hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

3047 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
49b1bfc41b add a step for referencing instance/static methods on classes 2021-03-10 10:57:28 +01:00
Erik Krogh Kristensen
e8afafca7a add another route-handler test 2021-03-09 16:37:36 +01:00
Erik Krogh Kristensen
11793800ad support subrouters, and engine registrations with file extensions 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
28951e98c4 add engine filter to js/template-object-injection 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
b30484dd69 behaviour preserving refactorization into modules 2021-03-09 16:17:29 +01:00
Erik Krogh Kristensen
caf1dbdc46 move TemplateObjectInjection out of experimental 2021-03-09 11:29:45 +01:00
Erik Krogh Kristensen
29ae737475 update expected output for MalformedRegExp 2021-03-08 13:50:58 +01:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
Jaroslav Lobačevski
673e64909a github actions queries 2021-03-06 10:27:11 +02:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
CodeQL CI
15049ca853 Merge pull request #5183 from erik-krogh/next 
Approved by asgerf
 2021-03-04 04:57:43 -08:00
Asger Feldthaus
6e0322dc60 JS: Add DeepResourceExhaustion test 2021-03-02 13:56:43 +00:00
Asger Feldthaus
88e5348da9 JS: Move RemotePropertyInjection test into subfolder 2021-03-02 13:56:39 +00:00
Asger Feldthaus
fd9604c5ef JS: Update expected output for poly ReDoS 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
36049f05f8 update Next.js xss example such that the attack is viable 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
0e7e3e6178 support Next.js pages that export React components 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a5cf024c9f add support for getServerSideProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
af262a035d add support for getInitialProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
d63fcaf7f1 add step from getStaticProps to the component render function 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
9d7bb57d8a add parameter values from Next as a RemoteFlowSource 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
214aa072b9 support host for http-proxy client requests 2021-02-26 17:18:29 +01:00
Erik Krogh Kristensen
cc48172fd8 add support for events in http-proxy 2021-02-26 17:17:47 +01:00
Erik Krogh Kristensen
ede1a40a02 add ClientRequst models for http-proxy 2021-02-26 17:17:46 +01:00
CodeQL CI
b7c0d18c4a Merge pull request #5278 from erik-krogh/formData 
Approved by asgerf
 2021-02-26 08:13:41 -08:00
CodeQL CI
0e70b58a41 Merge pull request #5205 from erik-krogh/ts42 
Approved by asgerf
 2021-02-26 05:06:40 -08:00
Erik Krogh Kristensen
c59e6fef80 add model for form-data 2021-02-26 10:54:46 +01:00
CodeQL CI
1bd12e6fdf Merge pull request #5199 from asgerf/js/vue-router 
Approved by erik-krogh
 2021-02-25 07:32:57 -08:00
Max Schaefer
3fe249f25c Address review comments. 2021-02-25 10:48:23 +00:00
Max Schaefer
2e252ba3e4 JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes. 2021-02-25 09:06:58 +00:00
Max Schaefer
ae2a5da63f JavaScript: Add new tests for recognising receiver of event handler as DOM element. 2021-02-25 09:04:46 +00:00
CodeQL CI
d2816b33e2 Merge pull request #5240 from erik-krogh/vsPerf 
Approved by asgerf
 2021-02-24 02:26:16 -08:00
Erik Krogh Kristensen
16150a6419 update printAst expected output 2021-02-24 10:29:29 +01:00
Erik Krogh Kristensen
ed47697c09 update expected output 2021-02-24 10:29:12 +01:00
Erik Krogh Kristensen
bcb3d5aec2 add tests for nested type unions through aliases 2021-02-24 09:34:54 +01:00
Erik Krogh Kristensen
85ed402b1a add test for union types 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
5ae3c5952c support abstract signatures 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
f385c55f2c add support for rest types elements in the middle of a tuple 2021-02-24 09:34:53 +01:00
Erik Krogh Kristensen
69d6df7834 make globalVarRef non recursive 2021-02-23 10:03:17 +01:00
Asger F
b8e1987cad Update javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-02-22 10:08:56 +00:00
Asger Feldthaus
e964771e9c JS: Add test 2021-02-22 09:47:21 +00:00
Asger Feldthaus
5264d24f34 JS: Model vue-router 2021-02-19 15:37:24 +00:00
CodeQL CI
8716cbd7ee Merge pull request #5140 from erik-krogh/mark 
Approved by asgerf
 2021-02-17 11:50:11 -08:00