hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

6736 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
d016ba2252 rename name dataflow configuration in js/template-object-injection 2021-02-03 12:29:23 +01:00
Erik Krogh Kristensen
a5bde53bfe use the TaintedObject library in js/template-object-injection 2021-02-03 12:26:37 +01:00
Erik Krogh Kristensen
c6a22844e2 add test for js/template-object-injection 2021-02-03 12:16:57 +01:00
CaptainFreak
12ee497485 move query to src, rename and refactor 2021-02-03 15:48:02 +05:30
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
Erik Krogh Kristensen
c51e951d1e add change note 2021-02-02 22:51:03 +01:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
CaptainFreak
3363f5e6db JS: add query for Express-HBS LFR 2021-02-01 18:01:34 +05:30
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
CodeQL CI
c9537f2639 Merge pull request #5029 from asgerf/js/silence-angular-template-fps 
Approved by erik-krogh
 2021-01-29 06:06:37 -08:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
CodeQL CI
6d952bda27 Merge pull request #5020 from asgerf/js/getaqlclass-test 
Approved by esbena
 2021-01-27 03:48:57 -08:00
CodeQL CI
bb423828de Merge pull request #5025 from asgerf/js/slow-xml-parent-upgrade-script 
Approved by erik-krogh
 2021-01-27 03:27:43 -08:00
Asger Feldthaus
1637b72092 JS: Ignore Angular templates in a few non-security queries 2021-01-27 11:02:19 +00:00
Asger Feldthaus
5a89fa3f67 JS: Fix performance issue in upgrade script 2021-01-27 10:10:37 +00:00
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00
Asger Feldthaus
c69a051292 JS: Add test that depends on getAQlClass 2021-01-26 15:16:27 +00:00
CodeQL CI
76e1e4d668 Merge pull request #4712 from asgerf/js/api-graph-tweaks 
Approved by max-schaefer
 2021-01-26 04:04:05 -08:00
CodeQL CI
0be0929693 Merge pull request #4958 from asgerf/js/angular2 
Approved by erik-krogh
 2021-01-26 02:53:33 -08:00
Asger Feldthaus
e6d9cd1905 JS: Add clause to getReturn/getInstance 2021-01-26 10:14:12 +00:00
Asger Feldthaus
d59ccb7687 JS: Remove unhelpful mat-table load step 2021-01-26 09:27:48 +00:00
Asger Feldthaus
89225e222c JS: Remove confusing comment 2021-01-26 09:25:12 +00:00
CodeQL CI
4601eb9c7c Merge pull request #4706 from max-schaefer/issue-247 
Approved by asgerf
 2021-01-25 07:11:35 -08:00
Erik Krogh Kristensen
0ba610f7db Merge pull request #5013 from erik-krogh/asmWhitespace 
JS: remove benign result for js/whitespace-contradicts-precedence related to " | 0" expressions
 2021-01-25 13:29:07 +01:00
Erik Krogh Kristensen
d86705fe7a remove benign result for js/whitespace-contradicts-precedence related to " | 0" expressions 2021-01-25 10:43:39 +01:00
CodeQL CI
527c41520e Merge pull request #4951 from esbena/js/reintroduce-server-crash 
Approved by erik-krogh
 2021-01-22 06:37:50 -08:00
Esben Sparre Andreasen
3f3962f7a9 Update javascript/ql/src/Security/CWE-730/examples/server-crash.GOOD-B.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-22 14:03:21 +01:00
Esben Sparre Andreasen
718f6eb3fd JS: update and prettify examples 2021-01-22 13:17:38 +01:00
Asger Feldthaus
b36593a76b JS: Fix broken link tag 2021-01-22 10:11:16 +00:00
Asger Feldthaus
0ffa720d3b JS: Capitalize other enum constants 2021-01-22 09:48:11 +00:00
Asger Feldthaus
c257f6617f JS: Capitalize enum members in ScopeKind and TopLevelKind 2021-01-22 09:33:25 +00:00
Erik Krogh Kristensen
11f35a5193 Update javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-01-21 23:11:50 +01:00
Erik Krogh Kristensen
62746bbbac skip analyzing regular expressions in minified files for ReDoS 2021-01-21 22:31:42 +01:00
CodeQL CI
d0b70d15f0 Merge pull request #4996 from esbena/js/nodejs-client-request-event-emitter 
Approved by erik-krogh
 2021-01-21 12:37:00 -08:00
Esben Sparre Andreasen
cb25f2ab20 JS: add docstring with source examples 2021-01-21 20:46:34 +01:00
CodeQL CI
b83c949109 Merge pull request #4986 from erik-krogh/logInf 
Approved by esbena
 2021-01-21 06:02:50 -08:00
Asger Feldthaus
c29014f122 JS: Autoformat 2021-01-21 13:55:21 +00:00
Esben Sparre Andreasen
1c100bbbc2 JS: recognize event emitters in nodejs client requests 2021-01-21 14:14:00 +01:00
Asger Feldthaus
2f58683f2d JS: Remove PipeCallExpr 2021-01-21 12:12:17 +00:00
Asger Feldthaus
1d1149f4cd JS: Test and QLDoc for RxJS model 2021-01-21 12:08:22 +00:00
Asger Feldthaus
144d04f3ce JS: Add test exposing source location of attribute after line break 2021-01-21 11:25:39 +00:00
Asger Feldthaus
7c6704a63f JS: Shift line numbers in test case 2021-01-21 11:09:36 +00:00
Asger F
34280f90b0 Update QLDoc for getATemplateArgument 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-21 10:51:46 +00:00
Erik Krogh Kristensen
a9a901d1e2 add change note 2021-01-21 11:08:39 +01:00
Erik Krogh Kristensen
dafec3ceaa rename to AnalyzedCompoundNumericAssignExpr 2021-01-21 11:06:46 +01:00