hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Asger Feldthaus
ef52c46aed JS: Add spread step in TaintedObject 2020-12-07 10:16:37 +00:00
Asger Feldthaus
f0516dd9e0 JS: Address review comments 2020-12-04 09:07:44 +00:00
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen
3bad75dae5 better support for forms in js/xss-through-dom 2020-12-03 16:57:41 +01:00
Asger Feldthaus
757398f5fd JS: Add upgrade script and stats 2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44 JS: Add TemplateLiteralTypeExpr 2020-12-03 13:58:39 +00:00
Asger F
254072dd6d Merge pull request #4546 from toufik-airane/main 
JS: Add ElectronShellOpenExternalSink class for Electron framework security
 2020-12-03 13:20:46 +00:00
CodeQL CI
edbbc846d0 Merge pull request #4753 from max-schaefer/js/more-nosql-query-args 
Approved by asgerf, mchammer01
 2020-12-03 08:46:47 +00:00
Asger Feldthaus
412939d071 JS: Autoformat 2020-12-02 13:08:32 +00:00
Asger Feldthaus
5561e8f1f6 JS: Delete old query and update qhelp 2020-12-01 17:05:48 +00:00
Asger Feldthaus
1459d9197d JS: Adjust alert message for template sinks 2020-12-01 17:05:48 +00:00
Asger Feldthaus
8412a6bcbb JS: Add template injection sinks to js/code-injection 2020-12-01 17:05:48 +00:00
Erik Krogh Kristensen
c50951cbae add missing qldoc 2020-12-01 09:48:35 +01:00
Erik Krogh Kristensen
dea2eb5443 simplify the logging sink - using the new API-graph logging models 2020-12-01 09:18:40 +01:00
Erik Krogh Kristensen
6f29a877fa move logInjection out of experimental 2020-12-01 09:18:40 +01:00
Erik Krogh Kristensen
f6c358861c convert logging models to use API-graphs 2020-12-01 09:18:36 +01:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Erik Krogh Kristensen
46ca56458a introduce a printable state class 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
8a3e87fe42 remove unnecessary one-step inline 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
36b9f0254e performance improvements for suffix check in js/redos 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
fd0d5c9e46 add command parsing model for "commander" 2020-11-27 09:58:00 +00:00
Erik Krogh Kristensen
653ebf7668 add command parsing model for "dashdash" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
269de49196 add model for "meow" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
c5ac98d2e8 add command parsing model for command-line-args 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
f33cd8bc8e add command parsing model for argparse 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
45067ee651 add command parsing model for "arg" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
821b4be522 more accurately model command parsers that take process.argv as an argument 2020-11-27 09:56:50 +00:00
Jonas Jensen
ad4b2beafa Merge pull request #4727 from criemen/remove-abstract-classes 
C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.
 2020-11-27 08:17:21 +01:00
Erik Krogh Kristensen
f576144ec6 more pruning based on states being inside a repetition 2020-11-26 17:30:37 +01:00
Esben Sparre Andreasen
82e8114c0f Add security tag to js/angular/double-compilation 2020-11-26 10:39:19 +01:00
Cornelius Riemenschneider
3bfb398516 Autoformat XML.qll. 2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider
7eec988fb5 XML.qll: Remove abstract from class hierarchy. 2020-11-25 17:22:03 +01:00
Erik Krogh Kristensen
11d878b413 adjust comments to reflect the precission of the suffix search 2020-11-25 14:40:33 +01:00
Erik Krogh Kristensen
500b94b50e rename witness to pump 2020-11-25 13:57:21 +01:00
Erik Krogh Kristensen
e03c19b7fc only search prefixes/suffixes from the candidates that are used in the end 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
b8fabfa24e only construct prefix/suffix for regular expressions that has a pumpable state 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
a8944c8953 model accept states more accurately by adding an AcceptAny state, modelling $, and checking the existence of rejecting suffixes 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
d9ebb7b20e escape tabs 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
bcb2f2768d search for a prefix to the state that causes exponential backtracking 2020-11-25 13:57:20 +01:00
CodeQL CI
34ffcb5677 Merge pull request #4593 from asgerf/js/react-hot 
Approved by erik-krogh
 2020-11-25 12:01:38 +00:00
Erik Krogh Kristensen
94aa162f8d prune state-pairs that are outside a backtracking repetition 2020-11-24 20:18:45 +01:00
Erik Krogh Kristensen
f3c3b82827 move condition inside parens 2020-11-24 20:16:40 +01:00
Erik Krogh Kristensen
d1706e8048 reuse InfiniteRepetitionQuantifier from SuperLiniearBacktracking 2020-11-24 20:16:36 +01:00
CodeQL CI
395403789e Merge pull request #4585 from erik-krogh/moreReDoS 
Approved by asgerf
 2020-11-24 18:52:36 +00:00
CodeQL CI
4be158b362 Merge pull request #4708 from erik-krogh/emptyName 
Approved by asgerf
 2020-11-24 17:34:55 +00:00
CodeQL CI
8c68463e76 Merge pull request #4711 from erik-krogh/locType 
Approved by asgerf
 2020-11-24 13:10:32 +00:00
Erik Krogh Kristensen
f03429a4b8 change description for source root folder 2020-11-23 23:46:44 +01:00