hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

1112 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
0c9c9bbde7 detect library input when the arguments object is converted to an array 2021-10-27 20:37:41 +02:00
Erik Krogh Kristensen
d1238dfd8b update alert message to distinguish between library input and remote flow 2021-10-27 20:35:38 +02:00
Erik Krogh Kristensen
6e183af383 ignore test files for the `prototypeLessObject' predicate 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
e94b0f5913 recognize inclusion based sanitizers for js/prototype-polluting-assignment 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
2a808b2cd6 track taint through string coercions for js/prototype-polluting-assignment 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
2d65aa17db recognize exported functions that use the arguments object 2021-10-27 20:35:37 +02:00
Erik Krogh Kristensen
78774233c7 add library input as source to js/prototype-polluting-assignment 2021-10-27 20:35:36 +02:00
Erik Krogh Kristensen
038438edca assume that setting the secure/httpOnly flag to some unknown value is good 2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen
311df4d2b7 add test for the cookie npm package 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
834d5ec6ad add session{key,id} as sensitive info 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
1e1e549847 update tests so it's clear which cookies are insecure 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
283b8231cb add more cookie models 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
2cb3d2c53f documentation overhaul on client-exposed-cookie (and restricting it to server-side) 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
ab23ffff3d documentation overhaul for clear-text-cookie 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
f36accf3e6 only report clear-text cookies for sensitive cookies 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
53b4337795 combine test files 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
6858acc6a9 port experimental cookie models to non-experimental 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
44db920f10 refactor, cleanup, and improvements in experimental cookie queries 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
9b5ff66b68 naively port tests from ldap examples 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
8569d261f7 add test 2021-09-13 20:43:31 +02:00
CodeQL CI
cd26d97dd7 Merge pull request #6549 from erik-krogh/moreDom 
Approved by asgerf
 2021-09-08 05:10:47 -07:00
Erik Krogh Kristensen
cecb6c7bdd add model for live-server 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
81742528a2 add test 2021-08-27 10:04:39 +02:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Erik Krogh Kristensen
9c2d83e82b add tests 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
6d06550f7d update expected output 2021-08-17 15:10:30 +02:00
CodeQL CI
92804a3cc3 Merge pull request #6487 from erik-krogh/moreJquerySinks 
Approved by asgerf
 2021-08-17 11:46:24 +01:00
Erik Krogh Kristensen
cc2a267b07 recognize array elements from JQuery objects as DOM values 2021-08-16 22:35:57 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
178d3de824 Merge branch 'main' into logs 2021-07-16 11:21:25 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
CodeQL CI
c1d0e52492 Merge pull request #6286 from erik-krogh/mkdirp 
Approved by asgerf
 2021-07-16 02:11:07 -07:00
CodeQL CI
6c2c51a767 Merge pull request #6287 from erik-krogh/react-tooltip 
Approved by asgerf
 2021-07-16 02:10:36 -07:00
CodeQL CI
d4fa1f7d96 Merge pull request #6295 from erik-krogh/sort-keys 
Approved by asgerf
 2021-07-16 02:09:47 -07:00
CodeQL CI
520337577b Merge pull request #6298 from erik-krogh/ansi-to-html 
Approved by asgerf
 2021-07-16 02:09:03 -07:00
CodeQL CI
b14139f3a0 Merge pull request #6261 from max-schaefer/js/module-constructor 
Approved by asgerf
 2021-07-16 00:28:30 -07:00
Erik Krogh Kristensen
28b98c1bfa update expected output 2021-07-15 15:51:01 +02:00
Erik Krogh Kristensen
ae2fc7171b add a taint step through the ansi-to-html library 2021-07-15 14:04:16 +02:00
Erik Krogh Kristensen
aaa8969537 add sort-keys as a clone call 2021-07-15 13:16:17 +02:00
Erik Krogh Kristensen
22dfe84ee8 add xss sink for react-tooltip 2021-07-14 20:03:50 +02:00