hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

3047 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
408ac2729d Merge pull request #5066 from CaptainFreak/express-hbs-lfr 
JS: add query for Express-HBS LFR
 2021-02-17 10:41:38 +01:00
CodeQL CI
b5143dbdb4 Merge pull request #5117 from erik-krogh/parseForm 
Approved by asgerf
 2021-02-15 04:30:59 -08:00
CodeQL CI
9b8d94d76e Merge pull request #5148 from erik-krogh/apollo 
Approved by esbena
 2021-02-15 02:23:52 -08:00
Erik Krogh Kristensen
4fa33b151f Merge pull request #5146 from github/more-redos-tests 
JS: add two non ReDoS regular expressions to the ReDoS test suite
 2021-02-12 18:56:52 +01:00
CodeQL CI
179a7a89dd Merge pull request #5098 from erik-krogh/xml2js 
Approved by asgerf
 2021-02-12 09:22:40 -08:00
Erik Krogh Kristensen
6f405635ef add ClientRequest model for apollo-client 2021-02-11 17:49:44 +01:00
Erik Krogh Kristensen
69d8aa143c add taint step for the snarkdown libary 2021-02-11 16:16:46 +01:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen
010d580f8e add model for multiparty 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
61b4ffec3d add remote flow from the Formidable library 2021-02-11 09:34:04 +01:00
Erik Krogh Kristensen
a03f4ed3cd add remote flow source for busboy 2021-02-11 09:34:02 +01:00
Erik Krogh Kristensen
e2fbf8a68c add files uploaded with multer as RemoteFlowSource 2021-02-11 09:33:15 +01:00
Erik Krogh Kristensen
7cff1f441b add model for the unified and remark libraries 2021-02-10 18:13:01 +01:00
Erik Krogh Kristensen
0d497e8b9a add model for the showdown library 2021-02-10 17:22:42 +01:00
Erik Krogh Kristensen
f76018c039 add taint step for the markdown-table library 2021-02-10 15:11:41 +01:00
Erik Krogh Kristensen
b4704f7016 add taint-step for the marked library 2021-02-10 14:51:08 +01:00
Erik Krogh Kristensen
101d4358a9 detect DOM nodes from event callbacks 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
be9636491b add source for react-hook-form in xss-through-dom 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
65d93c9061 detect for DOM elements from DOM events in React 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
458dda9d25 add xss-through-dom source from react-final-form 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
ff3950ce98 add model for formik 2021-02-10 14:17:49 +01:00
Erik Krogh Kristensen
0ca2310594 add model for htmlparser2 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
e2a66bf3ed add model for xml-js 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
73f7cd149f add model for sax 2021-02-10 14:16:31 +01:00
Erik Krogh Kristensen
c43025d7b3 add model for xml2js 2021-02-10 14:16:30 +01:00
Erik Krogh Kristensen
44ca2e26a6 add taint-step to XML parsers 2021-02-10 14:16:08 +01:00
Erik Krogh Kristensen
6cbf7b3267 add of Set, Stack and similar to the Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b74df66463 implement Immutable merge 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
c0de6a3af2 add support for Immutable Record 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
609b16b1f7 implement Immutable OrderedMap 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
2e7bf9b53c implement Immutable lists 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
a5c9492c87 add support for fromJS in the Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
6cbe4caecc support toJS() by using plain property names instead of pseudoproperties. 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b1f092f052 add support for map.set in Immutable model 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
b77dd54618 implement basic map get/set for immutable.js 2021-02-04 12:05:44 +01:00
Erik Krogh Kristensen
a5bde53bfe use the TaintedObject library in js/template-object-injection 2021-02-03 12:26:37 +01:00
Erik Krogh Kristensen
c6a22844e2 add test for js/template-object-injection 2021-02-03 12:16:57 +01:00
CaptainFreak
12ee497485 move query to src, rename and refactor 2021-02-03 15:48:02 +05:30
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00
CaptainFreak
3363f5e6db JS: add query for Express-HBS LFR 2021-02-01 18:01:34 +05:30
Esben Sparre Andreasen
9678534f25 JS: add tests for some syntactic XSS vector obfuscations 2021-02-01 10:20:23 +01:00
Erik Krogh Kristensen
aae69c6537 update expected output 2021-02-01 09:33:52 +01:00
Erik Krogh Kristensen
c9ec983cd8 add js/client-side-unvalidated-url-redirection test for script tags inside react code 2021-01-29 12:50:43 +01:00
Erik Krogh Kristensen
39591687ba add js/code-injection sink for script tags in React 2021-01-29 12:50:17 +01:00
Erik Krogh Kristensen
3f1e81533c support html attribute concatenations with single quotes 2021-01-29 10:37:37 +01:00
CodeQL CI
6d952bda27 Merge pull request #5020 from asgerf/js/getaqlclass-test 
Approved by esbena
 2021-01-27 03:48:57 -08:00
Henning Makholm
54f00de3e0 Add "tests" fields to test qlpacks 
This will allow `codeql resolve tests --ignore-dubious-cases`
(and thus the VSCode extension) to recognize all `.ql` files in those
packs as test cases, even if they don't have accompanying `.expected`
files.

CLI versions prior to 2.1.0 will choke on this, but it's almost 10
months since that came out.
 2021-01-26 18:15:22 +01:00