hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

3003 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
3ddfd7ba73 add extra promise test for chrome-remote-interface 2020-03-10 12:24:16 +01:00
Esben Sparre Andreasen
dbeb216af0 JS: make use of TypeScript types for mongoose Model and Query 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
aae92ad795 JS: add test for DatabaseAccess 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
6b9bd8bd97 JS: adjust tests slightly to also support DatabaseAccess testing 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
7a2faa0b6b JS: add additional mongoose and mongodb js/nosql-injection sinks 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
f24f03e1f8 JS: add mongodb .connect tests 2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen
21e6e69f22 JS: support mongodb v3 (minimally) 
https://github.com/github/codeql-javascript-team/issues/79
 2020-03-10 09:57:45 +01:00
Erik Krogh Kristensen
ad52d6446e add test case for tuple-like use 2020-03-09 19:47:05 +01:00
Erik Krogh Kristensen
a476fc5c3b revert Array.from change 2020-03-09 17:09:31 +01:00
Erik Krogh Kristensen
68ffd52d4c update expected output 2020-03-09 16:45:10 +01:00
Erik Krogh Kristensen
b4b05696e1 two bugfixes 2020-03-09 16:45:03 +01:00
Max Schaefer
3c785ecaa7 JavaScript: Move flow summaries to experimental. 
Also update description and change note to call out their experimental character more clearly.
 2020-03-09 12:57:20 +00:00
Erik Krogh Kristensen
dc4e361d75 add data-flow steps for arrays 2020-03-09 09:53:08 +01:00
Erik Krogh Kristensen
8e3cf5c9c8 add test for data-flow on arrays 2020-03-09 09:25:17 +01:00
Asger Feldthaus
a1d479e975 JS: Declassify sensitive exprs with special characters 2020-03-07 15:15:13 +00:00
semmle-qlci
7891f8621e Merge pull request #2982 from esbena/js/request-model-with-chaining 
Approved by asgerf
 2020-03-06 08:57:42 +00:00
semmle-qlci
98cee5cc1d Merge pull request #2967 from asger-semmle/js/flow-through-prop 
Approved by esbena
 2020-03-05 09:46:35 +00:00
semmle-qlci
85ee5fc988 Merge pull request #2955 from erik-krogh/BetterHeader 
Approved by asgerf
 2020-03-05 08:24:43 +00:00
semmle-qlci
98034aaa53 Merge pull request #2988 from asger-semmle/js/autoformat-again-again 
Approved by esbena
 2020-03-04 21:20:52 +00:00
semmle-qlci
c6e3d8df49 Merge pull request #2969 from esbena/js/process-as-event-emitter 
Approved by erik-krogh
 2020-03-04 20:24:12 +00:00
Asger Feldthaus
53569453ba JS: Autoformat again 2020-03-04 19:28:24 +00:00
semmle-qlci
c5d39039bc Merge pull request #2962 from erik-krogh/YetAnotherSanitizer 
Approved by asgerf
 2020-03-04 15:27:09 +00:00
Esben Sparre Andreasen
db335ae89b JS: add default/chaining for request 2020-03-04 12:36:49 +01:00
Esben Sparre Andreasen
92b3e8c060 JS: add default/chaining tests for request 2020-03-04 12:25:23 +01:00
Esben Sparre Andreasen
ae43e90a67 JS: model process as an EventEmitter 2020-03-04 09:49:16 +01:00
Esben Sparre Andreasen
4625217a68 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 15:07:51 +01:00
Esben Sparre Andreasen
dfa07130b5 JS: add process EventEmitter test 2020-03-03 14:26:03 +01:00
Erik Krogh Kristensen
f03c67266a add taint step for replace call that only removes dots 2020-03-03 12:58:06 +01:00
Erik Krogh Kristensen
95819c8731 use RegExpTerm to generalize predicate 2020-03-03 12:34:18 +01:00
Asger Feldthaus
98524556c3 JS: Add some tests 2020-03-03 11:32:23 +00:00
Erik Krogh Kristensen
622a2fcfdc use regexp term instead of char class 2020-03-03 12:24:13 +01:00
semmle-qlci
57b3e6addf Merge pull request #2958 from erik-krogh/InnerPrefix 
Approved by asgerf
 2020-03-03 11:10:44 +00:00
Erik Krogh Kristensen
bc13204193 refactor header checks to be based on dominance 2020-03-03 12:04:31 +01:00
semmle-qlci
7f3f629d39 Merge pull request #2913 from asger-semmle/js/prototype-pollution-path 
Approved by erik-krogh
 2020-03-03 10:29:47 +00:00
semmle-qlci
b3cbf8baa8 Merge pull request #2960 from erik-krogh/OverloadsWithThis 
Approved by asgerf
 2020-03-03 10:10:00 +00:00
Esben Sparre Andreasen
adddebf039 Merge branch 'master' of github.com:Semmle/ql into js/more-fs-modules 2020-03-03 10:55:16 +01:00
semmle-qlci
e1c5449885 Merge pull request #2867 from erik-krogh/UselessCat 
Approved by esbena
 2020-03-03 09:10:25 +00:00
Erik Krogh Kristensen
9016f43d80 update expected output 2020-03-03 10:04:57 +01:00
Erik Krogh Kristensen
53d1cd33f6 support sanitizers that remove all forward slashes 2020-03-02 21:34:40 +01:00
Erik Krogh Kristensen
68fb8c52e9 check the type of the this-type, instead of the AST-node 2020-03-02 16:35:16 +01:00
Erik Krogh Kristensen
e0fcc4af6a handle this parameters when finding unreachable overloads 2020-03-02 16:26:00 +01:00
Erik Krogh Kristensen
26fd17bf39 recognize utility functions implementing a StartsWith check 2020-03-02 13:00:58 +01:00
Asger Feldthaus
e405a9769c JS: Really autoformat everything 2020-03-02 10:48:33 +00:00
Erik Krogh Kristensen
c14a485ca7 recognize more HttpResponseSink by restricting the hasNonHtmlHeader check 2020-03-02 10:10:34 +01:00
Erik Krogh Kristensen
71ff32e930 recognize another prefix check for js/path-injection 2020-02-28 14:55:41 +01:00
Esben Sparre Andreasen
a589061bee JS: add type-tracking to the fs-module and model the original-fs 2020-02-28 12:54:59 +01:00
Esben Sparre Andreasen
5a3a1c480d JS: add tests for the fs-module and friends 2020-02-28 12:21:10 +01:00
Erik Krogh Kristensen
ce9cd53bf1 Merge remote-tracking branch 'upstream/master' into UselessCat 2020-02-28 09:56:23 +01:00
semmle-qlci
ec90627a64 Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
Asger Feldthaus
52ebe49a0b JS: Flag deep assignments in prototype pollution query 2020-02-27 12:17:55 +00:00