codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
CodeQL CI	36450a8998	Merge pull request #4338 from erik-krogh/nodejs-server-request-data Approved by asgerf	2020-10-01 06:00:17 -07:00
Chris Smowton	578ea1ae43	Fix OWASP broken links	2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen	4dec2171da	add http request server data as a RemoteFlowSource	2020-10-01 13:21:56 +02:00
CodeQL CI	0158e2ffef	Merge pull request #4374 from max-schaefer/js/api-graph Approved by erik-krogh	2020-10-01 03:33:45 -07:00
Erik Krogh Kristensen	75b9237b81	use Parameter instead of SimpleParameter in the AngularJS model	2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen	c675d72629	use Parameter instead of SimpleParameter in remaining route-handler models	2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen	f65ba11485	use Parameter instead of SimpleParameter in AMD.qll	2020-10-01 10:44:05 +02:00
Aditya Sharad	e712d16e7e	JavaScript: Track taint through RegExp.prototype.exec for URL redirection Regexp literals are currently handled, but not `RegExp` objects.	2020-09-30 15:13:02 -07:00
Erik Krogh Kristensen	bfb653a34a	rename getAReference to getAnImmediateUse	2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen	eb973b39fe	Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-09-30 15:12:17 +02:00
Erik Krogh Kristensen	d316cb512e	deprecate `exports` and replace uses with the new `getAnExportedValue`	2020-09-30 13:46:28 +02:00
Erik Krogh Kristensen	b24e959033	add `getAnInvocation` to the ApiGraphs API	2020-09-30 13:33:36 +02:00
Erik Krogh Kristensen	b720bfdd11	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2020-09-30 13:26:51 +02:00
Erik Krogh Kristensen	e0b25798ff	remove type-tracking from `getAReference`, and rewrite qldocs	2020-09-30 10:36:08 +02:00
Erik Krogh Kristensen	65441705ef	renamings based on review	2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen	c3f5a6dcac	introduce API::Node::getACall()	2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen	69f4ac25c4	renamings based on review	2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen	1596436f7e	rename getASourceUse to getAReference	2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen	3857331657	avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model	2020-09-29 17:08:09 +02:00
Erik Krogh Kristensen	deae9256dd	add convenience method to API graphs	2020-09-29 17:08:00 +02:00
CodeQL CI	d7add29dc2	Merge pull request #4359 from erik-krogh/cookieWrites Approved by esbena	2020-09-29 06:32:01 -07:00
CodeQL CI	910c19e613	Merge pull request #4348 from erik-krogh/needle Approved by esbena	2020-09-29 02:57:32 -07:00
CodeQL CI	11f39a9d88	Merge pull request #4342 from erik-krogh/track-where-prop Approved by asgerf	2020-09-29 02:09:53 -07:00
Erik Krogh Kristensen	52d94f6177	use `getABoundCallbackParameter` instead of `getCallback` and `getParameter`.	2020-09-29 10:12:46 +02:00
CodeQL CI	060c19a063	Merge pull request #4352 from erik-krogh/destructing-redirect Approved by esbena	2020-09-28 12:31:42 -07:00
Erik Krogh Kristensen	e04404b713	also recognize cookie writes are leading to cookie access	2020-09-28 21:17:25 +02:00
Max Schaefer	dfc4436012	JavaScript: Teach API graphs to recognise arguments supplied in partial function applications.	2020-09-28 17:52:57 +01:00
Esben Sparre Andreasen	c0a67a8d7b	JS: another CWE-20 -> CWE-020	2020-09-28 14:27:10 +02:00
CodeQL CI	75262ddace	Merge pull request #4328 from erik-krogh/indirect-fix2 Approved by esbena	2020-09-28 04:55:19 -07:00
Erik Krogh Kristensen	664342dd0f	change `SimpleParameter` to `Parameter` in the express model to support destructuring parameters	2020-09-26 21:31:06 +02:00
CodeQL CI	ea5feb2b0a	Merge pull request #4331 from erik-krogh/DVNA-files Approved by esbena	2020-09-25 05:21:03 -07:00
Erik Krogh Kristensen	6b9aea82ca	model method calls in the needle library	2020-09-25 14:13:31 +02:00
Erik Krogh Kristensen	a22ddb145b	model calls to needle	2020-09-25 13:53:22 +02:00
Esben Sparre Andreasen	ba0a2e1665	JS: tag consistency: replace cwe-20 with cwe-020	2020-09-25 10:28:05 +02:00
Erik Krogh Kristensen	b8154d41b1	type-track objects where the "$where" property has been written	2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen	83f0514475	add req.files as a RequestInputAccess in the Express model	2020-09-23 15:50:59 +02:00
Max Schaefer	dc7b447895	JavaScript: Make alert locations for command injection more precise.	2020-09-23 14:07:36 +01:00
Max Schaefer	439aadf0b6	JavaScript: Do even more type tracking in command injection.	2020-09-23 14:07:36 +01:00
Max Schaefer	ef18b39124	JavaScript: Fix use of type backtracker in `IndirectCommandArgument.qll`.	2020-09-23 14:07:36 +01:00
Erik Krogh Kristensen	ec2b3f0b6c	better join-order fix in HTTP	2020-09-22 21:02:26 +02:00
CodeQL CI	036a36a474	Merge pull request #4317 from max-schaefer/js/api-node-depth Approved by asgerf	2020-09-22 05:58:48 -07:00
Erik Krogh Kristensen	717ea2369c	Merge pull request #4311 from erik-krogh/indirect-fix JS: improve join-order for HTTP::isDecoratedCall	2020-09-22 14:35:50 +02:00
CodeQL CI	9a306866c5	Merge pull request #4282 from erik-krogh/es2021 Approved by esbena	2020-09-22 05:34:35 -07:00
Erik Krogh Kristensen	32b0f1b480	add code example to isDecoratedCall	2020-09-22 10:42:49 +02:00
Max Schaefer	dafd45f0f4	JavaScript: Add a few metric queries for API graphs.	2020-09-22 09:30:19 +01:00
Max Schaefer	46ba4a1fa8	JavaScript: Expose another useful predicate on API-graph nodes.	2020-09-22 09:30:12 +01:00
Erik Krogh Kristensen	ec49c444ef	Apply suggestions from code review Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-09-22 10:15:30 +02:00
Erik Krogh Kristensen	4243504c8b	improve join-order for HTTP::isDecoratedCall	2020-09-21 23:20:16 +02:00
Erik Krogh Kristensen	4bc91c4439	add support for Promise.any	2020-09-21 10:50:06 +02:00
Erik Krogh Kristensen	b09015380a	add support for String.prototype.replaceAll	2020-09-21 10:50:04 +02:00

... 26 27 28 29 30 ...

5056 Commits