hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
59f0a41665 support more regular expressions in js/incomplete-multi-character-sanitization 2021-08-17 15:10:20 +02:00
CodeQL CI
92804a3cc3 Merge pull request #6487 from erik-krogh/moreJquerySinks 
Approved by asgerf
 2021-08-17 11:46:24 +01:00
CodeQL CI
e3cdc4522e Merge pull request #6450 from asgerf/js/query-suffix-convention2 
Approved by erik-krogh
 2021-08-17 11:31:21 +01:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Erik Krogh Kristensen
cc2a267b07 recognize array elements from JQuery objects as DOM values 2021-08-16 22:35:57 +02:00
Erik Krogh Kristensen
46959234b7 Merge pull request #6288 from erik-krogh/emptyRedos 
JS/Python: Fix FP in redos related to empty lookaheads
 2021-08-16 13:48:22 +02:00
Asger Feldthaus
4923bda0f3 JS: Autoformat 2021-08-16 12:33:55 +02:00
Asger Feldthaus
a6c389698e JS: Fix DomBasedXssQuery.qll 2021-08-12 09:31:24 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
Asger Feldthaus
3a6da34454 JS: Add missing QLdoc 2021-08-12 09:30:43 +02:00
Asger Feldthaus
71930f93f1 JS: Fix cleartext logging 2021-08-12 09:30:43 +02:00
Asger Feldthaus
abb819ed88 JS: Fix insecure randomness 2021-08-12 09:30:43 +02:00
Asger Feldthaus
5638a33199 JS: Remove obsolete module prefix 2021-08-12 09:30:43 +02:00
Asger Feldthaus
f6da030572 JS: Migrate to *Query.qll convention 2021-08-12 09:30:18 +02:00
CodeQL CI
8fe2a43fd9 Merge pull request #6433 from asgerf/js/tainted-url-suffix 
Approved by erik-krogh
 2021-08-12 00:28:46 -07:00
Asger Feldthaus
2da40b8b07 JS: Fix some performance issues 2021-08-11 14:31:06 +02:00
Asger Feldthaus
74505544e9 JS: Remove unused getTemplateContentNode 2021-08-11 12:54:22 +02:00
Asger Feldthaus
5d2bc5e40b JS: Update stats file 2021-08-11 12:54:22 +02:00
Asger Feldthaus
65b44248f8 JS: Autoformat 2021-08-11 12:50:54 +02:00
Asger Feldthaus
308461a3e3 JS: Pass around base folder in file resolution 2021-08-11 12:50:54 +02:00
Asger Feldthaus
b36e9e0e54 JS: Filter out common string literal sinks 2021-08-11 12:50:53 +02:00
Asger Feldthaus
f563a015a4 JS: Recognize .njk extension in QL 2021-08-11 12:50:53 +02:00
Asger Feldthaus
e19b6c2c3b JS: Update taint step 2021-08-11 12:50:53 +02:00
Asger Feldthaus
13aa511364 JS: Support TemplatePlaceholderTag.getEnclosingExpr 
fixup! makeLocation
 2021-08-11 12:50:52 +02:00
Asger Feldthaus
14bada4bbe JS: Model consolidate and factor in template syntax from call site 2021-08-11 12:36:35 +02:00
Asger Feldthaus
425bd7abf9 JS: Model template instantiation from Fastify, Hapi, and Koa 2021-08-11 12:36:35 +02:00
Asger Feldthaus
266c10462e JS: More aggressive TemplateFileReference.getValue 2021-08-11 12:36:35 +02:00
Asger Feldthaus
bc73d9f431 JS: Support templates importing each other 2021-08-11 12:36:35 +02:00
Asger Feldthaus
bb80fdddbd JS: Handle leading ../ in template resolution 2021-08-11 12:36:35 +02:00
Asger Feldthaus
6954a9ac23 JS: Treat EJS-include calls as template instantiations 
JS: Fixup EJS include call (API node)
 2021-08-11 12:36:35 +02:00
Asger Feldthaus
248715c743 JS: Restrict FileAccessToHttp a bit 2021-08-11 12:36:35 +02:00
Asger Feldthaus
8a50d99f33 JS: Treat GeneratedCodeExpr as DirectEval in UnusedVariable.ql 2021-08-11 12:36:35 +02:00
Asger Feldthaus
623557ba39 JS: "this" in a template is not the global object 2021-08-11 12:36:35 +02:00
Asger Feldthaus
ee33c593e0 JS: Autoformat 2021-08-11 12:36:34 +02:00
Asger Feldthaus
0f27bffb05 JS: Add sinks for server-template tags in AngularJS templates 2021-08-11 12:36:34 +02:00
Asger Feldthaus
745f9b36e0 JS: Exclude non-code script tags 2021-08-11 12:36:34 +02:00
Asger Feldthaus
2412f530f9 JS: Add steps and sinks for pipes 2021-08-11 12:36:34 +02:00
Asger Feldthaus
23eeb49959 JS: Detect relevant templating syntax, and add sinks 2021-08-11 12:36:34 +02:00
Asger Feldthaus
f3b97f05c9 JS: Add steps to/from placeholder tags 2021-08-11 12:36:34 +02:00
Asger Feldthaus
f1c663b01b JS: Add steps from instantiation site to placeholder expr 2021-08-11 12:36:34 +02:00
Asger Feldthaus
5659a8a30f JS: Add template resolution logic 2021-08-11 12:36:34 +02:00
Asger Feldthaus
1474c0788b JS: Introduce TemplateInstantiation 2021-08-11 12:36:34 +02:00
Asger Feldthaus
8fe2d84d53 JS: Move template-related classes to Templating file 2021-08-11 12:36:34 +02:00
Asger Feldthaus
f26e94c0db JS: Rename to Angular-style template 2021-08-11 12:36:34 +02:00
Asger Feldthaus
8666bc1894 JS: Extract placeholders in HTML 2021-08-11 12:36:31 +02:00
Erik Krogh Kristensen
01a202fa10 fix cfg and dataflow for logical compound assignments 2021-08-10 12:17:59 +02:00
Asger Feldthaus
a7cdf532fa JS: Parse mustache-style tags as expressions 2021-08-10 12:15:43 +02:00
Asger Feldthaus
a3e56dea5e JS: Factor out StringOps::substringMethodName 2021-08-10 08:55:04 +02:00
Asger Feldthaus
1074d409fb JS: Autoformat 2021-08-10 08:55:03 +02:00
Asger Feldthaus
4efea4316e JS: Use TaintedUrlSuffix flow label in jQuery xss 2021-08-10 08:55:03 +02:00