hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

11808 Commits

Author SHA1 Message Date
semmle-qlci
a6b7f2d1f6 Merge pull request #1561 from xiemaisi/js/await-sourcenode 
Approved by asger-semmle
 2019-07-08 09:44:05 +01:00
Max Schaefer
fec87ac716 JavaScript: Address review comment. 2019-07-08 08:29:12 +01:00
Asger F
37ccfd0036 JS: Resolve static calls using type tracking 2019-07-06 22:32:00 +01:00
semmle-qlci
50e8034b0b Merge pull request #1544 from esben-semmle/js/additional-configuration-splitting 
Approved by xiemaisi
 2019-07-05 09:10:22 +01:00
Ellen Arteca
39c37f519d JavaScript: Use type tracking to identify more portal entry/exit nodes. 2019-07-05 09:03:37 +01:00
Arthur Baars
9bf0a3f2cd Merge pull request #1547 from Semmle/rc/1.21 
Merge rc/1.21 into master
 2019-07-05 07:20:28 +02:00
Esben Sparre Andreasen
fca815f96d JS: make use of the recent Configuration split 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
6d5b84fa88 JS: split XmlBomb.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
5163ccfd39 JS: split InsufficientPasswordHash.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
8664908f78 JS: split PrototypePollution.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
289c29828f JS: split UnvalidatedDynamicMethodCall.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9e675d9973 JS: split TaintedFormatString.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
26c29cbde5 JS: split TypeConfusionThroughParameterTampering.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
8225d9923c JS: split ClientSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
c3973c061e JS: split ZipSlip.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
29e69b32b0 JS: split XpathInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
48b655f1c7 JS: split CommandInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ccc171ce18 JS: split RemotePropertyInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
063abb5af9 JS: split PostMessageStar.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
3ad46cd5bf JS: split HardcodedCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ec6d233180 JS: split CleartextLogging.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
813253e0ac JS: split BrokenCryptoAlgorithm.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
27d0caed3e JS: split RegExpInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
c8a60f74f0 JS: split StackTraceExposure.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
f2b3fa57eb JS: split RequestForgery.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
6f6887993c JS: split Xxe.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
9d670f7d39 JS: split CleartextStorage.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
013f471cf6 JS: split TaintedPath.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2bb702ceea JS: split SqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
2972c28e58 JS: split NosqlInjection.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
057b18c316 JS: split ServerSideUrlRedirect.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
a89a073623 JS: split FileAccessToHttp.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
efe7ba4f3d JS: split InsecureRandomness.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
b85d3756b0 JS: split DifferentKindsComparisonBypass.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
56172317ed JS: split HardCodedDataInterpretedAsCode.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
d786f36120 JS: split CorsMisconfigurationForCredentials.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
1f54f3269d JS: split HttpToFileAccess.qll 2019-07-04 22:42:55 +02:00
Esben Sparre Andreasen
ee6003655a JS: split UnsafeDynamicMethodAccess.qll 2019-07-04 22:42:55 +02:00
semmle-qlci
298aa92814 Merge pull request #1543 from xiemaisi/js/reflective-call-flow 
Approved by asger-semmle
 2019-07-04 12:02:24 +01:00
Max Schaefer
91a718cfe5 JavaScript: Fix data flow out of reflective calls. 
We were previously missing a data-flow edge from reflected calls to the corresponding reflective call, that is, for `f.call(...)` we didn't have a flow edge from the implicit call to `f` to the result of `f.call(...)`.
 2019-07-04 08:29:04 +01:00
Esben Sparre Andreasen
bb452bea45 JS: split UnsafeDeserialization.qll 2019-07-04 08:39:10 +02:00
Esben Sparre Andreasen
626f3fa598 JS: split ConditionalBypass.qll 2019-07-04 08:33:39 +02:00
semmle-qlci
40f7e6f514 Merge pull request #1540 from esben-semmle/js/bump-prototype-pollution-lodash 
Approved by xiemaisi
 2019-07-04 07:19:45 +01:00
semmle-qlci
6cda33c39e Merge pull request #511 from esben-semmle/js/classify-minified-by-variable-names 
Approved by xiemaisi
 2019-07-03 16:31:43 +01:00
semmle-qlci
b07a3e6725 Merge pull request #1439 from esben-semmle/js/configuration-node-separation 
Approved by asger-semmle, xiemaisi
 2019-07-03 16:31:10 +01:00
semmle-qlci
7fbc730b05 Merge pull request #1517 from asger-semmle/instance-type-tracking-final 
Approved by xiemaisi
 2019-07-03 08:26:16 +01:00
semmle-qlci
44823ca46d Merge pull request #1522 from asger-semmle/ts-stringify-recursive-type-alias 
Approved by xiemaisi
 2019-07-03 08:25:50 +01:00
Esben Sparre Andreasen
051c6ca31f JS: split CodeInjection.qll into two parts 2019-07-03 09:18:27 +02:00
Esben Sparre Andreasen
ecf367fa65 JS: bump vulnerable lodash version for prototype pollution 
See https://github.com/lodash/lodash/pull/4336
 2019-07-03 08:18:16 +02:00
Asger F
70cbecaf1b JS: Update more test outputs 2019-07-02 21:08:13 +01:00