hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

3047 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
CodeQL CI
0158e2ffef Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Erik Krogh Kristensen
75b9237b81 use Parameter instead of SimpleParameter in the AngularJS model 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
c675d72629 use Parameter instead of SimpleParameter in remaining route-handler models 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
f65ba11485 use Parameter instead of SimpleParameter in AMD.qll 2020-10-01 10:44:05 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Erik Krogh Kristensen
d316cb512e deprecate exports and replace uses with the new getAnExportedValue 2020-09-30 13:46:28 +02:00
Erik Krogh Kristensen
adc05022f3 update comment in test case 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-29 18:21:41 +02:00
Erik Krogh Kristensen
3857331657 avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model 2020-09-29 17:08:09 +02:00
CodeQL CI
d7add29dc2 Merge pull request #4359 from erik-krogh/cookieWrites 
Approved by esbena
 2020-09-29 06:32:01 -07:00
CodeQL CI
910c19e613 Merge pull request #4348 from erik-krogh/needle 
Approved by esbena
 2020-09-29 02:57:32 -07:00
CodeQL CI
11f39a9d88 Merge pull request #4342 from erik-krogh/track-where-prop 
Approved by asgerf
 2020-09-29 02:09:53 -07:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00
Max Schaefer
dfc4436012 JavaScript: Teach API graphs to recognise arguments supplied in partial function applications. 2020-09-28 17:52:57 +01:00
Erik Krogh Kristensen
664342dd0f change SimpleParameter to Parameter in the express model to support destructuring parameters 2020-09-26 21:31:06 +02:00
CodeQL CI
ea5feb2b0a Merge pull request #4331 from erik-krogh/DVNA-files 
Approved by esbena
 2020-09-25 05:21:03 -07:00
Erik Krogh Kristensen
6b9aea82ca model method calls in the needle library 2020-09-25 14:13:31 +02:00
Erik Krogh Kristensen
a22ddb145b model calls to needle 2020-09-25 13:53:22 +02:00
Erik Krogh Kristensen
b8154d41b1 type-track objects where the "$where" property has been written 2020-09-24 20:55:25 +02:00
Erik Krogh Kristensen
6163e6cf5f adjust test case for XML entity expansion 2020-09-24 09:53:06 +02:00
Erik Krogh Kristensen
83f0514475 add req.files as a RequestInputAccess in the Express model 2020-09-23 15:50:59 +02:00
Max Schaefer
dc7b447895 JavaScript: Make alert locations for command injection more precise. 2020-09-23 14:07:36 +01:00
Max Schaefer
439aadf0b6 JavaScript: Do even more type tracking in command injection. 2020-09-23 14:07:36 +01:00
Max Schaefer
ef18b39124 JavaScript: Fix use of type backtracker in IndirectCommandArgument.qll. 2020-09-23 14:07:36 +01:00
Max Schaefer
825fc2228b JavaScript: Add two new command-injection tests. 2020-09-23 14:07:36 +01:00
CodeQL CI
9a306866c5 Merge pull request #4282 from erik-krogh/es2021 
Approved by esbena
 2020-09-22 05:34:35 -07:00
Erik Krogh Kristensen
4bc91c4439 add support for Promise.any 2020-09-21 10:50:06 +02:00
Erik Krogh Kristensen
b09015380a add support for String.prototype.replaceAll 2020-09-21 10:50:04 +02:00
Erik Krogh Kristensen
b4e75bf567 update expected output 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
1f95311342 further loosen the RouteHandlerCandidate heuristic 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
3eaa56ed60 support containers with decorated route handlers 2020-09-18 09:29:08 +02:00
Erik Krogh Kristensen
c087e94d47 add additional indirect route-handler steps 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
02c1d689e4 support indirect route-handlers for NodeJS 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
dafcd59148 add another indirect route-handler test 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
CodeQL CI
c2175b678c Merge pull request #4263 from erik-krogh/importScripts 
Approved by esbena
 2020-09-16 06:01:35 -07:00
CodeQL CI
951e3093d2 Merge pull request #4231 from erik-krogh/CVE767 
Approved by asgerf
 2020-09-15 03:47:40 -07:00
Erik Krogh Kristensen
fa255f3534 add test for self.importScripts(..) 2020-09-15 12:23:48 +02:00
Erik Krogh Kristensen
c1cb19abd7 add level PreCallGrapSteps to the callgraph 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
f2ecb63e5a add a direct Export step as a PreCallGraphStep 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
29457c52dc add reexported test to PackageExports test 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
61f6580d1e add API in PackageExports.qll for getting a value exported under a name 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
d3653b3030 add support for re-exports using the spread operator for NodeJS exports 2020-09-14 23:28:35 +02:00
Erik Krogh Kristensen
03a3c4f4b2 update expected output 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
f4f96ce04d use new source in client-side-url-redirect test 2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
6e84ac8e6c add test for importScripts 2020-09-14 16:02:34 +02:00
CodeQL CI
903bc007b8 Merge pull request #4082 from max-schaefer/js/api-graph 
Approved by asgerf
 2020-09-11 04:41:38 -07:00
Erik Krogh Kristensen
cffe573d06 add taint-steps for underscore methods 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
eb80705e99 add a taint-step for require("bluebird").mapSeries() 2020-09-09 09:57:53 +02:00
Erik Krogh Kristensen
bb97829e1d add a model for the ClientRequest new require("net").Socket() 2020-09-09 09:57:53 +02:00