codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Asger F	8c3b44a525	JS: address comments	2019-01-02 11:12:52 +00:00
Esben Sparre Andreasen	c57f8a6d6e	Merge pull request #691 from asger-semmle/sendfile-root JS: Recognize 'root' option in Express res.sendFile	2018-12-19 16:06:15 +01:00
semmle-qlci	495a1fcf3b	Merge pull request #698 from asger-semmle/remove-cookie-as-source Approved by esben-semmle	2018-12-19 15:05:44 +00:00
semmle-qlci	b11b714152	Merge pull request #696 from esben-semmle/js/host-request-forgery Approved by asger-semmle	2018-12-19 15:04:08 +00:00
Asger F	ce18aca62b	JS: update expected output	2018-12-19 11:30:46 +00:00
Asger F	0e40717358	JS: recognize res.sendfile root option	2018-12-19 10:25:15 +00:00
Asger F	f84301e476	JS: add tests with res.sendFile root option	2018-12-19 10:25:15 +00:00
Asger F	7f538e82c0	JS: add test case for non-whitelisted use of location	2018-12-18 13:55:05 +00:00
Asger F	02978c97f1	JS: whitelist $(location) in simple cases	2018-12-18 13:11:42 +00:00
Asger F	c17eca90a1	JS: add test case for $(location)	2018-12-18 13:06:12 +00:00
Asger F	280382e91e	JS: whitelist if array access at another index is seen	2018-12-17 15:19:26 +00:00
Asger F	5040d3e26c	JS: add query for loop index bug	2018-12-17 13:35:44 +00:00
Jonas Jensen	5ac5aa0c2a	Merge remote-tracking branch 'upstream/master' into mergeback-20181217	2018-12-17 13:42:45 +01:00
Asger F	7adf1d9958	Merge pull request #631 from esben-semmle/js/bad-url-regexing JS: add query: js/incomplete-url-regexp	2018-12-17 11:53:22 +00:00
Esben Sparre Andreasen	c6b4e29b93	JS: add "host" as a sink for `js/request-forgery`	2018-12-17 10:32:30 +01:00
Aditya Sharad	7bc729a7dc	Merge master into next.	2018-12-14 10:16:47 +00:00
Max Schaefer	f9106b3bfe	Merge pull request #685 from asger-semmle/useless-conditional-as-value JS: fix FPs in UselessConditional	2018-12-14 08:44:10 +00:00
Aditya Sharad	f71e5ac338	Merge master into next.	2018-12-13 17:57:31 +00:00
Asger F	ae4b55de9a	JS: fix FPs in UselessConditional	2018-12-13 15:41:41 +00:00
Max Schaefer	e194021c3b	Merge pull request #629 from esben-semmle/js/persistent-read-taint JS: add persistent storage taint steps	2018-12-13 08:24:42 +00:00
Max Schaefer	969fe6e4f1	Merge pull request #657 from esben-semmle/js/classify-more-files JS: classify additional files	2018-12-13 08:20:33 +00:00
Max Schaefer	e8c8360ad1	Merge pull request #659 from esben-semmle/js/more-constant-string-usage JS: replace StringLiteral with ConstantString in two queries	2018-12-13 08:19:22 +00:00
Max Schaefer	df42707050	Merge pull request #675 from asger-semmle/window.name JS: Add window.name as remote flow source	2018-12-13 08:13:15 +00:00
Aditya Sharad	f92456fcad	Merge master into next. Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`, resolved by accepting test output (combining changes).	2018-12-12 17:26:18 +00:00
Asger F	a96c53f9b8	JS: restrict when a variable reference is considered a source	2018-12-12 12:28:26 +00:00
semmle-qlci	06dd5f3616	Merge pull request #656 from xiemaisi/js/unused-local-underscore Approved by esben-semmle	2018-12-12 08:11:37 +00:00
Esben Sparre Andreasen	fac638ffab	JS: improve alert location of js/angular/unused-dependency	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	b5bbf990b0	JS: improve alert location of js/angular/repeated-dependency-injection	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	5acd1ca26d	JS: improve alert location of js/angular/duplicate-dependency	2018-12-11 21:47:08 +01:00
Esben Sparre Andreasen	376ed7a4d2	JS: generalize js/command-line-injection to handle ConstantString	2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen	a1d92bfa50	JS: generalize js/incomplete-sanitization to handle ConstantString	2018-12-11 13:39:15 +01:00
Esben Sparre Andreasen	7cc6f2f4d8	JS: add test case	2018-12-11 10:17:25 +01:00
Esben Sparre Andreasen	73aa223b08	JS: handle additional multi-license file patterns	2018-12-11 09:55:38 +01:00
Max Schaefer	4d186e0edc	JavaScript: Teach `Unused{Variable,Parameter}` to ignore variables with leading underscore.	2018-12-11 08:50:50 +00:00
Esben Sparre Andreasen	edbef289a7	JS: improve whitespace handling for multi-license file recognition	2018-12-11 09:30:10 +01:00
Esben Sparre Andreasen	e016098f86	JS: support purs classification	2018-12-11 09:17:01 +01:00
Esben Sparre Andreasen	3879e57f18	JS: support <meta name="generator"/> classification	2018-12-11 09:12:39 +01:00
Esben Sparre Andreasen	a295dfd2c5	JS: support AutoRest classification	2018-12-11 08:54:19 +01:00
Esben Sparre Andreasen	ab519d4abf	JS: rename query "Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".	2018-12-10 22:22:54 +01:00
Esben Sparre Andreasen	994fe1bea5	JS: address non-semantic review comments	2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen	d4e4bc6a0b	JS: sharpen js/incomplete-url-regexp by not matching `.*` or `.+`	2018-12-10 22:21:02 +01:00
Esben Sparre Andreasen	52ca696ff4	JS: add query js/incomplete-url-regexp	2018-12-10 22:20:29 +01:00
Aditya Sharad	fcfab26267	Merge rc/1.19 into next.	2018-12-07 12:31:51 +00:00
semmle-qlci	9e73ed71b9	Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization Approved by mc-semmle	2018-12-06 20:46:37 +00:00
Esben Sparre Andreasen	4f53411397	JS: recognize HTTP URLs in js/incomplete-url-sanitization	2018-12-06 15:53:20 +01:00
Esben Sparre Andreasen	229eea00dc	JS: add query js/incomplete-url-substring-sanitization	2018-12-06 15:53:20 +01:00
semmle-qlci	3397533045	Merge pull request #628 from xiemaisi/js/setUnsafeHTML Approved by esben-semmle	2018-12-06 13:58:52 +00:00
Esben Sparre Andreasen	28b4a78430	JS: introduce DOM::PersistentWebStorage	2018-12-06 14:53:22 +01:00
Max Schaefer	ef347b3870	JavaScript: Teach Xss query about WinJS HTML injection functions.	2018-12-06 09:13:21 +00:00
Max Schaefer	22502e7a10	JavaScript: Add query help for `FileAccessToHttp` query.	2018-12-05 13:12:52 +00:00

... 47 48 49 50 51 ...

2665 Commits