hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
Asger Feldthaus
4d6da19173 JS: Improve performance of getExceptionTarget 2020-05-06 07:59:04 +01:00
Asger Feldthaus
639f04386c JS: Avoid bad join ordering in ClosureModule 2020-05-06 07:59:04 +01:00
Asger Feldthaus
5f710bc881 JS: Move definition of getContainer() to a single rootdef 2020-05-06 07:59:04 +01:00
Erik Krogh Kristensen
52392f2a6d autoformat 2020-05-05 22:33:53 +02:00
monkey-junkie
560674b670 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:36:11 +03:00
monkey-junkie
758e85dd3e Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:34:57 +03:00
monkey-junkie
a8019705b5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:24 +03:00
monkey-junkie
0aaa8af3bd Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 15:24:10 +03:00
Esben Sparre Andreasen
99e5db407f JS: address review comments 2020-05-05 14:04:05 +02:00
Erik Krogh Kristensen
bffb12725b add test and change-note to prototype-polution 2020-05-05 13:49:11 +02:00
Erik Krogh Kristensen
3568439769 change getAnElementRead to getASubstringRead 2020-05-05 13:33:21 +02:00
Erik Krogh Kristensen
fe02137d0b change naming of StringSplitCall methods 2020-05-05 13:27:14 +02:00
Erik Krogh Kristensen
4a26c293c1 fix number of arguments for String.prototype.split 2020-05-05 13:22:35 +02:00
Erik Krogh Kristensen
f586639703 change getSplitAt to getSeparator 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-05-05 13:22:21 +02:00
monkey-junkie
056566ecc1 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:05:01 +03:00
monkey-junkie
3a4ea82ae2 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 12:02:46 +03:00
monkey-junkie
8310c96b97 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:59:06 +03:00
monkey-junkie
25df6e1664 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:49 +03:00
monkey-junkie
700a070a15 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjection.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:40 +03:00
monkey-junkie
d8fb552097 Update javascript/ql/src/experimental/Security/CWE-94/examples/ServerSideTemplateInjectionSafe.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 11:58:28 +03:00
Esben Sparre Andreasen
304b013f88 JS: query and tests for unsafe HTML expansion 2020-05-05 10:32:16 +02:00
Geoffrey White
a70f534458 Sync identical files. 2020-05-05 09:18:05 +01:00
Erik Krogh Kristensen
4dcf944ccd use StringSplitCall in TaintedPath 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
22ec12b130 use split("?")[0] sanitizer is both DomBasedXSS and ClientSideUrlRedirect 2020-05-05 09:13:21 +02:00
Erik Krogh Kristensen
89f45372d1 introduce StringSplitCall and use it 2020-05-05 09:13:15 +02:00
John Doe
337be9c2e0 ssti query and help updated 2020-05-05 03:58:29 +03:00
John Doe
09922e5bb4 Merge branch 'master' of github.com:monkey-junkie/codeql 2020-05-05 03:44:23 +03:00
John Doe
895aa622bf ssti updated 2020-05-05 03:37:43 +03:00
monkey-junkie
cd18842aa5 Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:58 +03:00
monkey-junkie
a60660617f Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-05 02:15:00 +03:00
Erik Krogh Kristensen
eb7e0d6a62 still flag single-expression files that contain a function 2020-05-04 18:37:26 +02:00
semmle-qlci
a805a63443 Merge pull request #3357 from erik-krogh/YetAnotherPerformancePatch 
Approved by asgerf, esbena
 2020-05-04 10:05:34 +01:00
semmle-qlci
a0800cecc4 Merge pull request #3386 from erik-krogh/lessJQueryChaining 
Approved by asgerf
 2020-05-04 09:16:17 +01:00
Erik Krogh Kristensen
c56063f857 recognize more split("?") sanitizers 2020-05-04 09:48:50 +02:00
Erik Krogh Kristensen
cee986fa76 skip expressions that are alone in a file for js/useless-expression 2020-05-04 09:08:41 +02:00
John Doe
68b57502f9 JS SSTI CWE-094 2020-05-03 02:42:45 +03:00
semmle-qlci
c66ec3c981 Merge pull request #3380 from asger-semmle/js/cache-amd 
Approved by erik-krogh
 2020-05-02 20:18:22 +01:00
Erik Krogh Kristensen
efbd74a4a4 remove more spurious jQuery objects by using externs 2020-05-01 18:54:32 +02:00
Erik Krogh Kristensen
2a1095abcc autoformat, and apply naming suggestion 2020-05-01 18:35:34 +02:00
Erik Krogh Kristensen
87365357ba remove spurious jQuery objects 2020-05-01 15:19:54 +02:00
Erik Krogh Kristensen
16823143dd refactor getAPropertyUsedInLoadStore 2020-05-01 09:58:11 +02:00
Erik Krogh Kristensen
1a42c9fd80 make predicates private 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-01 09:42:09 +02:00
semmle-qlci
2b055de4d6 Merge pull request #3154 from erik-krogh/ImplicitConv 
Approved by asgerf
 2020-04-29 16:05:19 +01:00
Erik Krogh Kristensen
2ef13ef6e8 cousing -> sibling 2020-04-29 14:30:03 +02:00
Erik Krogh Kristensen
8af08756b9 split store-steps into backwards and forwards, and prune even more. 2020-04-29 09:16:22 +02:00
Erik Krogh Kristensen
7aa421fd8a prune clearly infeasible store steps 2020-04-29 09:15:32 +02:00
Erik Krogh Kristensen
8cf71e59ce prune infeasible load steps 2020-04-29 09:13:49 +02:00
Erik Krogh Kristensen
435b5cf42d refactor how exploratoryFlowStep is used 2020-04-29 09:11:26 +02:00
Asger Feldthaus
9b014c36df JS: Avoid lots of unhelpful magic 2020-04-28 08:56:27 +01:00
Asger Feldthaus
a8283593a9 JS: Make PropWrite not depend on SourceNode 2020-04-28 08:56:27 +01:00