hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1615 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2f3ea4412f add model of the pify library 2021-06-22 11:55:54 +02:00
Erik Krogh Kristensen
c736606695 add support for moment/dayjs/luxon instances returned by @date-io adapters 2021-06-22 10:42:24 +02:00
Erik Krogh Kristensen
227f61b954 add model for the luxon library 2021-06-21 23:29:12 +02:00
Erik Krogh Kristensen
cdf3cdcf71 add model for the formatByString and formatByNumber functions in @date-io 2021-06-21 23:29:01 +02:00
Erik Krogh Kristensen
2a4570eaaa add model for the dayjs library 2021-06-21 23:28:45 +02:00
Asger Feldthaus
5838e54a46 JS: Sharpen recognition of string 'match' calls 2021-06-16 09:27:02 +02:00
Erik Krogh Kristensen
416c986cbc add support for graphql in @actions/github 2021-06-15 09:43:11 +02:00
Erik Krogh Kristensen
50d574d20d add graphql injection to the sql-injection query 2021-06-10 21:01:54 +02:00
CodeQL CI
d65e6bbfa1 Merge pull request #6035 from erik-krogh/joi 
Approved by asgerf
 2021-06-09 04:42:54 -07:00
CodeQL CI
6bdd7df810 Merge pull request #6002 from erik-krogh/history 
Approved by asgerf
 2021-06-08 13:17:38 -07:00
CodeQL CI
169e67cbb8 Merge pull request #5990 from erik-krogh/prettier 
Approved by asgerf
 2021-06-08 12:17:24 -07:00
CodeQL CI
fec39857fa Merge pull request #6015 from erik-krogh/resolve 
Approved by asgerf
 2021-06-08 04:15:19 -07:00
CodeQL CI
6279c67949 Merge pull request #5901 from erik-krogh/regFP 
Approved by asgerf
 2021-06-08 04:14:06 -07:00
CodeQL CI
95b591d72b Merge pull request #6025 from erik-krogh/serve 
Approved by asgerf
 2021-06-08 01:42:38 -07:00
Erik Krogh Kristensen
1ad08677c2 model serve-handler in js/exposure-of-private-files 2021-06-08 09:52:56 +02:00
Erik Krogh Kristensen
be7abede22 add model for the joi library 2021-06-07 20:04:17 +02:00
Asger Feldthaus
4cf3c11e83 JS: Add lines of user code summary query 2021-06-07 16:41:59 +02:00
Erik Krogh Kristensen
a63b0b28d4 refactor the history library model, add support for the global variable 2021-06-07 15:42:13 +02:00
Erik Krogh Kristensen
5419143e72 remove createHashHistory from the history sink 2021-06-07 15:24:59 +02:00
Erik Krogh Kristensen
5961dd1459 add another test for the resolve library 2021-06-06 22:54:12 +02:00
Erik Krogh Kristensen
0adc001df0 add taint-step for serialize-javascript 2021-06-06 22:48:53 +02:00
Erik Krogh Kristensen
dd2fe2a489 add the resolve library as a sink to js/path-injection 2021-06-06 22:04:32 +02:00
Erik Krogh Kristensen
608a0314df add location reads from the history libary as client-side remote flow 2021-06-03 12:33:25 +02:00
Erik Krogh Kristensen
e543c6c665 add a js/client-side-unvalidated-url-redirection sink for the history library 2021-06-03 12:23:05 +02:00
Erik Krogh Kristensen
431c995131 add support for the debug library 2021-06-02 23:11:15 +02:00
Erik Krogh Kristensen
788c5ba701 add support for the prettier API 2021-06-02 15:33:08 +02:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00
Erik Krogh Kristensen
1435ac715a add support for the clone library 2021-05-18 12:46:34 +02:00
Erik Krogh Kristensen
33641c84f6 recognize sanitizing string replace call for regexp-injection 2021-05-14 11:58:27 +02:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00
CodeQL CI
a3d17a1437 Merge pull request #5769 from erik-krogh/libXss 
Approved by esbena
 2021-05-10 05:58:07 -07:00
CodeQL CI
7a7586488a Merge pull request #5833 from erik-krogh/filterStep 
Approved by esbena
 2021-05-06 13:47:23 -07:00
Erik Krogh Kristensen
3815797dda add sanitizers from DOM and jQuery queries 2021-05-06 11:05:03 +02:00
Erik Krogh Kristensen
8ba5bddae8 add jQuery options objects as sources 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
23908f9ec2 remove flowpaths that has a returns without a matching call 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
6e754c70aa add test for js/html-constructed-from-input 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
ab53f3b380 add array.filter() as a taint-step 2021-05-05 12:03:14 +02:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00
CodeQL CI
6931d9a6f7 Merge pull request #5785 from edvraa/httponlyjs 
Approved by esbena
 2021-05-03 23:14:26 -07:00
edvraa
6fa2f1e653 update test message 2021-05-04 00:32:01 +03:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00
Rasmus Wriedt Larsen
af0723c185 Merge pull request #5656 from asgerf/js/files-diagnostics 
JS: Add file diagnostics queries
 2021-04-29 11:53:11 +02:00
CodeQL CI
3240536d0e Merge pull request #5798 from erik-krogh/trackLoc 
Approved by esbena
 2021-04-29 00:45:21 -07:00
Erik Krogh Kristensen
dfd63e5d5a track window object to where .location is read 2021-04-28 18:52:00 +02:00
Erik Krogh Kristensen
e60628d463 add global replacements using inverted char classes as a sanitizer for DOM based XSS 2021-04-28 11:29:30 +02:00