hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

1639 Commits

Author SHA1 Message Date
Asger F
003b600e24 TypeScript: disable queries that rely on token information 2018-09-04 13:18:37 +01:00
Esben Sparre Andreasen
f5a6af54e6 JS: add security query: js/request-forgery 2018-09-04 09:25:42 +02:00
semmle-qlci
d22a65a66b Merge pull request #108 from esben-semmle/js/classify-generated-data-files 
Approved by xiemaisi
 2018-08-29 14:15:55 +01:00
Esben Sparre Andreasen
02d56306c9 JS: classify generated data files 2018-08-27 15:06:00 +02:00
semmle-qlci
55ceb9be8b Merge pull request #91 from esben-semmle/js/additional-indexof-sanitizers 
Approved by xiemaisi
 2018-08-24 08:37:41 +01:00
Max Schaefer
2187b0c245 Merge pull request #89 from esben-semmle/js/sharpen-type-confusion 
JS: remove emptiness checks from the type confusion `x.length` sinks
 2018-08-23 08:04:09 +01:00
Esben Sparre Andreasen
20b48a2d24 JS: support relational indexof comparison sanitizers 2018-08-22 15:58:47 +02:00
Esben Sparre Andreasen
218c0cb51a JS: address review comments 2018-08-22 13:54:07 +02:00
Esben Sparre Andreasen
fef257b1ec JS: remove emptiness checks from the type confusion x.length sinks 2018-08-22 13:25:22 +02:00
semmle-qlci
7e7e30c01c Merge pull request #73 from esben-semmle/js/cleartext-logging-query 
Approved by xiemaisi
 2018-08-22 08:04:36 +01:00
semmle-qlci
7661a98909 Merge pull request #68 from esben-semmle/determinate-1-cfa-type-inference 
Approved by xiemaisi
 2018-08-22 08:02:27 +01:00
Esben Sparre Andreasen
2b9f5c3fa2 JS: remove check for test-environment in js/clear-text-logging 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
3636708d30 JS: extract and expose StringConcatenationTaintStep in TaintTracking 2018-08-21 22:32:52 +02:00
Esben Sparre Andreasen
6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen
bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Esben Sparre Andreasen
a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Max Schaefer
886329689f JavaScript: Teach globalVarRef about top-level this and the global npm package. 2018-08-14 09:15:15 +01:00
Asger F
d9ba5a1cab JavaScript: add test cases for new array steps 2018-08-13 12:27:12 +01:00
semmle-qlci
3d0748c542 Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
semmle-qlci
2478c6e150 Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F
b00938e9b3 Make NodeJSLib use moduleMember for ES6-compatibility 2018-08-09 15:10:21 +01:00
Max Schaefer
e32dc08cd0 Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Max Schaefer
badb167962 Merge pull request #35 from esben-semmle/js/classify-application-insight 
JS: classify the ApplicationInsights library instance
 2018-08-09 08:12:12 +01:00
Max Schaefer
0de9eed71c Merge pull request #32 from asger-semmle/export-import-flow 
TypeScript: bugfixes for import-assign statement
 2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen
2589cf70c9 JS: classify the ApplicationInsights library instance 2018-08-08 15:39:22 +02:00
Asger F
94bac1253d TypeScript: bugfixes for import-assign statement 2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen
8ee943f264 JS: restrict alert location to a single line 2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen
e1947f04df JS: change alert location for js/incomplete-object-initialization 2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen
4e98ce21b4 JS: permit some calls with spurious arguments to empty functions 2018-08-08 10:13:02 +02:00
semmle-qlci
6533ddfeaf Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters 
Approved by xiemaisi
 2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen
b6951d8249 JS: add tests for improved js/missing-rate-limiting 2018-08-06 15:15:44 +02:00
Max Schaefer
9ba3d80bad JavaScript: Lift call graph library to data flow graph. 2018-08-06 08:34:06 +01:00
Asger F
156b94e436 JavaScript: Add model of JSON parsers 2018-08-03 15:27:35 +01:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00