hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

11852 Commits

Author SHA1 Message Date
Napalys
b333f523df JS: Fix: now one can determine regex via Array.prototype.toSpliced function call. 2024-11-14 15:35:03 +01:00
Napalys
2b0def1ed3 JS: Add: Test case for checking if regex via using toSpliced 2024-11-14 15:31:38 +01:00
Napalys
52330e834c JS: Add: Test case for checking if regex via using splice 2024-11-14 15:29:05 +01:00
Napalys
84234d59b9 JS: Fix: Ensure toSpliced with spread operator is flagged 2024-11-13 17:21:34 +01:00
Napalys
8512cb44ff JS: Add: Test cases for toSpliced with spread operator 2024-11-13 17:18:09 +01:00
Napalys
cf90430ec0 JS: Add: Missing test case for splice spread operator 2024-11-13 17:07:17 +01:00
Napalys
2df3d1b251 JS: Fix: Ensure toSpliced is flagged by taint tracking in test suite (ed44358143) 2024-11-13 15:58:20 +01:00
Napalys
ed44358143 Added toSpliced test cases for mutation arrays 2024-11-13 15:51:00 +01:00
Napalys
df4b596180 Added toSpliced as part ArraySliceStep and ArraySpliceStep, fixed tests from 2d9bc43506 2024-11-13 13:47:34 +01:00
Napalys
2d9bc43506 Added tests for arrays toSpliced with pop 2024-11-13 12:58:24 +01:00
Napalys
b4c84d3d3c Added taint step for toSpliced, handles test from a65f80ef76 2024-11-13 12:41:41 +01:00
Napalys
a65f80ef76 Added basic taint tracking test for Array.prototype.toSpliced() 2024-11-13 12:28:14 +01:00
Napalys
37712d2e21 Added a new way to simulate CatastrophicError for integration-tests. In the future environmental variable, might be a more sustainable solution. 2024-11-13 08:58:54 +01:00
Napalys Klicius
ef18a6e562 Remove toReversed and toSorted func prototypes from extern.js. 2024-11-13 08:29:18 +01:00
Napalys
c2c6b77b11 Added new test case for TS57 Creating Index Signatures from Non-Literal Method Names in Classes 2024-11-12 14:26:42 +01:00
Napalys
5f8ff125e9 Added change notes 2024-11-12 12:21:39 +01:00
Napalys
7427a24ca1 Added test case for Array.prototype.toReversed, which is currently not flagged as a taint sink. 2024-11-12 12:02:37 +01:00
Napalys
3215967cbc Added toReserved test case 2024-11-12 12:02:20 +01:00
Napalys
3f0a54c2e8 Added support for Array.prototype.toSorted function 2024-11-12 12:02:04 +01:00
Napalys
def8d75cb8 Added test case for Array.prototype.toSorted, which is currently not flagged as a taint sink. 2024-11-12 12:01:51 +01:00
Asger F
80ee372ddf JS: Replace an unused value with _ 2024-11-12 11:24:17 +01:00
Asger F
637baabe37 JS: Clarify why there are no SSA definitions 2024-11-12 11:23:35 +01:00
Napalys Klicius
6266dab518 Merge pull request #17951 from Napalys/napalys/reverse-support 
JS: Added support for reverse function
 2024-11-12 10:09:18 +01:00
Napalys
00790bf3f4 Added change notes 2024-11-11 15:43:54 +01:00
Napalys Klicius
1eabb6cbdd Update javascript/ql/test/experimental/Security/CWE-918/check-regex.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-11 15:40:22 +01:00
Napalys Klicius
42f7f73ae1 Update ArrayInPlaceManipulationTaintStep documentation 2024-11-11 15:38:57 +01:00
Napalys
ae57c12b15 Added change notes 2024-11-11 10:38:14 +01:00
Napalys
82f09f1f8b Updated TS version to 5.7.1-release candidate 2024-11-11 10:19:32 +01:00
Napalys
