hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1615 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2f3869f41b add model for puppeteer 2021-03-17 10:03:51 +01:00
Asger Feldthaus
97b8e35426 JS: Update test expectations 2021-03-16 15:09:01 +00:00
Asger Feldthaus
710cca5395 JS: Update expectations with new sources 2021-03-16 13:28:12 +00:00
Asger Feldthaus
aa1c8c041e JS: Exclude client-side sources from RegExpInjection 2021-03-16 13:28:11 +00:00
Asger Feldthaus
2e57a7d3e9 JS: Add ClientSideRemoteFlowSource 2021-03-16 13:28:09 +00:00
CodeQL CI
40acb95105 Merge pull request #5397 from erik-krogh/globalSanitizer 
Approved by asgerf
 2021-03-16 05:37:32 -07:00
Erik Krogh Kristensen
3640bbd466 add test for IncompleteHtmlAttributeSanitization 2021-03-16 13:25:27 +01:00
CodeQL CI
9268050eb8 Merge pull request #5369 from erik-krogh/tempObjInj 
Approved by asgerf
 2021-03-15 05:23:55 -07:00
CodeQL CI
a9c292e265 Merge pull request #5391 from erik-krogh/additionalXss 
Approved by asgerf
 2021-03-15 04:50:54 -07:00
Erik Krogh Kristensen
1dcfc3840d add test 2021-03-12 16:25:33 +01:00
Asger Feldthaus
a2d1e88bb3 JS: Update more test expectations 2021-03-12 12:57:21 +00:00
Erik Krogh Kristensen
d7b0f628a1 add test 2021-03-12 00:03:20 +01:00
Asger Feldthaus
a03cb11257 JS: Include $().prop() source in XssThroughDom 2021-03-11 16:27:31 +00:00
Asger Feldthaus
18cfe72e99 JS: Add model of d3 2021-03-11 10:05:05 +00:00
Erik Krogh Kristensen
11793800ad support subrouters, and engine registrations with file extensions 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
28951e98c4 add engine filter to js/template-object-injection 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
b30484dd69 behaviour preserving refactorization into modules 2021-03-09 16:17:29 +01:00
Erik Krogh Kristensen
caf1dbdc46 move TemplateObjectInjection out of experimental 2021-03-09 11:29:45 +01:00
Erik Krogh Kristensen
29ae737475 update expected output for MalformedRegExp 2021-03-08 13:50:58 +01:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
CodeQL CI
15049ca853 Merge pull request #5183 from erik-krogh/next 
Approved by asgerf
 2021-03-04 04:57:43 -08:00
Asger Feldthaus
6e0322dc60 JS: Add DeepResourceExhaustion test 2021-03-02 13:56:43 +00:00
Asger Feldthaus
88e5348da9 JS: Move RemotePropertyInjection test into subfolder 2021-03-02 13:56:39 +00:00
Asger Feldthaus
fd9604c5ef JS: Update expected output for poly ReDoS 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
36049f05f8 update Next.js xss example such that the attack is viable 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
Max Schaefer
2e252ba3e4 JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes. 2021-02-25 09:06:58 +00:00
Max Schaefer
ae2a5da63f JavaScript: Add new tests for recognising receiver of event handler as DOM element. 2021-02-25 09:04:46 +00:00
Asger F
b8e1987cad Update javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-02-22 10:08:56 +00:00
Asger Feldthaus
e964771e9c JS: Add test 2021-02-22 09:47:21 +00:00
CodeQL CI
8716cbd7ee Merge pull request #5140 from erik-krogh/mark 
Approved by asgerf
 2021-02-17 11:50:11 -08:00
CodeQL CI
b5143dbdb4 Merge pull request #5117 from erik-krogh/parseForm 
Approved by asgerf
 2021-02-15 04:30:59 -08:00
Erik Krogh Kristensen
69d8aa143c add taint step for the snarkdown libary 2021-02-11 16:16:46 +01:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen
e2fbf8a68c add files uploaded with multer as RemoteFlowSource 2021-02-11 09:33:15 +01:00
Erik Krogh Kristensen
7cff1f441b add model for the unified and remark libraries 2021-02-10 18:13:01 +01:00
Erik Krogh Kristensen
0d497e8b9a add model for the showdown library 2021-02-10 17:22:42 +01:00
Erik Krogh Kristensen
f76018c039 add taint step for the markdown-table library 2021-02-10 15:11:41 +01:00
Erik Krogh Kristensen
b4704f7016 add taint-step for the marked library 2021-02-10 14:51:08 +01:00