved by esben-semmle	2018-09-15 21:35:56 +01:00
Behrang Fouladi Azarnaminy	7071c75567	revert "Chaning EOL in two files" This reverts commit `ecd08d4560`.	2018-09-14 09:03:48 -07:00
Esben Sparre Andreasen	33f98dd1a7	JS: add query: js/stored-xss	2018-09-14 15:30:44 +02:00
semmle-qlci	961ecfb43f	Merge pull request #187 from esben-semmle/js/additional-whitelisting-form-unbound-event-handlers Approved by asger-semmle	2018-09-14 06:35:39 +01:00
semmle-qlci	3d022298dc	Merge pull request #186 from Semmle/rc/1.18 Approved by esben-semmle	2018-09-13 12:34:54 +01:00
Esben Sparre Andreasen	fcc33ce93d	JS: whitelist auto-bind methods in js/unbound-event-handler-receiver	2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen	eb10f603ab	JS: whitelist decorator-bound methods in js/unbound-event-handler-receiver	2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen	1220b50737	JS: whitelist _.bindAll-methods in js/unbound-event-handler-receiver	2018-09-13 08:41:41 +02:00
Behrang Fouladi Azarnaminy	ecd08d4560	Chaning EOL in two files	2018-09-12 12:05:57 -07:00
semmle-qlci	9e0ba51280	Merge pull request #179 from esben-semmle/js/classify-multi-license-fix Approved by asger-semmle	2018-09-11 21:30:10 +01:00
Behrang Fouladi Azarnaminy	fc087ffb71	Replaceing query and test files with suggested ones	2018-09-11 12:32:56 -07:00
semmle-qlci	b17aeb689c	Merge pull request #118 from esben-semmle/js/request-forgery Approved by asger-semmle	2018-09-11 16:28:59 +01:00
Esben Sparre Andreasen	43c65e02ec	JS: classify bundle files based on multiple license comments	2018-09-11 15:40:24 +02:00
Asger F	3d444f3dc6	JavaScript: fix CFG for EnhancedForStmt	2018-09-11 12:15:01 +01:00
Tom Hvitved	70e713122f	Merge branch 'rc/1.18' into merge-rc	2018-09-11 09:11:03 +02:00
Behrang Fouladi Azarnaminy	02047ea260	Edit .expected file	2018-09-10 10:27:29 -07:00
Behrang Fouladi	302e271a79	Update EnablingNodeIntegration.expected Change EOL to unix format	2018-09-07 09:52:52 -07:00
Esben Sparre Andreasen	3d3b7b0254	JS: fix typo in test case	2018-09-06 22:54:07 +02:00
Behrang Fouladi Azarnaminy	9179701248	JavaScript: Add query for Node.js integration in Electron framework	2018-09-06 11:38:08 -07:00
semmle-qlci	62e9946fe2	Merge pull request #150 from asger-semmle/ts-asi-bug Approved by xiemaisi	2018-09-05 21:22:29 +01:00
Aditya Sharad	f27945216f	Merge rc/1.18 into master.	2018-09-05 15:32:30 +01:00
Esben Sparre Andreasen	b9d825b379	JS: better matching of String.prototype.search in js/regex-injection	2018-09-05 08:35:00 +02:00
Asger F	7bd53e72dc	TypeScript: fix alerts in ambient code	2018-09-04 13:55:48 +01:00
Asger F	003b600e24	TypeScript: disable queries that rely on token information	2018-09-04 13:18:37 +01:00
Esben Sparre Andreasen	f5a6af54e6	JS: add security query: js/request-forgery	2018-09-04 09:25:42 +02:00
semmle-qlci	d22a65a66b	Merge pull request #108 from esben-semmle/js/classify-generated-data-files Approved by xiemaisi	2018-08-29 14:15:55 +01:00
Esben Sparre Andreasen	02d56306c9	JS: classify generated data files	2018-08-27 15:06:00 +02:00
semmle-qlci	55ceb9be8b	Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers Approved by xiemaisi	2018-08-24 08:37:41 +01:00
Max Schaefer	2187b0c245	Merge pull request #89 from esben-semmle/js/sharpen-type-confusion JS: remove emptiness checks from the type confusion `x.length` sinks	2018-08-23 08:04:09 +01:00

... 48 49 50 51 52

2583 Commits