hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

1176 Commits

Author SHA1 Message Date
Asger F
17ad97812e JS: Fix FPs from TLDs without a domain name 2019-11-15 09:27:20 +00:00
Asger F
e45c361d64 JS: Port IncompleteHostnameRegExp 2019-11-15 09:27:20 +00:00
Asger F
9ecab1b5d5 JS: Port unanchored RegExp query but for hostnames only 2019-11-15 09:27:20 +00:00
Asger F
e5f2f9e43e JS: Do not flag semi-anchored regexps in .replace() 2019-11-15 09:27:20 +00:00
Asger F
cae09a447b JS: Update test case 2019-11-15 09:27:20 +00:00
Asger F
3e37950170 JS: Whitelist one more FP case 2019-11-15 09:27:20 +00:00
Asger F
2b151cd587 JS: Include anchor direction in message 2019-11-15 09:27:20 +00:00
Asger F
3e952cf564 JS: Restrict semi-anchored regex query more 2019-11-15 09:27:19 +00:00
Asger F
0726bd8cac JS: Add double semi-anchored test case 2019-11-15 09:27:19 +00:00
Asger F
9fa9729470 JS: Shift line numbers in SemiAnchoredRegExp testcase 2019-11-15 09:27:19 +00:00
Asger F
8bc89ee254 JS: Update semi-anchored regex query 2019-11-15 09:27:19 +00:00
Esben Sparre Andreasen
8e6a19b3d3 JS: add DefaultParsedCommandLineArgumentsAsSource 2019-11-15 08:42:02 +01:00
Esben Sparre Andreasen
2ea7d141c8 Merge pull request #2310 from max-schaefer/js/insufficient-url-scheme-check 
JavaScript: Add query `IncompleteUrlSchemeCheck`
 2019-11-14 22:13:02 +01:00
Erik Krogh Kristensen
7137a64b7d Added query for detecting XSS that happens through an exception 2019-11-14 17:04:00 +01:00
Esben Sparre Andreasen
cc768345d0 JS: add security tests for malicious torrents 2019-11-14 13:54:19 +01:00
Max Schaefer
ab583b7994 JavaScript: Add query IncompleteUrlSchemeCheck.ql. 2019-11-13 10:27:18 +00:00
Max Schaefer
155cea7b5b Revert "JavaScript: Improve double-escaping query" 2019-11-12 22:54:12 +00:00
semmle-qlci
3a7f9a588d Merge pull request #2267 from max-schaefer/js/qltest-extractor-options 
Approved by asger-semmle
 2019-11-07 11:36:45 +00:00
Max Schaefer
8fdf6298b9 JavaScript: Remove --platform node extractor options. 2019-11-06 13:01:28 +00:00
Max Schaefer
3e92d0ffb5 JavaScript: Remove redundant --experimental extractor options. 2019-11-05 15:59:24 +00:00
semmle-qlci
eb6e8866fa Merge pull request #2247 from max-schaefer/odasa-8149 
Approved by asger-semmle, esbena
 2019-11-05 09:40:54 +00:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
semmle-qlci
2a3980222b Merge pull request #2201 from max-schaefer/js/avoid-duplicate-source-and-sink-nodes 
Approved by asger-semmle
 2019-10-31 10:47:30 +00:00
Max Schaefer
bb0771b36c JavaScript: Deal with escape-unescape-escape (and similar) chains. 2019-10-30 14:49:01 +00:00
Max Schaefer
8c133ff61d JavaScript: Deal with (un-)escaping on captured variables. 2019-10-30 14:46:50 +00:00
Max Schaefer
a8214ce7ee JavaScript: Fix regexes for escaping schemes. 2019-10-30 14:15:59 +00:00
Max Schaefer
5349e0f881 JavaScript: Recognise wrapped chains of replacements. 2019-10-30 13:14:38 +00:00
Max Schaefer
02d16b1dc9 JavaScript: Recognise wrapped string replacement functions. 2019-10-30 13:01:17 +00:00
Max Schaefer
aaeca32519 JavaScript: Recognize string escaping using .replace with a callback. 2019-10-30 12:45:32 +00:00
Max Schaefer
bd1c99d8a4 JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper. 2019-10-30 12:38:05 +00:00
semmle-qlci
a778efe71e Merge pull request #2216 from asger-semmle/xss-encodeURIComponent 
Approved by max-schaefer
 2019-10-30 11:49:31 +00:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Asger F
5636d42c13 JS: Update test 2019-10-25 09:57:10 +01:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Asger F
8aa34e6a54 JS: Add XSS test case for new PostMessageEventHandler cases 2019-10-21 11:32:22 +01:00
Esben Sparre Andreasen
e1d7434be4 JS: add query js/useless-regexp-character-escape 2019-10-16 00:15:54 +02:00
Max Schaefer
d4fca84898 JavaScript: Improve XSS sanitizer detection. 
We now use local data flow to detect more regexp-based sanitizers.
 2019-09-23 17:07:06 +01:00
semmle-qlci
825a3d2917 Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars 
Approved by xiemaisi
 2019-09-23 12:10:30 +01:00
semmle-qlci
e2c941c577 Merge pull request #1916 from erik-krogh/taintedLength 
Approved by asger-semmle, xiemaisi
 2019-09-23 11:47:48 +01:00
Asger F
1ce0a48996 JS: Update tests 2019-09-20 15:41:36 +01:00
semmle-qlci
6f2e485ace Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible 
Approved by esben-semmle
 2019-09-19 12:45:45 +01:00
Max Schaefer
3970ead7ab JavaScript: Add support for rate-limiter-flexible package. 2019-09-18 12:25:33 +01:00
Esben Sparre Andreasen
ac6554b7da Merge branch 'master' into js/improve-getAResponseDataNode 2019-09-17 13:18:41 +02:00
Esben Sparre Andreasen
a5645e168a JS: exclude keys from whitelist 2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen
0e2d2f8662 JS: whitelist some hardcoded dummy-passwords in two queries 2019-09-16 10:11:43 +02:00