hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

6736 Commits

Author SHA1 Message Date
CodeQL CI
ac94869978 Merge pull request #3978 from dellalibera/js/insecure-cookies 
Approved by esbena
 2020-08-28 08:31:38 +01:00
Asger Feldthaus
e7a0bc6be6 JS: Lower precision of ambiguous HTML ID attribute 2020-08-27 15:51:34 +01:00
Esben Sparre Andreasen
9aa1404646 JS: fix formatting of InsecureCookie.qll 2020-08-27 09:44:45 +02:00
Esben Sparre Andreasen
67278d9c93 Merge pull request #4141 from esbena/js/clarify-sanitization 
JS: make sanitization a "common" technique rather than "important"
 2020-08-27 08:08:17 +02:00
ubuntu
736f76b685 Simplify getQueryCall 2020-08-27 02:12:17 +02:00
ubuntu
30e7f958a8 Highlight API call 2020-08-27 01:42:16 +02:00
ubuntu
7eeec0d765 Correct typo example 2020-08-27 01:07:13 +02:00
ubuntu
cbe879ae73 Correct typo examples 2020-08-27 01:05:49 +02:00
ubuntu
68ff480892 Update .qhelp 2020-08-27 00:51:08 +02:00
ubuntu
13f443d2c3 Update getLdapjsClientDNMethodName 2020-08-27 00:48:29 +02:00
Alessio Della Libera
616113aeff Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-27 00:47:29 +02:00
ubuntu
94bd9c6d3e Rename LdapjsDN to LdapjsDNArgument and add it as Sink 2020-08-27 00:43:38 +02:00
ubuntu
7d36b3b4d2 Correct typo 2020-08-27 00:26:54 +02:00
ubuntu
2305a642eb Correct typo 2020-08-27 00:24:50 +02:00
Alessio Della Libera
23287aacee Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-27 00:17:55 +02:00
Alessio Della Libera
f12ac8ca60 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-27 00:17:33 +02:00
ubuntu
cd1d50b637 Update expected output 2020-08-26 23:50:15 +02:00
Alessio Della Libera
dcf51c75e9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 23:33:52 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Erik Krogh Kristensen
61427393be add qldoc to Generators.qll file 2020-08-26 09:11:39 +02:00
Alessio Della Libera
57f3c73d3d Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-26 02:08:31 +02:00
Alessio Della Libera
6979c394fe Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-26 02:08:18 +02:00
Alessio Della Libera
355c7bc3b5 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-26 02:08:08 +02:00
Alessio Della Libera
e027c8cc13 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:48:05 +02:00
Alessio Della Libera
a1f64e26cf Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:47:52 +02:00
Alessio Della Libera
3bd7615a75 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:47:37 +02:00
Alessio Della Libera
57cf447188 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 01:46:59 +02:00
Erik Krogh Kristensen
e6bfffaed3 update basic-block on ExceptionalFunctionReturnNode and FunctionReturnNode 2020-08-25 20:09:41 +02:00
Erik Krogh Kristensen
840f30f7bc add basic-block test to dataflow tests 2020-08-25 20:09:36 +02:00
Erik Krogh Kristensen
90422fe705 add support for delegating yield 2020-08-25 20:05:53 +02:00
Erik Krogh Kristensen
6a07e1e82b add more passing tests 2020-08-25 20:04:35 +02:00
Erik Krogh Kristensen
afaaea8922 support basic generators 2020-08-25 20:04:30 +02:00
Erik Krogh Kristensen
592ed8a3a1 remove ordinary return flow from generator functions 2020-08-25 14:02:57 +02:00
CodeQL CI
722b1a24f6 Merge pull request #4087 from erik-krogh/thisJsx 
Approved by asgerf
 2020-08-25 10:20:32 +01:00
CodeQL CI
844abc51e8 Merge pull request #4108 from erik-krogh/packType 
Approved by asgerf
 2020-08-25 10:17:28 +01:00
Erik Krogh Kristensen
b0d4e79653 split out trap tests to avoid "package.json" naming conflict in trap test 2020-08-24 21:36:34 +02:00
ubuntu
22f5ae4ad4 Format code 2020-08-24 18:53:37 +02:00
CodeQL CI
e2c6a01c00 Merge pull request #4097 from erik-krogh/createRequire 
Approved by esbena
 2020-08-24 15:57:10 +01:00
Erik Krogh Kristensen
309346841a Merge branch 'main' into packType 2020-08-24 12:44:24 +02:00
Erik Krogh Kristensen
5acfd92e0f bump the extractor version 2020-08-24 12:42:19 +02:00
Erik Krogh Kristensen
d633410e3c make the extractor not crash on invalid "package.json" files 2020-08-24 12:42:08 +02:00
Erik Krogh Kristensen
eb84f97e7f Merge branch 'main' into ts4 2020-08-24 12:20:48 +02:00
ubuntu
3e97ec85b2 Add CodeQL to detect LDAP Injection in JS 2020-08-23 15:24:29 +02:00
Erik Krogh Kristensen
db57f3661e Merge branch 'main' into ts4 2020-08-21 15:08:30 +02:00
Erik Krogh Kristensen
65a1769d43 Merge branch 'main' into asyncCalls 2020-08-21 14:58:27 +02:00
Erik Krogh Kristensen
1b655f9046 use threadsafe cache stored in ExtractorState 2020-08-21 14:45:24 +02:00
Erik Krogh Kristensen
7aca84cd45 search directly for "package.json" instead of iterating through the files in a folder 2020-08-21 14:31:49 +02:00
Erik Krogh Kristensen
3f0f2c796c pass extension instead of locationManager to isAlways*Module 2020-08-21 14:27:47 +02:00
Erik Krogh Kristensen
bbbb0a2c5e specialize module.createRequire support to ES2015 modules 2020-08-21 14:14:05 +02:00