hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

5056 Commits

Author SHA1 Message Date
CodeQL CI
6279c67949 Merge pull request #5901 from erik-krogh/regFP 
Approved by asgerf
 2021-06-08 04:14:06 -07:00
Erik Krogh Kristensen
4b98af0c2b fix typo in prettier qldoc 
Co-authored-by: Asger F <asgerf@github.com>
 2021-06-08 13:13:33 +02:00
Erik Krogh Kristensen
ba6d504746 fix typo in SerializeJavascriptSanitizer qldoc 2021-06-08 13:12:23 +02:00
Erik Krogh Kristensen
8b4c3c4462 refactor ValidationCall back to a CallNode 2021-06-08 11:18:49 +02:00
CodeQL CI
561c8d0e1a Merge pull request #6033 from erik-krogh/serverlessLib 
Approved by asgerf
 2021-06-08 01:44:40 -07:00
CodeQL CI
95b591d72b Merge pull request #6025 from erik-krogh/serve 
Approved by asgerf
 2021-06-08 01:42:38 -07:00
Erik Krogh Kristensen
b1d7c61d8e add missing qldoc 2021-06-08 09:56:32 +02:00
Erik Krogh Kristensen
1ad08677c2 model serve-handler in js/exposure-of-private-files 2021-06-08 09:52:56 +02:00
Erik Krogh Kristensen
be7abede22 add model for the joi library 2021-06-07 20:04:17 +02:00
Erik Krogh Kristensen
bcf08e6472 add remote flow source for the serverless library 2021-06-07 17:19:19 +02:00
Asger Feldthaus
4cf3c11e83 JS: Add lines of user code summary query 2021-06-07 16:41:59 +02:00
Erik Krogh Kristensen
a63b0b28d4 refactor the history library model, add support for the global variable 2021-06-07 15:42:13 +02:00
Erik Krogh Kristensen
5419143e72 remove createHashHistory from the history sink 2021-06-07 15:24:59 +02:00
Erik Krogh Kristensen
0adc001df0 add taint-step for serialize-javascript 2021-06-06 22:48:53 +02:00
Erik Krogh Kristensen
dd2fe2a489 add the resolve library as a sink to js/path-injection 2021-06-06 22:04:32 +02:00
Erik Krogh Kristensen
46f90006c2 add model for whatwg-fetch 2021-06-04 13:13:13 +02:00
Erik Krogh Kristensen
608a0314df add location reads from the history libary as client-side remote flow 2021-06-03 12:33:25 +02:00
Erik Krogh Kristensen
e543c6c665 add a js/client-side-unvalidated-url-redirection sink for the history library 2021-06-03 12:23:05 +02:00
CodeQL CI
ffad65be40 Merge pull request #5993 from erik-krogh/lib-debug 
Approved by esbena
 2021-06-03 01:38:57 -07:00
CodeQL CI
60fb1a3b59 Merge pull request #5995 from erik-krogh/webpack-merge 
Approved by esbena
 2021-06-03 01:38:08 -07:00
CodeQL CI
7663095b57 Merge pull request #5948 from erik-krogh/fixRandom 
Approved by esbena
 2021-06-03 01:37:23 -07:00
Erik Krogh Kristensen
48ab630559 model webpack-merge as an extend call 2021-06-02 23:43:53 +02:00
Erik Krogh Kristensen
185811ee22 make MongooseFunction abstract 2021-06-02 23:23:30 +02:00
Erik Krogh Kristensen
431c995131 add support for the debug library 2021-06-02 23:11:15 +02:00
Erik Krogh Kristensen
1e19da155c move TaintedPath sink into TaintedPathCustomizations to avoid side-effects 2021-06-02 21:25:48 +02:00
Erik Krogh Kristensen
788c5ba701 add support for the prettier API 2021-06-02 15:33:08 +02:00
Ishaq Mohammed
96150a455d Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a Adding reference link for csurf 2021-06-01 13:41:25 +05:30
Erik Krogh Kristensen
c70651b6fe always have arrayLikeElement as TypeTracking properties 2021-05-25 11:48:54 +02:00
CodeQL CI
131c08e436 Merge pull request #5939 from max-schaefer/js/set-constructor-args 
Approved by esbena
 2021-05-21 05:02:27 -07:00
Max Schaefer
6e34784fc5 Add new experimental query MultipleArgumentsToSetConstructor. 2021-05-21 09:54:41 +01:00
CodeQL CI
9bdfdb02d3 Merge pull request #5916 from erik-krogh/scriptSink 
Approved by esbena
 2021-05-19 03:46:17 -07:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00
Erik Krogh Kristensen
06514a2bb6 move clone model to Extend.qll 2021-05-18 13:16:41 +02:00
Erik Krogh Kristensen
1435ac715a add support for the clone library 2021-05-18 12:46:34 +02:00
Erik Krogh Kristensen
cac0ab299b add writes to textContent on a <script /> as a sink for code-injection 2021-05-18 10:25:25 +02:00
CodeQL CI
12b1bbe484 Merge pull request #5897 from erik-krogh/uid 
Approved by RasmusWL, esbena
 2021-05-17 06:01:04 -07:00
Robin Neatherway
17b74319fa Merge pull request #5902 from github/rneatherway/lines-of-code-tags 
Add lines-of-code tags
 2021-05-14 17:16:50 +01:00
Erik Krogh Kristensen
3766678d60 move RegexpMetaChars into Regexp.qll 2021-05-14 13:23:36 +02:00
CodeQL CI
af0d31695a Merge pull request #5862 from asgerf/js/has-underlying-type 
Approved by erik-krogh, max-schaefer
 2021-05-14 04:10:43 -07:00
Robin Neatherway
f378513ea3 Add lines-of-code tags 
This is a proposed method for advertising which queries are measuring
the lines of code in a project in a more robust manner than inspecting
the rule id.

Note that the python "LinesOfUserCode" query should _not_ have this
property, as otherwise the results of the two queries will be summed.
 2021-05-14 11:20:43 +01:00
Erik Krogh Kristensen
33641c84f6 recognize sanitizing string replace call for regexp-injection 2021-05-14 11:58:27 +02:00
Erik Krogh Kristensen
9d60ec035f fix casing on the uid regexp 2021-05-13 23:04:30 +02:00
Erik Krogh Kristensen
51067af784 add "uid" (and friends) as maybe being sensitive account info 2021-05-13 22:34:10 +02:00
CodeQL CI
9b0c24abc2 Merge pull request #5876 from erik-krogh/moreAxios 
Approved by asgerf
 2021-05-13 08:03:33 -07:00
Erik Krogh Kristensen
34fbafafde remove redundant "put" case 2021-05-12 22:34:44 +02:00
Erik Krogh Kristensen
e0f78dde56 make the axios error catch match the non-error case 2021-05-12 16:23:37 +02:00
CodeQL CI
922b276fac Merge pull request #5728 from asgerf/js/source-sink-queries 
Approved by erik-krogh
 2021-05-11 05:04:47 -07:00
yoff
a7f97895ac Merge pull request #5863 from erik-krogh/printReg 
JS: add printAst.ql support for regular expressions
 2021-05-11 12:45:49 +02:00
yoff
549c9eee1a Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00