hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

6874 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
9112d417e4 avoid using getFirstToken for sorting 2020-10-15 20:57:29 +02:00
Erik Krogh Kristensen
8206933e85 add test for home grown CSRF protection 2020-10-15 14:51:02 +02:00
Erik Krogh Kristensen
4d1a9740f0 add support for home made CSRF protection middlewares in js/missing-token-validation 2020-10-15 14:50:59 +02:00
Erik Krogh Kristensen
11ee7c7946 update expected output 2020-10-15 12:06:17 +02:00
Erik Krogh Kristensen
f9f29f53cf remove locations where we have no exact location 2020-10-15 11:59:51 +02:00
Erik Krogh Kristensen
2bb8b78a29 remove "</>" from the end when printing HTML 2020-10-15 11:56:00 +02:00
Erik Krogh Kristensen
a019312953 improve printing of JS object literals 2020-10-15 11:47:45 +02:00
Erik Krogh Kristensen
ab7542c0d2 improve printing of JSON values 2020-10-15 11:05:22 +02:00
Erik Krogh Kristensen
1ebd49b0eb remove location from "mapping i" print node 2020-10-15 10:51:34 +02:00
Erik Krogh Kristensen
3e2d266343 improve YAMLMapping printing 2020-10-15 10:49:37 +02:00
Erik Krogh Kristensen
1b908ce030 improve printing of DeclStmt, and remove escaped whitespace chars from printed output 2020-10-15 10:43:32 +02:00
Erik Krogh Kristensen
c033ae9b7f add one more case to getAPrimaryQlClass 2020-10-15 10:05:07 +02:00
Erik Krogh Kristensen
ab10c28cc4 change the default sorting order for print children to be location based 2020-10-15 09:53:52 +02:00
Erik Krogh Kristensen
74243d39aa remove location for arguments/parameters print node 2020-10-15 09:48:55 +02:00
Max Schaefer
4100ab2919 JavaScript: Add another test to show that flow through functions still works. 2020-10-14 10:03:27 +01:00
Max Schaefer
1c04c07f07 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. 2020-10-14 10:03:04 +01:00
Erik Krogh Kristensen
96db3459d0 remove stray todo 2020-10-13 11:48:06 +02:00
CodeQL CI
e2b0c60627 Merge pull request #4449 from max-schaefer/js/api-graphs-type-handling-improvements 
Approved by erik-krogh
 2020-10-12 11:41:21 -07:00
Max Schaefer
9ac70e3044 JavaScript: Clarify the relationship between MkCanonicalName{Def,Use} with an upper-case M and mkCanonicalName{Def,Use} with a lower-case m. 2020-10-12 16:29:11 +01:00
Max Schaefer
cd33d358aa JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. 
The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.
 2020-10-12 14:50:47 +01:00
CodeQL CI
8eb84b2599 Merge pull request #4391 from max-schaefer/js/api-graph-reexport 
Approved by asgerf
 2020-10-12 05:26:53 -07:00
CodeQL CI
6d1634ef8f Merge pull request #4329 from erik-krogh/DVSA 
Approved by esbena
 2020-10-12 05:23:29 -07:00
Erik Krogh Kristensen
2fb19f0b11 refactor into a single regular expression with two capture groups 2020-10-09 14:50:16 +02:00
Erik Krogh Kristensen
f6f8bbd1d8 Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-09 14:46:31 +02:00
Erik Krogh Kristensen
3b328baaef changes based on review 2020-10-08 21:54:23 +02:00
Erik Krogh Kristensen
65b90c411c Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-08 21:28:50 +02:00
Erik Krogh Kristensen
d3e3c11fa6 add printAst query for printing JS/TS/JSON/YAML/HTML 2020-10-08 21:20:28 +02:00
Max Schaefer
4bf6f6ac7c JavaScript: Add a negative test for API graphs. 
The test ensures that flow summarization won't label property `f` of the first parameter of `assertNotNull` as a sink, which would be very imprecise.
 2020-10-08 19:53:23 +01:00
CodeQL CI
f179e7ebf4 Merge pull request #4291 from asgerf/js/lean-dependency-installation-plainjava 
Approved by erik-krogh
 2020-10-08 03:09:38 -07:00
Erik Krogh Kristensen
1ed026fcce add a RemoteFlowSource for serverless handlers 2020-10-06 22:36:21 +02:00
Erik Krogh Kristensen
050ed97d9c add node-serialize as a js/code-injection sink 2020-10-06 22:35:38 +02:00
Max Schaefer
98ab38a630 JavaScript: Add yet another API-graph test with re-exports. 2020-10-06 15:32:21 +01:00
Max Schaefer
1d8051eee0 JavaScript: Further improve handling of re-exports in API graphs. 2020-10-06 14:22:55 +01:00
Max Schaefer
d054206004 JavaScript: Improve handling of re-exports in API graphs. 2020-10-06 14:22:51 +01:00
Max Schaefer
96bf82e1ca JavaScript: Make new source-node classes in API graphs more general and more useful. 2020-10-06 14:21:36 +01:00
Max Schaefer
95b6b16b57 JavaScript: Add another API-graph test with re-exports. 2020-10-06 14:20:41 +01:00
CodeQL CI
4e116ba0db Merge pull request #4419 from erik-krogh/jsxFactory 
Approved by asgerf
 2020-10-06 06:13:21 -07:00
CodeQL CI
0753c8a31b Merge pull request #4247 from erik-krogh/CVE760-reexport 
Approved by asgerf
 2020-10-06 06:10:21 -07:00
CodeQL CI
ef703e72d8 Merge pull request #4401 from asgerf/js/angular-prerequisites 
Approved by erik-krogh
 2020-10-06 06:09:48 -07:00
Asger Feldthaus
396f353397 JS: Reapply fixed to javadoc 2020-10-06 14:06:10 +01:00
CodeQL CI
7e6fa7b4be Merge pull request #4392 from erik-krogh/flask 
Approved by asgerf
 2020-10-06 03:41:36 -07:00
Erik Krogh Kristensen
f7f82ffe4e Merge branch 'main' into CVE760-reexport 2020-10-06 12:28:44 +02:00
CodeQL CI
bc1d3de8fe Merge pull request #4376 from erik-krogh/simpParam 
Approved by asgerf
 2020-10-06 03:24:43 -07:00
Erik Krogh Kristensen
99213b94f5 detect uses of jsxFactory and jsxFragmentFactory in js/unused-local-variable 2020-10-06 12:23:15 +02:00
Asger Feldthaus
5374b66029 JS: Make CachedOperation private 2020-10-06 11:13:04 +01:00
Asger F
433e3e7e4e JS: Expand doc string in installFromTarballurl 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-10-06 11:13:04 +01:00
Asger F
4e2b990d14 Add doc string to semVerToken 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-10-06 11:13:04 +01:00
Asger Feldthaus
0ddd825ea6 JS: Address some more review comments 2020-10-06 11:13:04 +01:00
Asger Feldthaus
b1bd612232 JS: Undo unused export 2020-10-06 11:13:04 +01:00
Asger Feldthaus
26b7d57a94 JS: Parse preferred version directly 2020-10-06 11:13:04 +01:00