hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

2631 Commits

Author SHA1 Message Date
erik-krogh
f7419c9250 add expected output 2023-05-23 09:56:06 +02:00
erik-krogh
f85b3e13c2 update expected output 2023-05-23 09:56:06 +02:00
erik-krogh
3293a55e8f require arguments to be shell interpreted to be flagged by indirect-command-injection 2023-05-17 11:07:45 +02:00
Asger F
20e8ee8423 Merge pull request #12748 from JarLob/yi 
JS: Add more sources, more unit tests, fixes to the GitHub Actions injection query
 2023-05-15 11:03:00 +02:00
Asger F
c376eeb133 Merge pull request #12978 from asgerf/js/github-actions-sources 
JS: Add sources and sinks related to GitHub Actions
 2023-05-10 09:55:24 +02:00
Asger F
1a9956354e JS: Restrict getInput to indirect command injection query 2023-05-03 16:10:03 +02:00
Kasper Svendsen
67950c8e6b JS: Make implicit this receivers explicit 2023-05-03 15:31:00 +02:00
Asger F
b9ad4177f9 JS: List safe environment variables in IndirectCommandInjection 2023-05-03 10:48:14 +02:00
Asger F
08785a4063 JS: Add sources from actions/core 2023-05-01 11:42:17 +02:00
Asger F
cb95dbfa14 JS: Add tests 2023-05-01 11:42:17 +02:00
Asger F
e9f1e99526 Merge pull request #12887 from asgerf/js/unsafe-yaml-deserialization 
JS: Update model of js-yaml
 2023-05-01 09:57:20 +02:00
tyage
933b55d37d Track interfile useRouter 2023-04-28 15:49:26 +09:00
Asger F
611a7060b4 JS: Add tests 2023-04-26 12:46:20 +02:00
jarlob
6e9f54ef55 Use double curly braces 2023-04-21 19:03:38 +02:00
Asger F
13b1e97caa JS: Fix the ExtendCall restriction 2023-04-17 12:30:08 +02:00
Asger F
eafef91dbc JS: Update test output after ExtendCall restriction 2023-04-17 12:28:23 +02:00
Asger F
024760610a JS: Add prototype pollution test 2023-04-17 12:27:34 +02:00
Asger F
04079752f7 JS: update test output after adding 'this' sanitizer 2023-04-17 12:15:46 +02:00
Asger F
f87f6c8556 JS: Add test to unsafe jquery plugin 2023-04-17 12:15:05 +02:00
Asger F
62dca44ee5 Update UntrustedDataToExternalAPI.expected 2023-04-17 08:23:04 +02:00
Asger F
b0d4b31103 JS: Trim whitespace in test 2023-04-17 08:23:04 +02:00
Asger F
c7f16cd224 JS: Add test 2023-04-17 08:23:03 +02:00
jarlob
d80c541da6 Encapsulate composite actions 2023-04-14 10:06:35 +02:00
erik-krogh
b1957623c1 add browser history as XSS sink 2023-04-12 13:38:18 +02:00
tyage
320cb99dbf Add replace method test 2023-04-08 18:31:48 +09:00
tyage
668e1accaa Remove unnecessary whiteline 2023-04-08 18:24:31 +09:00
tyage
7f9b8557ac Add Next.js router push as XSS sink 2023-04-08 18:18:34 +09:00
jarlob
9c7eecf547 Add support for composite actions 2023-04-06 22:53:59 +02:00
jarlob
baefeab2d1 fix tests 2023-04-06 19:11:04 +02:00
jarlob
0a878d4db9 Support yAml extensions 2023-04-06 19:07:38 +02:00
jarlob
eef1973b93 Change UI message 2023-04-05 10:05:24 +02:00
jarlob
5c5b9f99a8 Add simple taint tracking for env variables 2023-04-05 10:03:46 +02:00
jarlob
8ea418216c Look for script injections in actions/github-script 2023-04-03 23:13:28 +02:00
jarlob
c6eaf194a5 Remove empty.js as it is not needed anymore 2023-04-03 15:09:40 +02:00
jarlob
99d634c8a4 Add more sources, more unit tests, fixes to the GitHub Actions injection query 2023-04-03 15:02:02 +02:00
Erik Krogh Kristensen
b382465078 Merge pull request #12679 from ctbellanti/improved-certificate-validation 
JS: Improved coverage for disabled certificate validation
 2023-03-30 16:24:33 +02:00
erik-krogh
47783326c2 add test for https.createServer in DisablingCertificateValidation.ql 2023-03-30 14:15:25 +02:00
Asger F
43174cfe3a Merge pull request #12668 from asgerf/js/jquery-callback-sinks 
JS: fix handling of jQuery sinks involving callback
 2023-03-30 12:42:53 +02:00
Erik Krogh Kristensen
451f6f01bb Merge pull request #12633 from erik-krogh/more-global-flow 
JS: better callgraph support for global variables
 2023-03-28 15:19:50 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Asger F
92a681213d JS: Step through jQuery callback return values 2023-03-27 11:17:27 +02:00
Asger F
bc2a772f3b JS: Add test case showing false negative 2023-03-27 11:08:39 +02:00
erik-krogh
e189b36e3f materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
Alex Ford
0f267e012a Merge pull request #12631 from alexrford/js/weak-cryptographic-algorithm_space 
JS: add a missing space in alert message for `js/weak-cryptographic-algorithm`
 2023-03-22 14:12:35 +00:00
erik-krogh
2bba9057a0 better callgraph support for global variables 2023-03-22 13:49:33 +01:00
Alex Ford
b000b9b5c0 JS: add a missing space in alert message for js/weak-cryptographic-algorithm 2023-03-22 11:12:13 +00:00
erik-krogh
b071d3557e JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
erik-krogh
801e0ff050 ReDoS: implement a better super-linear algorithm, with better worst-case performance 2023-03-22 10:13:16 +01:00
erik-krogh
34fe1a8f5e use SSA in the GetLaterAccess module 2023-03-21 15:19:15 +01:00
Erik Krogh Kristensen
0f813ce2e8 Merge pull request #12543 from erik-krogh/reg-perf 
ReDoS: restrict the edges considered in polynomial-redos for complex regular expressions
 2023-03-20 15:48:35 +01:00