hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

1639 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
cecb6c7bdd add model for live-server 2021-08-31 14:23:23 +02:00
Erik Krogh Kristensen
486b283c20 support the "module" field in package.json files 2021-08-30 11:05:32 +02:00
Erik Krogh Kristensen
f5a1a12435 support case insensitive regexps in the ReDoS queries 2021-08-30 09:59:33 +02:00
Erik Krogh Kristensen
81742528a2 add test 2021-08-27 10:04:39 +02:00
CodeQL CI
1daeea5696 Merge pull request #6472 from erik-krogh/apiPromise 
Approved by asgerf
 2021-08-25 14:45:03 +01:00
CodeQL CI
170a069657 Merge pull request #6403 from asgerf/js/handlebars-extraction 
Approved by erik-krogh
 2021-08-25 13:54:52 +01:00
Erik Krogh Kristensen
c664d7cfb3 add a getMaybePromisifiedCall method in API graphs, and use it to model child_process 2021-08-25 10:27:09 +02:00
CodeQL CI
c66a34be9c Merge pull request #6533 from erik-krogh/cwdPath 
Approved by asgerf
 2021-08-24 13:10:38 +01:00
CodeQL CI
c0e8680c81 Merge pull request #6534 from erik-krogh/fallbackEntry 
Approved by asgerf
 2021-08-24 11:38:25 +01:00
Erik Krogh Kristensen
5d232bbfce recognize more src folders when "main" in package.json points to a compiled output 2021-08-23 08:09:01 +02:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
Erik Krogh Kristensen
4cc2ac9d35 exclude char classes that match everything 2021-08-18 08:59:17 +00:00
Erik Krogh Kristensen
9c2d83e82b add tests 2021-08-17 15:10:30 +02:00
Erik Krogh Kristensen
6d06550f7d update expected output 2021-08-17 15:10:30 +02:00
CodeQL CI
92804a3cc3 Merge pull request #6487 from erik-krogh/moreJquerySinks 
Approved by asgerf
 2021-08-17 11:46:24 +01:00
CodeQL CI
e3cdc4522e Merge pull request #6450 from asgerf/js/query-suffix-convention2 
Approved by erik-krogh
 2021-08-17 11:31:21 +01:00
Erik Krogh Kristensen
cc2a267b07 recognize array elements from JQuery objects as DOM values 2021-08-16 22:35:57 +02:00
Erik Krogh Kristensen
46959234b7 Merge pull request #6288 from erik-krogh/emptyRedos 
JS/Python: Fix FP in redos related to empty lookaheads
 2021-08-16 13:48:22 +02:00
Asger Feldthaus
cb0075f15a JS: Remove use of deprecated API 2021-08-12 09:30:43 +02:00
CodeQL CI
8fe2a43fd9 Merge pull request #6433 from asgerf/js/tainted-url-suffix 
Approved by erik-krogh
 2021-08-12 00:28:46 -07:00
Asger Feldthaus
b9b10af9b5 JS: Tolerate parse errors in test due to speculative parsing 2021-08-11 12:54:22 +02:00
Erik Krogh Kristensen
01a202fa10 fix cfg and dataflow for logical compound assignments 2021-08-10 12:17:59 +02:00
Asger Feldthaus
f1bcfa287b JS: Add more tests 2021-08-10 08:55:03 +02:00
Asger Feldthaus
00f4694616 JS: Recognize methods returning DOM objects 2021-08-04 16:25:56 +02:00
CodeQL CI
07f6ce7f3b Merge pull request #6398 from erik-krogh/authHeader 
Approved by esbena
 2021-08-03 02:04:35 -07:00
Erik Krogh Kristensen
87c0c60c22 don't report dummy authentication headers as hardcoded-crendentials 2021-08-02 22:56:14 +02:00
Erik Krogh Kristensen
f719e0ca1b remove nunjucks template URLs from the target-blank query 2021-08-02 22:46:59 +02:00
Erik Krogh Kristensen
6da1007f67 mark new redos tests correctly 2021-07-16 13:37:47 +02:00
Erik Krogh Kristensen
b2b736db10 add more tests for non-empty positive lookaheads 2021-07-16 13:25:37 +02:00
Erik Krogh Kristensen
178d3de824 Merge branch 'main' into logs 2021-07-16 11:21:25 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
CodeQL CI
c1d0e52492 Merge pull request #6286 from erik-krogh/mkdirp 
Approved by asgerf
 2021-07-16 02:11:07 -07:00
CodeQL CI
6c2c51a767 Merge pull request #6287 from erik-krogh/react-tooltip 
Approved by asgerf
 2021-07-16 02:10:36 -07:00
CodeQL CI
d4fa1f7d96 Merge pull request #6295 from erik-krogh/sort-keys 
Approved by asgerf
 2021-07-16 02:09:47 -07:00
CodeQL CI
520337577b Merge pull request #6298 from erik-krogh/ansi-to-html 
Approved by asgerf
 2021-07-16 02:09:03 -07:00
CodeQL CI
b14139f3a0 Merge pull request #6261 from max-schaefer/js/module-constructor 
Approved by asgerf
 2021-07-16 00:28:30 -07:00
Erik Krogh Kristensen
28b98c1bfa update expected output 2021-07-15 15:51:01 +02:00
Erik Krogh Kristensen
ae2fc7171b add a taint step through the ansi-to-html library 2021-07-15 14:04:16 +02:00
Erik Krogh Kristensen
aaa8969537 add sort-keys as a clone call 2021-07-15 13:16:17 +02:00
Erik Krogh Kristensen
80d784e37a add a step over empty lookaheads/lookbehinds 2021-07-14 23:40:04 +02:00
Erik Krogh Kristensen
22dfe84ee8 add xss sink for react-tooltip 2021-07-14 20:03:50 +02:00
Erik Krogh Kristensen
14b26f2a68 add mkdirp as a sink for tainted-path 2021-07-14 19:32:22 +02:00
Erik Krogh Kristensen
f462c9bb76 add taint through the parseqs library 2021-07-14 17:22:35 +02:00
Erik Krogh Kristensen
bec1818fc7 add taint through the normalize-url library 2021-07-14 17:15:14 +02:00
Erik Krogh Kristensen
193ddfc771 add taint through the qs library 2021-07-14 16:56:51 +02:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
CodeQL CI
9d59cba644 Merge pull request #6262 from erik-krogh/slash 
Approved by asgerf
 2021-07-13 05:44:55 -07:00
Erik Krogh Kristensen
e13d53f001 support pino logging calls on request objects 2021-07-13 14:32:50 +02:00
Erik Krogh Kristensen
cce15bed1d add basic support for the pino library 2021-07-13 14:00:01 +02:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00