hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

6736 Commits

Author SHA1 Message Date
Dave Bartolomeo
06783938d3 JavaScript: Rename sanity -> consistency 2020-05-11 13:46:12 -04:00
Asger F
86a774d912 Merge pull request #3394 from monkey-junkie/master 
JS SSTI CWE-094
 2020-05-11 15:06:17 +01:00
Erik Krogh Kristensen
970ddcac7b autoformat 2020-05-11 15:38:45 +02:00
Erik Krogh Kristensen
3ce60733cc add test case 2020-05-11 13:11:24 +02:00
Erik Krogh Kristensen
acb0f2e54f exclude "@babel/helpers - .." from js/unknown-directive 2020-05-11 12:42:18 +02:00
Erik Krogh Kristensen
f8de69156e inline basicFlowStep into flowStep 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen
87167900d1 deduplicate - and slightly optimize IndirectInclusionTest 2020-05-10 22:15:37 +02:00
Erik Krogh Kristensen
6d05b40d23 eliminate recursion from GuardControlFlowNode::dominates 2020-05-10 22:15:34 +02:00
Jason Reed
48e4079c64 JS: Refactor definitions query, add queries for ide search 
This enables jump-to-definition and find-references in the VS Code
extension, for javascript source archives.
 2020-05-07 12:44:36 -04:00
Erik Krogh Kristensen
945fe45b6f all split()[0] are safe for url-redirect 2020-05-07 10:55:17 +02:00
Erik Krogh Kristensen
a3fb13882b Merge branch 'master' into SplitFPs 2020-05-07 10:51:11 +02:00
monkey-junkie
4594aa470d Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 18:18:06 +03:00
semmle-qlci
b2f1008a00 Merge pull request #3420 from max-schaefer/js/fix-missing-triple-backtick 
Approved by asgerf
 2020-05-06 13:52:18 +01:00
Esben Sparre Andreasen
7cc3a5a242 JS: qhelp fixups 2020-05-06 14:46:34 +02:00
Esben Sparre Andreasen
69191577d6 JS: qhelp for js/unsafe-html-expansion 2020-05-06 14:03:27 +02:00
monkey-junkie
5ce9e0d0a2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 14:32:55 +03:00
Asger F
5725814774 Merge pull request #3403 from asger-semmle/js/getcontainer 
JS: Move getContainer to single rootdef (+fixes)
 2020-05-06 12:06:44 +01:00
Max Schaefer
9335a6cb79 JavaScript: Fix missing triple backtick in qldoc comment. 2020-05-06 11:40:00 +01:00
monkey-junkie
122354a81a Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 12:54:50 +03:00
Esben Sparre Andreasen
344f0c36b0 JS: update expected output 2020-05-06 11:18:14 +02:00
monkey-junkie
3314dd0614 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-06 11:17:41 +03:00
semmle-qlci
9210660ea0 Merge pull request #3401 from erik-krogh/jsonLike 
Approved by esbena
 2020-05-06 08:00:44 +01:00
Asger F
b2da4fe491 Update javascript/ql/src/semmle/javascript/internal/StmtContainers.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-06 07:59:04 +01:00
Asger Feldthaus
926e79d272 JS: Autoformat 2020-05-06 07:59:04 +01:00
Asger Feldthaus
f51e846439 JS: Fix ClosureModule implementation 2020-05-06 07:59:04 +01:00
Asger Feldthaus
0f870a4992 JS: Use TCapturedVariableNode as starting point of callInputStep 2020-05-06 07:59:04 +01:00
Asger Feldthaus
4d6da19173 JS: Improve performance of getExceptionTarget 2020-05-06 07:59:04 +01:00
Asger Feldthaus
639f04386c JS: Avoid bad join ordering in ClosureModule 2020-05-06 07:59:04 +01:00
Asger Feldthaus
e52e1b26c6 JS: Upgrade script 2020-05-06 07:59:04 +01:00
Asger Feldthaus
5f710bc881 JS: Move definition of getContainer() to a single rootdef 2020-05-06 07:59:04 +01:00
Erik Krogh Kristensen
52392f2a6d autoformat 2020-05-05 22:33:53 +02:00
monkey-junkie
560674b670 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:36:11 +03:00
monkey-junkie
758e85dd3e Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:34:57 +03:00
monkey-junkie
a8019705b5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:24 +03:00
monkey-junkie
0aaa8af3bd Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:10 +03:00
Esben Sparre Andreasen
99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Erik Krogh Kristensen
bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen
38db731e0b add change note and new test for js/incomplete-url-scheme-check 2020-05-05 13:38:27 +02:00
Erik Krogh Kristensen
3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen
8711a8744c update expected output 2020-05-05 13:27:32 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Erik Krogh Kristensen
4a26c293c1 fix number of arguments for String.prototype.split 2020-05-05 13:22:35 +02:00
Erik Krogh Kristensen
f586639703 change getSplitAt to getSeparator 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-05 13:22:21 +02:00
monkey-junkie
056566ecc1 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie
3a4ea82ae2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
monkey-junkie
8310c96b97 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00
monkey-junkie
25df6e1664 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:49 +03:00
monkey-junkie
700a070a15 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:40 +03:00
monkey-junkie
d8fb552097 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:28 +03:00
Esben Sparre Andreasen
304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00