hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

2008 Commits

Author SHA1 Message Date
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Napalys Klicius
d6a14e63ba JS: Add test cases for promisification libraries. 2025-09-15 16:21:12 +02:00
Napalys Klicius
b2feaaceea Merge branch 'main' into js/move-cors-query-from-experimental 2025-09-05 12:11:09 +02:00
Napalys Klicius
c4c8dbcf7d Merge remote-tracking branch 'origin/main' into js/move-cors-query-from-experimental 2025-09-04 15:24:44 +02:00
Napalys Klicius
d3d608fa33 Updated query description and added a sanitizer 2025-09-04 13:16:37 +00:00
Napalys Klicius
4dac80a998 Replace complex wrapper classes with MaD 2025-09-04 12:19:22 +00:00
Napalys Klicius
8fc81f4263 Merge branch 'main' into js/remote-property-injection-update 2025-09-03 14:02:19 +02:00
Asger F
0d0eaa21a1 Merge pull request #20302 from asgerf/js/simpler-locations 
JS: Remove synthetic locations
 2025-09-01 09:46:13 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Napalys Klicius
32606584ea JS: add enumeration taint flow to Remote Property Injection query 2025-08-27 10:23:03 +00:00
Napalys Klicius
c39c04cb86 JS: added new test case for remote prop injection via Object.keys 2025-08-27 10:20:57 +00:00
Napalys Klicius
10c10c7d30 JS: fixed typo in folder name 2025-08-27 10:17:39 +00:00
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
ae4077db72 add taint flow for arg/command-line-args with custom argv option 2025-08-01 13:34:08 +02:00
Napalys Klicius
d6508f34b6 Add taint flow for Commander.js direct property access and action callbacks 2025-08-01 13:24:19 +02:00
Napalys Klicius
39170f327c Added couple more test cases for commander js 2025-08-01 13:14:39 +02:00
Napalys Klicius
6b4e34dd39 Added a step from parse to opts for commander js 2025-08-01 13:12:43 +02:00
Napalys Klicius
e980798ede Added step through yargs/yargs constructor and chained methods. 2025-08-01 12:01:30 +02:00
Napalys Klicius
e8eb9be3f6 Add command injection tests for CLI argument parsing libraries 2025-08-01 11:02:59 +02:00
Napalys Klicius
d28a6e6352 Added new test cases for regexp injection with enviromental variable threat model enabled 2025-07-31 13:20:37 +02:00
Napalys Klicius
8583257574 Created new folder for test with threat models disabled 2025-07-31 13:20:30 +02:00
Napalys Klicius
5f538209c9 Exlucde environmental variables from default detection in regexp injection 2025-07-31 12:09:30 +02:00
Napalys Klicius
95743d7109 Added inline test expectations for cors permissive config 2025-07-30 10:42:55 +00:00
Napalys Klicius
358617f533 Move CORS misconfiguration query from experimental to Security 2025-07-30 10:22:59 +00:00
Napalys Klicius
1851deb929 Removed libxmljs from being marked as sink for xml-bomb. 2025-07-15 09:33:11 +02:00
Napalys Klicius
3d9e2f5438 Merge pull request #19858 from Napalys/js/execa 
JS: moved `execa` out of experimental
 2025-06-25 10:34:52 +02:00
Asger F
d39b68cd41 Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries 
JS: Remove legacy actions queries
 2025-06-25 09:18:33 +02:00
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server 
JS: Model React 'use' and 'use server'
 2025-06-25 09:13:56 +02:00
Napalys Klicius
0902ca0605 JS: address copilot suggestions 2025-06-24 11:37:07 +02:00
Napalys Klicius
d05de1ba4e JS: moved execa test cases outside experimental 2025-06-24 09:08:13 +02:00
Napalys Klicius
ef51ab172f JS: exclude sinon module from regexp match calls 2025-06-23 20:25:17 +02:00
Napalys Klicius
584b4f51aa JS: add false positive test cases for hostname regex detection 2025-06-23 20:25:10 +02:00
Asger F
61887beae0 JS: Add test case for false positive 2025-06-23 16:03:41 +02:00
Asger F
76b7228160 JS: Remove js/actions/command-injection 
Superseded by actions/command-injection/{medium,critical}
 2025-06-23 14:41:26 +02:00
Asger F
9dcb61e771 JS: Remove js/actions/actions-artifact-leak 
Superseded by actions/secrets-in-artifacts
 2025-06-23 14:39:28 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
f80651e78a Merge pull request #19750 from Napalys/js/remove_encodeURI 
JS: remove `encodeURI` from sanitizer list of request forgery
 2025-06-19 14:12:52 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
deb715a517 JS: Add test case with encodeURI for request forgery 2025-06-16 10:49:29 +02:00
Napalys Klicius
5a107ec33b JS: track taint through serialize-javascript calls with object arguments 2025-06-16 10:38:20 +02:00