hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1615 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
b8154d41b1 type-track objects where the "$where" property has been written 2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen
6163e6cf5f adjust test case for XML entity expansion 2020-09-24 09:53:06 +02:00
Erik Krogh Kristensen
83f0514475 add req.files as a RequestInputAccess in the Express model 2020-09-23 15:50:59 +02:00
Max Schaefer
dc7b447895 JavaScript: Make alert locations for command injection more precise. 2020-09-23 14:07:36 +01:00
Max Schaefer
439aadf0b6 JavaScript: Do even more type tracking in command injection. 2020-09-23 14:07:36 +01:00
Max Schaefer
ef18b39124 JavaScript: Fix use of type backtracker in IndirectCommandArgument.qll. 2020-09-23 14:07:36 +01:00
Max Schaefer
825fc2228b JavaScript: Add two new command-injection tests. 2020-09-23 14:07:36 +01:00
CodeQL CI
9a306866c5 Merge pull request #4282 from erik-krogh/es2021 
Approved by esbena
 2020-09-22 05:34:35 -07:00
Erik Krogh Kristensen
b09015380a add support for String.prototype.replaceAll 2020-09-21 10:50:04 +02:00
Erik Krogh Kristensen
dafcd59148 add another indirect route-handler test 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
fa255f3534 add test for self.importScripts(..) 2020-09-15 12:23:48 +02:00
Erik Krogh Kristensen
03a3c4f4b2 update expected output 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
f4f96ce04d use new source in client-side-url-redirect test 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
6e84ac8e6c add test for importScripts 2020-09-14 16:02:34 +02:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Erik Krogh Kristensen
4515d27ad2 Merge branch 'main' of https://github.com/github/codeql into pr/erik-krogh/4220 2020-09-08 14:10:15 +00:00
Erik Krogh Kristensen
320879bc1e recognize colon in command-prefixes 2020-09-07 13:12:38 +02:00
Erik Krogh Kristensen
fd05156298 clarifying comment on the last jQuery inconsistency 2020-09-04 10:30:42 +02:00
Erik Krogh Kristensen
b18f51806c regain the lost property presence result 2020-09-04 10:30:38 +02:00
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
CodeQL CI
58f51899c9 Merge pull request #4173 from erik-krogh/targetBlankFP 
Approved by esbena
 2020-09-04 08:21:22 +01:00
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Erik Krogh Kristensen
3952553953 adjust comment about inconsistency for XSS in typeahead 2020-09-03 10:50:40 +02:00
CodeQL CI
2ba84be565 Merge pull request #4185 from erik-krogh/unusedArrDestruct 
Approved by esbena
 2020-09-03 09:18:15 +01:00
Max Schaefer
d81d80430e JavaScript: Add a regression test for DeadStoreOfProperty. 2020-09-02 19:45:27 +01:00
Max Schaefer
e3a9906071 JavaScript: Switch MissingRateLimiting.qll to API graphs. 
The added test shows how this helps us avoid false positives.
 2020-09-02 17:35:47 +01:00
Asger F
2c0e9f0c86 Merge pull request #4186 from github/rc/1.25 
Mergeback: 1.25 -> main
 2020-09-02 15:12:25 +01:00
Erik Krogh Kristensen
a24db09418 only flag unused array-destructs if it is the last variable 2020-09-02 11:40:35 +02:00
Erik Krogh Kristensen
f0a0f41c3c allow urls that are prefixed with # or ? in js/unsafe-external-link 2020-09-02 10:19:42 +02:00
Erik Krogh Kristensen
f7edf28d0d allow mailto links in js/unsafe-external-link 2020-08-31 16:01:28 +02:00
Erik Krogh Kristensen
038cca814a Merge branch 'main' into ts4 2020-08-28 10:27:49 +02:00
CodeQL CI
ac94869978 Merge pull request #3978 from dellalibera/js/insecure-cookies 
Approved by esbena
 2020-08-28 08:31:38 +01:00
ubuntu
cd1d50b637 Update expected output 2020-08-26 23:50:15 +02:00
Erik Krogh Kristensen
db57f3661e Merge branch 'main' into ts4 2020-08-21 15:08:30 +02:00
ubuntu
5d6e6be4e4 Add query-tests 2020-08-16 15:02:52 +02:00
Erik Krogh Kristensen
15a74493e0 more permissive path elements in js/incomplete-url-substring-sanitization 2020-08-13 11:46:13 +02:00
Erik Krogh Kristensen
3fb9c28806 adjust comment about slash position 2020-08-13 11:46:13 +02:00
Erik Krogh Kristensen
d95d427c5b better support for the &&=, ||=, and ??= operators 2020-08-13 09:22:32 +02:00
Erik Krogh Kristensen
1d111c3e1f expand what urls are detected by js/incomplete-url-substring-sanitization 2020-08-12 14:25:35 +02:00
Erik Krogh Kristensen
e629e6bbb0 changes based on review 2020-08-04 10:25:05 +02:00
Erik Krogh Kristensen
97aa3cc8a3 rewrite DeadStoreOfProperty to improve worst-case complexity 2020-08-04 10:25:05 +02:00
Erik Krogh Kristensen
dbeef312ca add some TypeScript tests to DeadStoreOfProperty 2020-08-04 10:25:05 +02:00
CodeQL CI
8855ab8c8c Merge pull request #3835 from Raz0r/js/xss-protocol-sinks 
Approved by erik-krogh
 2020-08-03 15:40:05 +01:00
CodeQL CI
a4f8b19ae4 Merge pull request #3876 from erik-krogh/CWE078-Correctness 
Approved by esbena
 2020-08-03 15:38:51 +01:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc JavaScript: Add model for foreground-child. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea JavaScript: Model another execa function relevant for command injection. 2020-07-27 11:34:04 +01:00
Erik Krogh Kristensen
ec38df69b3 update consistency comments for CWE-918 2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen
c5285f7418 update inconsistency comment for CWE-843 2020-07-08 10:16:43 +02:00