hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1615 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
45b6906a0d move comments to match alert location for CWE-834 2020-07-08 10:16:04 +02:00
Erik Krogh Kristensen
71a3d49d2b update comments to match alert location for CWE-807 2020-07-08 10:15:26 +02:00
Erik Krogh Kristensen
d814e73023 update comment position to match alert location for CWE-798 2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen
bcffc97de7 update comment position to match alert location for CWE-776 2020-07-08 10:10:31 +02:00
Erik Krogh Kristensen
2235634347 update consistency comments for CWE-754 2020-07-08 10:08:51 +02:00
Erik Krogh Kristensen
0d64a0f2c8 update consistency comment for CWE-730 2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen
5a87628478 update consistency comments for CWE-611 2020-07-08 10:03:03 +02:00
Erik Krogh Kristensen
1f1c09af02 update consistency comments for CWE-601 2020-07-08 10:02:29 +02:00
Erik Krogh Kristensen
ce6a211340 update inconsistency comment for CWE-506 2020-07-08 10:01:40 +02:00
Erik Krogh Kristensen
bf36137834 update inconsistency comment for CWE-346 2020-07-08 10:01:04 +02:00
Erik Krogh Kristensen
16b0427dc4 update inconsistency comment for CWE-338 2020-07-08 10:00:19 +02:00
Erik Krogh Kristensen
9bcbedde46 update consistency comment in passwords.js 2020-07-08 09:55:00 +02:00
Erik Krogh Kristensen
664c5e64b4 add [INCONSISTENCY] comment in CodeInjection test 2020-07-08 09:48:12 +02:00
Raz0r
3487ec17d0 add tests 2020-07-07 16:26:14 +03:00
Erik Krogh Kristensen
442ee8d1cc add consistency-checking for CWE-089 2020-07-06 19:02:50 +02:00
semmle-qlci
fe0c5a9ea6 Merge pull request #3892 from asger-semmle/js/redirect-starts-with-sanitizer 
Approved by esbena
 2020-07-06 17:04:30 +01:00
semmle-qlci
6d80445f24 Merge pull request #3851 from erik-krogh/queryStuff 
Approved by esbena
 2020-07-06 14:40:41 +01:00
Erik Krogh Kristensen
2a8b37e004 update consistency comments in unsafe-jquery-plugin.js 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-07-06 14:15:23 +02:00
Erik Krogh Kristensen
c986f3bb7c add consistency checking for CWE-079 2020-07-06 13:42:35 +02:00
Erik Krogh Kristensen
dc8042adeb introduce conistency-checking for CWE-078 2020-07-06 12:47:56 +02:00
Erik Krogh Kristensen
8585312271 fix typo in js/shell-command-constructed-from-input 2020-07-06 10:33:49 +02:00
Asger Feldthaus
b5104ae42d JS: Add StartsWith sanitizer 2020-07-03 14:46:07 +01:00
Asger Feldthaus
4c06eb8bfe JS: Add test showing FPs 2020-07-03 14:45:42 +01:00
Erik Krogh Kristensen
261821b32c Merge remote-tracking branch 'upstream/master' into queryStuff 2020-07-02 16:08:05 +02:00
semmle-qlci
97128b1475 Merge pull request #3829 from asger-semmle/js/xss-substr 
Approved by erik-krogh
 2020-07-02 11:58:32 +01:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness 
Approved by asgerf
 2020-07-01 20:07:58 +01:00
Erik Krogh Kristensen
3157cd724d add noSQL tests for type-tracking req.query 2020-07-01 11:45:09 +02:00
Erik Krogh Kristensen
bace2994c3 add test for type-tracking req.params 2020-07-01 11:38:54 +02:00
semmle-qlci
15a0297ca2 Merge pull request #3834 from asger-semmle/js/vue-classification 
Approved by erik-krogh
 2020-06-30 13:14:25 +01:00
Esben Sparre Andreasen
c7f67fafd9 JS: support additional promisification of the fs-module members 2020-06-30 09:10:30 +02:00
Asger Feldthaus
cb12d894a6 JS: Add test 2020-06-29 15:54:06 +01:00
semmle-qlci
b3e68ef81c Merge pull request #3806 from erik-krogh/moreDownloads 
Approved by asgerf
 2020-06-29 13:53:10 +01:00
Asger Feldthaus
03c91a66c5 JS: Update expected output 2020-06-29 07:52:25 +01:00
Asger Feldthaus
9ca25d5bef JS: Support .hash extraction via a few more methods 2020-06-28 01:38:59 +01:00
Asger Feldthaus
19db418395 JS: Add missing store step in Xss query 2020-06-28 01:26:11 +01:00
Erik Krogh Kristensen
926f2c139f require that a write must dominate the enclosing stmt of a read 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
cc2e61531e update expected output 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
e467d3ccbf use dominating write check in js/path-injection 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
6bc821b1ab add tests for dominating writes 2020-06-25 23:00:52 +02:00
Erik Krogh Kristensen
2b2d691e45 don't treated a property from a tainted object as tainted when there exists a dominating write 2020-06-25 23:00:52 +02:00
semmle-qlci
056e1a8c4b Merge pull request #3599 from asger-semmle/js/nameditem 
Approved by esbena
 2020-06-25 17:34:14 +01:00
Erik Krogh Kristensen
09d969a8ad recognize sensitive files by file-system writes 2020-06-25 15:19:42 +02:00
Erik Krogh Kristensen
8f5a3e9f4f add support for getASavePath() to js/insecure-download 2020-06-25 15:18:31 +02:00
Erik Krogh Kristensen
dafca8fd81 introduce flow-labels to js/insecure-download 2020-06-25 15:17:57 +02:00
Asger Feldthaus
f9b796231b JS: Add regression tests 2020-06-25 11:10:27 +01:00
Asger Feldthaus
ea3560fe07 JS: Ignore document.all checks explicitly 2020-06-25 11:03:06 +01:00
Asger Feldthaus
b867512db4 JS: Update test 2020-06-25 11:01:10 +01:00
Erik Krogh Kristensen
3f8881a334 don't report insecure randomness when the insecure random is just a fallback 2020-06-23 15:53:19 +02:00
semmle-qlci
0d61443915 Merge pull request #3753 from asger-semmle/js/xss-dom-exception-rephrasing 
Approved by erik-krogh
 2020-06-23 13:01:41 +01:00
Asger Feldthaus
b4f75ef414 Merge branch 'master' into js-team-sprint-merge2 2020-06-23 00:18:09 +01:00