hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

1095 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
44db920f10 refactor, cleanup, and improvements in experimental cookie queries 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
9b5ff66b68 naively port tests from ldap examples 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
8569d261f7 add test 2021-09-13 20:43:31 +02:00
CodeQL CI
cd26d97dd7 Merge pull request #6549 from erik-krogh/moreDom 
Approved by asgerf
 2021-09-08 05:10:47 -07:00
Erik Krogh Kristensen
cecb6c7bdd add model for live-server 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
81742528a2 add test 2021-08-27 10:04:39 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Erik Krogh Kristensen
9c2d83e82b add tests 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
6d06550f7d update expected output 2021-08-17 15:10:30 +02:00
CodeQL CI
92804a3cc3 Merge pull request #6487 from erik-krogh/moreJquerySinks 
Approved by asgerf
 2021-08-17 11:46:24 +01:00
Erik Krogh Kristensen
cc2a267b07 recognize array elements from JQuery objects as DOM values 2021-08-16 22:35:57 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
178d3de824 Merge branch 'main' into logs 2021-07-16 11:21:25 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
CodeQL CI
c1d0e52492 Merge pull request #6286 from erik-krogh/mkdirp 
Approved by asgerf
 2021-07-16 02:11:07 -07:00
CodeQL CI
6c2c51a767 Merge pull request #6287 from erik-krogh/react-tooltip 
Approved by asgerf
 2021-07-16 02:10:36 -07:00
CodeQL CI
d4fa1f7d96 Merge pull request #6295 from erik-krogh/sort-keys 
Approved by asgerf
 2021-07-16 02:09:47 -07:00
CodeQL CI
520337577b Merge pull request #6298 from erik-krogh/ansi-to-html 
Approved by asgerf
 2021-07-16 02:09:03 -07:00
CodeQL CI
b14139f3a0 Merge pull request #6261 from max-schaefer/js/module-constructor 
Approved by asgerf
 2021-07-16 00:28:30 -07:00
Erik Krogh Kristensen
28b98c1bfa update expected output 2021-07-15 15:51:01 +02:00
Erik Krogh Kristensen
ae2fc7171b add a taint step through the ansi-to-html library 2021-07-15 14:04:16 +02:00
Erik Krogh Kristensen
aaa8969537 add sort-keys as a clone call 2021-07-15 13:16:17 +02:00
Erik Krogh Kristensen
22dfe84ee8 add xss sink for react-tooltip 2021-07-14 20:03:50 +02:00
Erik Krogh Kristensen
14b26f2a68 add mkdirp as a sink for tainted-path 2021-07-14 19:32:22 +02:00
Erik Krogh Kristensen
f462c9bb76 add taint through the parseqs library 2021-07-14 17:22:35 +02:00
Erik Krogh Kristensen
bec1818fc7 add taint through the normalize-url library 2021-07-14 17:15:14 +02:00
Erik Krogh Kristensen
193ddfc771 add taint through the qs library 2021-07-14 16:56:51 +02:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
CodeQL CI
9d59cba644 Merge pull request #6262 from erik-krogh/slash 
Approved by asgerf
 2021-07-13 05:44:55 -07:00
Erik Krogh Kristensen
e13d53f001 support pino logging calls on request objects 2021-07-13 14:32:50 +02:00
Erik Krogh Kristensen
cce15bed1d add basic support for the pino library 2021-07-13 14:00:01 +02:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Max Schaefer
ce24215dd5 JavaScript: Improve modelling of Module.prototype._compile sink. 2021-07-12 15:32:21 +01:00
Erik Krogh Kristensen
23c3be6860 add support for the json-cycle library 2021-07-12 11:03:39 +02:00
Erik Krogh Kristensen
94cbc4b2c0 add step through the fclone library 2021-07-12 10:51:43 +02:00
Erik Krogh Kristensen
1792c9a611 add taint step through the prettyjson library 2021-07-12 10:51:43 +02:00
Esben Sparre Andreasen
85b9003af4 JS: add Mootools XSS sinks 2021-07-01 09:17:27 +02:00
CodeQL CI
c02c96369d Merge pull request #6139 from erik-krogh/colors 
Approved by esbena
 2021-06-23 14:02:17 -07:00
CodeQL CI
b66f4cb965 Merge pull request #6134 from erik-krogh/templates 
Approved by asgerf, esbena
 2021-06-23 05:09:23 -07:00