hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

281 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
d4de5e3248 refactoring and renamings in the ldap model 2021-10-01 09:01:14 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
2b286a856c naively move ldap into the SQL injection query 2021-10-01 09:00:10 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
8d556ed1e1 Update python/ql/lib/semmle/python/security/BadTagFilterQuery.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-28 23:04:28 +02:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Erik Krogh Kristensen
805d1d170c do not filter away regular expressions with lookbehinds 2021-09-22 17:14:29 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
c40ffab093 make isStartState public in ReDoSUtil 2021-09-21 12:14:21 +02:00
Erik Krogh Kristensen
672e4a3d72 cache TopLevel::isMinified 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
60993214d5 cache isInterpretedAsRegExp 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
5c73fed83a fix dbsheme upgrade from TypeScript 4.4 PR 2021-09-15 22:38:27 +02:00
CodeQL CI
b228398b87 Merge pull request #6587 from erik-krogh/ts44 
Approved by asgerf
 2021-09-15 04:00:13 -07:00
Erik Krogh Kristensen
cf149bd8c8 add static_initializer as a stmt_parent 2021-09-15 11:54:30 +02:00
Erik Krogh Kristensen
0b83d033d7 add @static_initializer in the stats file 2021-09-15 11:33:05 +02:00
Erik Krogh Kristensen
5a7785776c add upgrade script 2021-09-14 20:43:07 +02:00
Erik Krogh Kristensen
48b763c7e9 add qldoc to StaticInitializer::getBody 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
e3ed6c2523 refactor StaticInitializer into it's own class 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
ffd51e725f add getter for static initializer blocks 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
3b6c8c5191 Merge branch 'main' into clipBoard 2021-09-14 20:21:37 +02:00
Tom Hvitved
63e28c57cd JavaScript: Drop redundant columns from files and folders relations 2021-09-14 10:25:37 +02:00
Erik Krogh Kristensen
8e98dcefb1 add clipboard data as a RemoteFlowSource 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
3983aceb48 recognize types of the form "HTML%Element" as dom values 2021-09-13 20:43:31 +02:00
Erik Krogh Kristensen
05cc6bcf8a adjust regexp libraries to how unpaired surrogate are parsed now 2021-09-13 14:02:05 +01:00
CodeQL CI
e8fc3c8ead Merge pull request #5888 from erik-krogh/casting 
Approved by asgerf
 2021-09-10 09:11:39 -07:00
CodeQL CI
27f2d417c1 Merge pull request #6652 from asgerf/js/type-tracking-through-callback 
Approved by erik-krogh
 2021-09-10 04:11:14 -07:00
Erik Krogh Kristensen
a756ffa3a6 use the new instanceof syntax for NodeJSClientRequest 2021-09-10 09:30:37 +02:00
CodeQL CI
cd26d97dd7 Merge pull request #6549 from erik-krogh/moreDom 
Approved by asgerf
 2021-09-08 05:10:47 -07:00
Asger Feldthaus
db1de18cc2 JS: Support transitive callback-passing 2021-09-08 13:08:16 +02:00
Asger Feldthaus
ceaf2b3727 JS: Rename FlowSteps::callback -> exploratoryCallbackStep 2021-09-08 13:08:12 +02:00
Asger Feldthaus
7c94dd94e9 JS: Add type-tracking steps through callback args 2021-09-08 13:08:05 +02:00
CodeQL CI
5b229e9392 Merge pull request #6574 from asgerf/js/vue-api-graphs 
Approved by erik-krogh
 2021-09-07 05:53:30 -07:00
Erik Krogh Kristensen
85e1c87d14 use the new non-extending-subtypes syntax 2021-09-06 11:19:50 +02:00
Erik Krogh Kristensen
8d4af3ad81 convert field based range pattern to casting based range pattern 2021-09-06 11:05:23 +02:00
Asger Feldthaus
7149ad8ac4 JS: Also mark uses of the exports object as an export in PackageExports 2021-09-03 13:35:30 +02:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Erik Krogh Kristensen
1ad204d89e make after and TState private in ReDoSUtil 2021-09-02 09:15:43 +02:00
Asger Feldthaus
cc838326e1 JS: Remove old bulk export access getAnExportedModule 2021-09-01 13:28:54 +02:00
Asger Feldthaus
7daa6481e3 JS: Check property name in NodeJSModule.getABulkExportedNode 2021-09-01 13:25:14 +02:00
Asger Feldthaus
4b1f918feb JS: Extend getABulkExportedNode and use it in PackageExports 2021-09-01 13:24:23 +02:00
Asger Feldthaus
cce3c0256e JS: Update some comments in Vue 2021-09-01 13:04:40 +02:00
Erik Krogh Kristensen
537450606e use a consistent comment about the ignore case flag 2021-09-01 12:46:50 +02:00
Erik Krogh Kristensen
ff74fe1e03 rename hasChildThatMatchesIgnoringCasing to hasChildThatMatchesIgnoringCasingFlags 2021-09-01 12:45:20 +02:00
Erik Krogh Kristensen
75a3f34e86 use if-else in ReDoSUtil::getCanonicalizationFlags 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 12:44:02 +02:00
Erik Krogh Kristensen
f8d46677b9 add RequestExpr as an alias to NodeJSLib::RequestExpr in Connect.qll 2021-09-01 10:11:05 +02:00
Erik Krogh Kristensen
98d018ce26 remove redundant extends clause 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-09-01 10:09:40 +02:00
Erik Krogh Kristensen
28dce6e95a fix non-monotonic recursion in js/missing-rate-limiting 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
cecb6c7bdd add model for live-server 2021-08-31 14:23:23 +02:00