81bc7cd19f Refactored SortTaintStep to ArrayInPlaceManipulationTaintStep to support both sort and reverse functions. Fixed newly added test case. from 8026a99db7 2024-11-11 08:32:03 +01:00
Napalys
1c298f0231 Added test case for Array.prototype.reverse, which is currently not flagged as a potential sink. 2024-11-11 08:32:02 +01:00
Napalys
f1c6dc1d9b Moved SortTaintStep to more appropriate home TaintTracking->Arrays 2024-11-11 08:32:01 +01:00
Napalys
70cf1a57bc Now catches usage of RegExp. after matchAll usage. 2024-11-08 08:59:31 +01:00
Napalys
c2baf0bd6d Added test where RegExp. is used after matchAll but it not flagged as potential issue 2024-11-08 08:56:12 +01:00
Napalys
dbd57e3870 Fixed issue where TaintTracking was not catching matchAll vulnerability 2024-11-07 13:40:10 +01:00
Napalys
a4fe728af2 Added matchAll test which is not marked as vulnurability by CodeQL 2024-11-07 13:35:09 +01:00
Napalys
514375dbf9 Fixes false positives from commit 42600c93ff 2024-11-07 13:00:54 +01:00
Napalys
42600c93ff Added tests which shows false positive SSRF via matchAll 2024-11-07 11:40:20 +01:00
Napalys
449cee91c8 Fixes false positives from commit 445552d3b53ec9592e8e3892cb337d1004b6a432 2024-11-07 10:33:13 +01:00
Napalys
4106663d89 Added tests for regex sanitization to identify false positives matchAll 2024-11-07 10:27:58 +01:00
Mikaël Barbero
881fe0ba57 fix: add "actions" tag to ActionsArtifactLeak 
Similar to javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
 2024-11-05 15:58:46 +01:00
Napalys Klicius
5e8b1b061f Update javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2024-11-05 10:29:22 +01:00
Napalys Klicius
7825a46085 Merge branch 'github:main' into napalys/matchAll-support 2024-11-05 09:31:30 +01:00
Napalys
b239bfabf1 Added tests forIncompleteHostnameRegExp and normalizedPaths using matchAll 2024-11-05 09:22:26 +01:00
Napalys
ccee34d6d3 Added support for matchAll in CWE-020 including new test cases 2024-11-05 08:51:24 +01:00
github-actions[bot]
f107d16b4e Post-release preparation for codeql-cli-2.19.3 2024-11-04 17:20:08 +00:00
github-actions[bot]
cc7b724123 Release preparation for version 2.19.3 2024-11-04 16:37:28 +00:00
Rasmus Wriedt Larsen
c0ad9ba529 Merge branch 'main' into js-threat-models 2024-11-01 10:48:32 +01:00
Rasmus Wriedt Larsen
dc8e645594 JS: Convert remaining queries to use ActiveThreatModelSourceAsSource 2024-11-01 10:47:10 +01:00
Rasmus Wriedt Larsen
19fae76a94 JS: Remove dummy comment 
Co-authored-by: Asger F <asgerf@github.com>
 2024-11-01 10:24:22 +01:00
Rasmus Wriedt Larsen
61e60de969 JS: Model readline as a stdin threat-model source 
Technically not always true, but my assumption is that +90% of the time
that's what it will be used for, so while we could be more precise by
adding a taint-step from the `input` part of the construction, I'm not
sure it's worth it in this case.

Furthermore, doing so would break with the current way we model
threat-model sources, and how sources are generally modeled in JS... so
for a very pretty setup it would require changing all the other `file`
threat-model sources to start at the constructors such as
`fs.createReadStream()` and have taint-propagation steps towards the
actual use (like we do in Python)...

I couldn't see an easy path forwards for doing this while keeping the
Concepts integration, so I opted for the simpler solution here.
 2024-10-31 14:29:30 +01:00