hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

2033 Commits

Author SHA1 Message Date
Asger F
4797924bea JS: review comments 2018-09-21 14:46:21 +01:00
Asger F
5f467d2fc5 JS: recognize CSRF middleware from lusca package 2018-09-21 13:15:40 +01:00
Asger F
6f109a742f JS: add a test case for res.sendfile 2018-09-21 11:04:33 +01:00
alexet
b94df82833 JavaScript: Fix expected output due to qltest change. 2018-09-20 15:56:20 +01:00
semmle-qlci
4aca8f4fd3 Merge pull request #201 from asger-semmle/string-concatenation-squashed 
Approved by esben-semmle
 2018-09-19 21:59:17 +01:00
Asger F
1d793c0a7b JavaScript: fix expected output 2018-09-19 14:33:23 +01:00
Asger F
9384b85bcc JavaScript: ensure prefix sanitizers work for array.join() 2018-09-17 14:31:26 +01:00
Esben Sparre Andreasen
33f98dd1a7 JS: add query: js/stored-xss 2018-09-14 15:30:44 +02:00
semmle-qlci
3d022298dc Merge pull request #186 from Semmle/rc/1.18 
Approved by esben-semmle
 2018-09-13 12:34:54 +01:00
Esben Sparre Andreasen
3d3b7b0254 JS: fix typo in test case 2018-09-06 22:54:07 +02:00
Esben Sparre Andreasen
b9d825b379 JS: better matching of String.prototype.search in js/regex-injection 2018-09-05 08:35:00 +02:00
Esben Sparre Andreasen
f5a6af54e6 JS: add security query: js/request-forgery 2018-09-04 09:25:42 +02:00
semmle-qlci
55ceb9be8b Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers 
Approved by xiemaisi
 2018-08-24 08:37:41 +01:00
Max Schaefer
2187b0c245 Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen
20b48a2d24 JS: support relational indexof comparison sanitizers 2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen
218c0cb51a JS: address review comments 2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen
fef257b1ec JS: remove emptiness checks from the type confusion x.length sinks 2018-08-22 13:25:22 +02:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Asger F
d9ba5a1cab JavaScript: add test cases for new array steps 2018-08-13 12:27:12 +01:00
semmle-qlci
3d0748c542 Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
semmle-qlci
2478c6e150 Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F
b00938e9b3 Make NodeJSLib use moduleMember for ES6-compatibility 2018-08-09 15:10:21 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Esben Sparre Andreasen
b6951d8249 JS: add tests for improved js/missing-rate-limiting 2018-08-06 15:15:44 +02:00
Asger F
156b94e436 JavaScript: Add model of JSON parsers 2018-08-03 15:27:35 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00