codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	c66d29998e	update test output for additional DatabaseAccesses	2021-12-13 13:42:28 +01:00
Erik Krogh Kristensen	6a9277b5ce	recognize string sanitizers for ldap-injection	2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen	2062afc868	add calls to parseDN as sinks for ldap-injection	2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen	c55b7bcd85	model ldap filters as taint steps	2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen	9b5ff66b68	naively port tests from ldap examples	2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen	416c986cbc	add support for graphql in `@actions/github`	2021-06-15 09:43:11 +02:00
Erik Krogh Kristensen	50d574d20d	add graphql injection to the sql-injection query	2021-06-10 21:01:54 +02:00
Erik Krogh Kristensen	be7abede22	add model for the `joi` library	2021-06-07 20:04:17 +02:00
Asger Feldthaus	67ad6d9a0f	JS: Update test output	2021-03-29 15:30:29 +01:00
Asger Feldthaus	49ca88957c	JS: Use types	2021-03-29 12:25:15 +01:00
Asger Feldthaus	603843e698	JS: Add task tests	2021-03-29 12:05:47 +01:00
Asger Feldthaus	149af57eac	JS: Add model of pg-promise	2021-03-29 11:25:28 +01:00
Asger Feldthaus	b978359803	JS: Add schema validation as TaintedObject sanitizer	2021-03-02 12:39:04 +00:00
Max Schaefer	978d2db252	JavaScript: Add models for more Mongoose methods.	2020-11-30 16:32:13 +00:00
Erik Krogh Kristensen	bce06d3194	add test that promisify is not imprecise	2020-10-28 11:59:03 +01:00
Erik Krogh Kristensen	2e514c4d7b	add model for Node Redis	2020-10-28 09:52:54 +01:00
Erik Krogh Kristensen	abdbe92720	refactor the NoSQL model to use API graphs	2020-10-02 10:42:49 +02:00
CodeQL CI	a4f8b19ae4	Merge pull request #3876 from erik-krogh/CWE078-Correctness Approved by esbena	2020-08-03 15:38:51 +01:00
Erik Krogh Kristensen	442ee8d1cc	add consistency-checking for CWE-089	2020-07-06 19:02:50 +02:00
Erik Krogh Kristensen	3157cd724d	add noSQL tests for type-tracking req.query	2020-07-01 11:45:09 +02:00
Esben Sparre Andreasen	20cf04442c	JS: model marsdb and minimongo	2020-05-13 08:28:59 +02:00
Esben Sparre Andreasen	833d1b1ab0	JS: fixup mongoose test	2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen	9d9926fdbf	JS: model Mongoose Document for additional js/nosql-injection sinks	2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen	55ab519fbe	JS: add Mongoose Document tests	2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen	dc27a8f52c	JS: model mongoose Model on createConnection.<model/models>	2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen	730396df12	JS: add Mongoose createConnection tests	2020-03-16 22:11:22 +01:00
Esben Sparre Andreasen	5c8800a1c7	JS: make autoformatter happy	2020-03-10 13:11:31 +01:00
Esben Sparre Andreasen	dbeb216af0	JS: make use of TypeScript types for mongoose Model and Query	2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen	aae92ad795	JS: add test for DatabaseAccess	2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen	6b9bd8bd97	JS: adjust tests slightly to also support DatabaseAccess testing	2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen	7a2faa0b6b	JS: add additional mongoose and mongodb js/nosql-injection sinks	2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen	f24f03e1f8	JS: add mongodb .connect tests	2020-03-10 09:57:45 +01:00
Esben Sparre Andreasen	21e6e69f22	JS: support mongodb v3 (minimally) https://github.com/github/codeql-javascript-team/issues/79	2020-03-10 09:57:45 +01:00
Max Schaefer	8fdf6298b9	JavaScript: Remove `--platform node` extractor options.	2019-11-06 13:01:28 +00:00
Max Schaefer	3e92d0ffb5	JavaScript: Remove redundant `--experimental` extractor options.	2019-11-05 15:59:24 +00:00
Max Schaefer	b42026a90a	JavaScript: Update expected output.	2019-10-29 15:36:24 +00:00
Max Schaefer	6964945c74	JavaScript: Restrict `edges` to only contain `nodes`.	2019-10-29 15:03:52 +00:00
Asger F	ad5abc61cc	JS: Move typed test into separate test	2019-09-09 15:35:26 +01:00
Asger F	ea446f2aa1	JS: Use type info in mongodb/mongoose model	2019-09-09 15:35:26 +01:00
Asger F	8e397ad203	JS: Use type tracking in mongodb/mongoose model	2019-09-09 15:35:23 +01:00
Asger F	50a77ea843	JS: update test expectations	2019-03-06 08:41:03 +00:00
Max Schaefer	739705865b	JavaScript: Add basic model of socket.io.	2019-02-26 15:53:29 +00:00
Max Schaefer	9221b62ded	JavaScript: Update expectd test output for security path queries to include `nodes` and `edges` query predicates.	2018-11-14 09:32:31 +00:00
Asger F	9b10254cd4	JS: support label-specific sanitizer guards	2018-10-10 18:27:14 +01:00
Asger F	5e720486d5	JS: recognize req.query.x as deep object taint	2018-10-10 17:15:56 +01:00
Asger F	d72d7345b8	JS: make NosqlInjection use object taint	2018-10-10 17:05:59 +01:00
Asger F	74f115fa40	JS: add test case	2018-10-10 10:46:40 +01:00
Asger F	156b94e436	JavaScript: Add model of JSON parsers	2018-08-03 15:27:35 +01:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00

49 Commits