codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Asger F	5f467d2fc5	JS: recognize CSRF middleware from lusca package	2018-09-21 13:15:40 +01:00
Asger F	6f109a742f	JS: add a test case for res.sendfile	2018-09-21 11:04:33 +01:00
alexet	b94df82833	JavaScript: Fix expected output due to qltest change.	2018-09-20 15:56:20 +01:00
semmle-qlci	f146e34e26	Merge pull request #207 from dave-bartolomeo/dave/JSNewlines Approved by esben-semmle	2018-09-20 14:49:54 +01:00
Dave Bartolomeo	b12c739915	JavaScript: Normalize line endings of .js and .html files Added .gitattributes files for the two directories where we intentionally have line endings other than LF	2018-09-19 21:33:27 -07:00
semmle-qlci	4aca8f4fd3	Merge pull request #201 from asger-semmle/string-concatenation-squashed Approved by esben-semmle	2018-09-19 21:59:17 +01:00
Asger F	1d793c0a7b	JavaScript: fix expected output	2018-09-19 14:33:23 +01:00
semmle-qlci	89f2dbf8db	Merge pull request #195 from esben-semmle/js/reflected-xss-through-filenames Approved by asger-semmle	2018-09-19 12:42:22 +01:00
Asger F	9384b85bcc	JavaScript: ensure prefix sanitizers work for array.join()	2018-09-17 14:31:26 +01:00
semmle-qlci	782e91bb97	Merge pull request #167 from bnxi/NodeIntegration Approved by esben-semmle	2018-09-15 21:35:56 +01:00
Behrang Fouladi Azarnaminy	7071c75567	revert "Chaning EOL in two files" This reverts commit `ecd08d4560`.	2018-09-14 09:03:48 -07:00
Esben Sparre Andreasen	33f98dd1a7	JS: add query: js/stored-xss	2018-09-14 15:30:44 +02:00
semmle-qlci	961ecfb43f	Merge pull request #187 from esben-semmle/js/additional-whitelisting-form-unbound-event-handlers Approved by asger-semmle	2018-09-14 06:35:39 +01:00
semmle-qlci	3d022298dc	Merge pull request #186 from Semmle/rc/1.18 Approved by esben-semmle	2018-09-13 12:34:54 +01:00
Esben Sparre Andreasen	fcc33ce93d	JS: whitelist auto-bind methods in js/unbound-event-handler-receiver	2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen	eb10f603ab	JS: whitelist decorator-bound methods in js/unbound-event-handler-receiver	2018-09-13 08:41:41 +02:00
Esben Sparre Andreasen	1220b50737	JS: whitelist _.bindAll-methods in js/unbound-event-handler-receiver	2018-09-13 08:41:41 +02:00
Behrang Fouladi Azarnaminy	ecd08d4560	Chaning EOL in two files	2018-09-12 12:05:57 -07:00
semmle-qlci	9e0ba51280	Merge pull request #179 from esben-semmle/js/classify-multi-license-fix Approved by asger-semmle	2018-09-11 21:30:10 +01:00
Behrang Fouladi Azarnaminy	fc087ffb71	Replaceing query and test files with suggested ones	2018-09-11 12:32:56 -07:00
semmle-qlci	b17aeb689c	Merge pull request #118 from esben-semmle/js/request-forgery Approved by asger-semmle	2018-09-11 16:28:59 +01:00
Esben Sparre Andreasen	43c65e02ec	JS: classify bundle files based on multiple license comments	2018-09-11 15:40:24 +02:00
Asger F	3d444f3dc6	JavaScript: fix CFG for EnhancedForStmt	2018-09-11 12:15:01 +01:00
Tom Hvitved	70e713122f	Merge branch 'rc/1.18' into merge-rc	2018-09-11 09:11:03 +02:00
Behrang Fouladi Azarnaminy	02047ea260	Edit .expected file	2018-09-10 10:27:29 -07:00
Behrang Fouladi	302e271a79	Update EnablingNodeIntegration.expected Change EOL to unix format	2018-09-07 09:52:52 -07:00
Esben Sparre Andreasen	3d3b7b0254	JS: fix typo in test case	2018-09-06 22:54:07 +02:00
Behrang Fouladi Azarnaminy	9179701248	JavaScript: Add query for Node.js integration in Electron framework	2018-09-06 11:38:08 -07:00
semmle-qlci	62e9946fe2	Merge pull request #150 from asger-semmle/ts-asi-bug Approved by xiemaisi	2018-09-05 21:22:29 +01:00
Aditya Sharad	f27945216f	Merge rc/1.18 into master.	2018-09-05 15:32:30 +01:00
Esben Sparre Andreasen	b9d825b379	JS: better matching of String.prototype.search in js/regex-injection	2018-09-05 08:35:00 +02:00
Asger F	7bd53e72dc	TypeScript: fix alerts in ambient code	2018-09-04 13:55:48 +01:00
Asger F	003b600e24	TypeScript: disable queries that rely on token information	2018-09-04 13:18:37 +01:00
Esben Sparre Andreasen	f5a6af54e6	JS: add security query: js/request-forgery	2018-09-04 09:25:42 +02:00
semmle-qlci	d22a65a66b	Merge pull request #108 from esben-semmle/js/classify-generated-data-files Approved by xiemaisi	2018-08-29 14:15:55 +01:00
Esben Sparre Andreasen	02d56306c9	JS: classify generated data files	2018-08-27 15:06:00 +02:00
semmle-qlci	55ceb9be8b	Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers Approved by xiemaisi	2018-08-24 08:37:41 +01:00
Max Schaefer	2187b0c245	Merge pull request #89 from esben-semmle/js/sharpen-type-confusion JS: remove emptiness checks from the type confusion `x.length` sinks	2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen	20b48a2d24	JS: support relational indexof comparison sanitizers	2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen	218c0cb51a	JS: address review comments	2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen	fef257b1ec	JS: remove emptiness checks from the type confusion `x.length` sinks	2018-08-22 13:25:22 +02:00
semmle-qlci	7e7e30c01c	Merge pull request #73 from esben-semmle/js/cleartext-logging-query Approved by xiemaisi	2018-08-22 08:04:36 +01:00
semmle-qlci	7661a98909	Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference Approved by xiemaisi	2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen	2b9f5c3fa2	JS: remove check for test-environment in js/clear-text-logging	2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen	3636708d30	JS: extract and expose StringConcatenationTaintStep in TaintTracking	2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen	6f5fb2a9fe	JS: update queries and tests for improved type inference	2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen	bbdf6b0f1d	JS: mark PrintfStyleCall as a taint step	2018-08-21 09:02:35 +02:00
semmle-qlci	44e4b25f42	Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client Approved by xiemaisi	2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen	0c4fb15651	JS: add query js/cleartext-logging	2018-08-20 08:34:16 +02:00
Robert Marsh	aaeda5dfcc	JavaScript: add the ESLint attack as a test	2018-08-17 10:16:52 -07:00

... 49 50 51 52 53

2621 Commits