codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	33465dbe6b	refactor `parameterPropRead` and `reachesReturn` to get a slight performance improvement	2020-10-26 16:49:49 +01:00
Erik Krogh Kristensen	0b41a59dbf	add support for imports into "outDir" from tsconfig.json	2020-10-25 22:51:21 +01:00
toufik-airane	7d2741a287	Add newline	2020-10-23 17:42:55 +02:00
toufik-airane	3ccdc2c518	Update ElectronShellOpenExternalSink location Move the class ElectronShellOpenExternalSink to ClientSideUrlRedirect.qll. It's been to be a more appropriate location.	2020-10-23 17:39:03 +02:00
toufik-airane	e87790b828	Add ElectronShellOpenExternalSink class Add ElectronShellOpenExternalSink class to detect untrusted input interpreted by `openExternal` function call in `electron` module. Based on the #14 Electron Security checklist: https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content	2020-10-23 15:41:03 +02:00
CodeQL CI	da58306f2d	Merge pull request #4506 from asgerf/js/separate-jquery-config Approved by esbena	2020-10-21 03:13:42 -07:00
CodeQL CI	9faf675f1f	Merge pull request #4486 from erik-krogh/lessTokens Approved by asgerf	2020-10-21 02:56:38 -07:00
CodeQL CI	897d8de65a	Merge pull request #4523 from erik-krogh/optionalPromise Approved by asgerf	2020-10-21 00:34:12 -07:00
Erik Krogh Kristensen	bdbc8f5c91	add support for OptionalUse in js/missing-await	2020-10-20 16:52:57 +02:00
CodeQL CI	7ea8652f49	Merge pull request #4521 from erik-krogh/moreMiddle Approved by asgerf	2020-10-20 07:14:14 -07:00
Erik Krogh Kristensen	e061c6a006	add support for more custom CSRF checking middlewares	2020-10-20 15:16:14 +02:00
CodeQL CI	d2282fc474	Merge pull request #4517 from erik-krogh/logAssign Approved by esbena	2020-10-20 05:24:49 -07:00
Asger Feldthaus	c91cdb5194	JS: Address review comments	2020-10-20 12:00:02 +01:00
CodeQL CI	8b084ffe22	Merge pull request #4518 from asgerf/js/fix-oom Approved by erik-krogh	2020-10-20 03:37:00 -07:00
Asger Feldthaus	50a015c73e	JS: Move $() sink into separate dataflow config	2020-10-20 10:52:33 +01:00
CodeQL CI	4cc7138784	Merge pull request #4507 from erik-krogh/template Approved by asgerf	2020-10-20 02:45:00 -07:00
Erik Krogh Kristensen	8c8cf4fc01	autoformat	2020-10-20 11:17:06 +02:00
Erik Krogh Kristensen	eb786078cb	support modern compund-assignment in js/implicit-operand-conversion	2020-10-20 10:40:47 +02:00
Erik Krogh Kristensen	f47fb5ebd8	switch extends around to match @assignlogandexpr and @assignlogorexpr correctly	2020-10-20 10:38:45 +02:00
Asger Feldthaus	78c85775e3	JS: Do not extend AdditionalTaintStep in the ldap library	2020-10-20 09:07:12 +01:00
CodeQL CI	4c5ecb4093	Merge pull request #4478 from erik-krogh/homegrownCsrf Approved by asgerf	2020-10-19 11:04:10 -07:00
CodeQL CI	502faa7d1c	Merge pull request #4494 from erik-krogh/callLimit Approved by asgerf	2020-10-19 11:03:25 -07:00
CodeQL CI	5ead4244fe	Merge pull request #4450 from asgerf/js/angular Approved by erik-krogh	2020-10-19 07:25:59 -07:00
Erik Krogh Kristensen	ce95676130	add express.csrf as an CSRF protecting middleware	2020-10-19 15:39:02 +02:00
CodeQL CI	d644a30b19	Merge pull request #4434 from erik-krogh/printAST Approved by asgerf	2020-10-19 04:42:42 -07:00
CodeQL CI	2e52cbeb4a	Merge pull request #4499 from max-schaefer/js/module_compile Approved by asgerf	2020-10-19 03:06:21 -07:00
Erik Krogh Kristensen	8f6165cd5f	print synthetic constructors in PrintAst.ql	2020-10-19 11:10:14 +02:00
Erik Krogh Kristensen	5b1ed97d68	Update javascript/ql/src/semmle/javascript/TypeScript.qll Co-authored-by: Asger F <asgerf@github.com>	2020-10-19 11:01:06 +02:00
Erik Krogh Kristensen	8c44392638	add local dataflow to js/template-syntax-in-string-literal	2020-10-19 10:58:40 +02:00
Max Schaefer	e1d90e90ad	JavaScript: Add modelling for `Module.prototype._compile`.	2020-10-19 09:42:17 +01:00
Erik Krogh Kristensen	8cf21e3b2b	autoformat	2020-10-16 16:56:35 +02:00
Erik Krogh Kristensen	27a2cd310d	inline `value` in `nodeLeadingToCsrfWrite`	2020-10-16 14:21:49 +02:00
Erik Krogh Kristensen	017c73dce3	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2020-10-16 14:20:40 +02:00
Erik Krogh Kristensen	c2338b218f	Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll Co-authored-by: Asger F <asgerf@github.com>	2020-10-16 14:12:36 +02:00
CodeQL CI	1d9b0ce059	Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths Approved by asgerf	2020-10-16 05:05:29 -07:00
Erik Krogh Kristensen	b3d5f9c4dd	support throttle like calls as partial calls	2020-10-16 13:33:02 +02:00
Asger Feldthaus	583f3d7fd9	JS: Also materialize labels in ZipSlip	2020-10-16 07:12:30 +01:00
Asger Feldthaus	4337c5adaf	JS: Workaround ascii PR check	2020-10-16 07:12:29 +01:00
Asger Feldthaus	b3d8b95433	JS: Autoformat	2020-10-16 07:12:29 +01:00
Asger Feldthaus	42fc4ff78c	JS: Don't create new flow labels in *Customizations.qll files	2020-10-16 07:12:29 +01:00
Asger Feldthaus	28b449226c	JS: Do not import UrlConcatenation from customizations libraries	2020-10-16 07:12:29 +01:00
Asger Feldthaus	afd82e202d	JS: Add Angular2 model	2020-10-16 07:12:29 +01:00
Erik Krogh Kristensen	9112d417e4	avoid using getFirstToken for sorting	2020-10-15 20:57:29 +02:00
Erik Krogh Kristensen	4d1a9740f0	add support for home made CSRF protection middlewares in js/missing-token-validation	2020-10-15 14:50:59 +02:00
Erik Krogh Kristensen	f9f29f53cf	remove locations where we have no exact location	2020-10-15 11:59:51 +02:00
Erik Krogh Kristensen	2bb8b78a29	remove "</>" from the end when printing HTML	2020-10-15 11:56:00 +02:00
Erik Krogh Kristensen	a019312953	improve printing of JS object literals	2020-10-15 11:47:45 +02:00
Erik Krogh Kristensen	ab7542c0d2	improve printing of JSON values	2020-10-15 11:05:22 +02:00
Erik Krogh Kristensen	1ebd49b0eb	remove location from "mapping i" print node	2020-10-15 10:51:34 +02:00
Erik Krogh Kristensen	3e2d266343	improve YAMLMapping printing	2020-10-15 10:49:37 +02:00

... 24 25 26 27 28 ...

5056 Commits