codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
Naman Jain	009c95774e	update expected files	2022-02-04 12:28:17 +00:00
Naman Jain	5e1ca3154f	Update javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCallGood3.js Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-02-04 16:13:05 +05:30
Naman Jain	5121414a53	Update javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCallGood4.js Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-02-04 16:12:58 +05:30
Esben Sparre Andreasen	72b5edc144	Document and format event-stream-orig.js Some anti-virus products (rightfully) flag this event-stream-orig.js as a malicious file. This change does two things: - neutralises the file such that the code can not be run accidentally - documents the purpose of the file	2022-02-04 09:27:47 +01:00
Naman Jain	9809d30f00	file renaming and updated expected file	2022-02-03 09:35:17 +00:00
Naman Jain	adc8bf37fe	fixed mistake in examples	2022-02-03 09:29:42 +00:00
Naman Jain	aea7054938	modified query and added tests	2022-02-02 19:39:08 +05:30
Erik Krogh Kristensen	0f85a52f09	Merge pull request #7773 from erik-krogh/CWE-367 JS: add a js/file-system-race query	2022-02-01 15:36:13 +01:00
Erik Krogh Kristensen	e6c90670e6	Merge pull request #7740 from erik-krogh/CWE-347 JS: promote the js/jwt-missing-verification query out of experimental	2022-02-01 13:10:35 +01:00
Erik Krogh Kristensen	7b925604df	update expected output	2022-01-28 12:21:33 +01:00
Erik Krogh Kristensen	7aa59ca233	Merge pull request #7633 from erik-krogh/CWE-300 JS: add js/http-dependency query	2022-01-28 12:10:14 +01:00
Erik Krogh Kristensen	bf9bcc9600	add a js/file-system-race query	2022-01-28 09:41:12 +01:00
Stephan Brandauer	b7690e5e6b	Merge pull request #7734 from kaeluka/js-add-node-prefix-to-module-import js: add support for the 'node:' prefix for importing internal modules	2022-01-26 10:15:08 +01:00
Erik Krogh Kristensen	de633940fe	promote the js/jwt-missing-verification query out of exeprimental	2022-01-26 09:35:54 +01:00
Stephan Brandauer	4ee290acd3	update test for 'node:' prefix	2022-01-25 14:25:44 +01:00
Stephan Brandauer	20ea825e4a	test for 'node:' prefix for importing node modules	2022-01-25 13:43:16 +01:00
Erik Krogh Kristensen	cc527bdecd	Merge pull request #7721 from erik-krogh/CWE-1275 JS: add a js/samesite-none-cookie cookie	2022-01-25 13:28:08 +01:00
CodeQL CI	8d1e22bc38	Merge pull request #7632 from erik-krogh/CWE-862 Approved by esbena, felicitymay	2022-01-24 12:47:16 -08:00
Erik Krogh Kristensen	d4bac887cf	add a js/samesite-none-cookie cookie	2022-01-24 21:39:41 +01:00
Erik Krogh Kristensen	15c1ce722a	Merge pull request #7678 from erik-krogh/use-set JS: use more set literals	2022-01-20 21:03:48 +01:00
Erik Krogh Kristensen	2bffe56580	update expected output	2022-01-20 16:06:57 +01:00
Erik Krogh Kristensen	3155114e36	use more set literals	2022-01-20 16:06:34 +01:00
Erik Krogh Kristensen	4e8e3a7420	simplify expressions that could be type-casts	2022-01-20 10:41:35 +01:00
Erik Krogh Kristensen	b8f1fb3954	JS: fix ql/field-only-used-in-charpred within JavaScript	2022-01-20 09:41:13 +01:00
Erik Krogh Kristensen	ef2eacebce	add a js/empty-password-in-configuration-file query	2022-01-19 10:48:45 +01:00
Erik Krogh Kristensen	b7a0b8765e	add js/http-dependency query	2022-01-19 10:05:39 +01:00
Erik Krogh Kristensen	2433eafef2	add query for detecting insecure temprary files	2022-01-18 14:54:56 +01:00
Asger Feldthaus	79f799066a	JS: Update test output	2022-01-17 16:27:57 +01:00
Asger Feldthaus	708408a458	JS: Recognize "sql" option as a query string	2022-01-13 13:04:41 +01:00
Stephan Brandauer	40ad88ba53	Merge pull request #7474 from kaeluka/db-reads-as-taint-sources JS: DB reads as taint sources	2022-01-13 12:06:48 +01:00
Erik Krogh Kristensen	89bab6ae12	Merge pull request #7097 from erik-krogh/railsReDoS JS/PY/RB: support a limited number of ranges for ReDoS analysis	2022-01-13 11:04:36 +01:00
Stephan Brandauer	09a28c428c	base implementation of Spanner model on models-as-data	2022-01-12 17:07:16 +01:00
Stephan Brandauer	132e0bf4b7	add database accesses as additional (heuristic) remote flow sources	2022-01-11 11:38:41 +01:00
Erik Krogh Kristensen	1a8b6d7414	recognize ranges without upper bounds	2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen	acaf294bee	support a limited number of regexp ranges	2022-01-07 18:36:30 +01:00
Asger Feldthaus	d33200ea83	JS: Add test for WithArity	2022-01-05 14:35:02 +01:00
Asger Feldthaus	772681d249	JS: Initial support for models as data	2022-01-05 14:34:52 +01:00
CodeQL CI	de4b655ddb	Merge pull request #7327 from asgerf/js/handlebars-more-raw-interpolation Approved by erik-krogh	2021-12-17 14:07:57 +00:00
CodeQL CI	39ec7132af	Merge pull request #7049 from asgerf/js/routing-trees Approved by erik-krogh	2021-12-17 12:26:38 +00:00
Asger Feldthaus	e2c6dd7d56	JS: Recognize {{& ... }} as an XSS sink	2021-12-17 10:31:50 +01:00
Asger Feldthaus	61cc84ba69	JS: Recognize leading/trailing ~ and & in mustache-tags	2021-12-17 10:31:50 +01:00
CodeQL CI	f274f06d9b	Merge pull request #7409 from asgerf/js/track-functions-with-methods Approved by erik-krogh	2021-12-16 09:01:42 +00:00
CodeQL CI	acbf7913b2	Merge pull request #7408 from asgerf/js/trusted-types-sinks Approved by esbena	2021-12-16 08:59:51 +00:00
Asger Feldthaus	53b3581ed0	JS: Add test to stress flow through properties	2021-12-15 17:16:56 +01:00
Asger Feldthaus	4d85799fc7	JS: Add test for fastify-rate-limit	2021-12-15 16:18:22 +01:00
Asger Feldthaus	615b2ec539	JS: Fix handling of fastify-plugin	2021-12-15 16:04:46 +01:00
Asger Feldthaus	995e33158f	JS: Add test for res.locals flow to template	2021-12-15 16:00:19 +01:00
Asger Feldthaus	04bdba85ea	JS: Shift line numbers in test expectations	2021-12-15 16:00:19 +01:00
Asger Feldthaus	7e947b2a65	JS: Use return value of trusted type policy callback as a sink	2021-12-14 13:28:46 +01:00
Ian Wright	1c79d1f985	Merge pull request #7352 from github/esbena/atm-endpoint-polish ATM Endpoint filtering improvements	2021-12-14 08:19:23 +00:00

... 36 37 38 39 40 ...

4935 Commits