hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

1176 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
aa3f4a7048 JS: change passwords in tests 2019-09-16 10:09:59 +02:00
Erik Krogh Kristensen
9dc9adda64 fix capitalization in test case 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen
3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
 2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen
c4f27ed4cc rename TaintedLength to LoopBoundInjection 2019-09-13 11:12:01 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen
119b1ffb80 changes based on review from max 2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen
3d359bc8dc Merge remote-tracking branch 'upstream/master' into taintedLength 2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen
30f1bcf5bc updated query ID and expected output 2019-09-12 15:24:33 +01:00
Erik Krogh Kristensen
bec522f0df small changes based on review feedback 2019-09-11 11:26:59 +01:00
semmle-qlci
16c95d8c5e Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting 
Approved by xiemaisi
 2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen
f3de75ae07 JS: update a js/code-injection test 2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00
Erik Krogh Kristensen
97fc10e669 Add query for detecting potential DOS form a tainted .length property 2019-09-10 14:59:48 +01:00
semmle-qlci
df1bf4a95b Merge pull request #1907 from asger-semmle/mongoose-types 
Approved by xiemaisi
 2019-09-10 12:05:57 +01:00
Max Schaefer
bdba647bf5 Merge pull request #1893 from erik-semmle/addXLinkHref 
JS: add xlink:href as xss target when using setAttribute
 2019-09-09 15:56:47 +01:00
Asger F
ad5abc61cc JS: Move typed test into separate test 2019-09-09 15:35:26 +01:00
Asger F
ea446f2aa1 JS: Use type info in mongodb/mongoose model 2019-09-09 15:35:26 +01:00
Asger F
8e397ad203 JS: Use type tracking in mongodb/mongoose model 2019-09-09 15:35:23 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
semmle-qlci
89cba089b4 Merge pull request #1892 from asger-semmle/event-handler-sink 
Approved by esben-semmle
 2019-09-09 15:33:21 +01:00
Erik Krogh Kristensen
2729566bbf add setAttributeNS('xlink', 'href',..) example in XSS test 2019-09-09 09:41:08 +01:00
Erik Krogh Kristensen
c780956f0d add setAttributeNS method in the XSS test 2019-09-06 21:56:29 +01:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Asger F
ebd7875cae JS: Add regression test 2019-09-06 15:38:55 +01:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Asger F
f7654d6f1c JS: Add test 2019-09-06 14:42:07 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00
Asger F
5aa948cd17 JS: Add angular.merge sink to prototype pollution query 2019-09-04 16:14:51 +01:00
Max Schaefer
b6220998d1 JavaScript: Restrict setAttribute sink to potentially dangerous attribute names. 2019-08-30 11:57:29 +01:00
Max Schaefer
78ce290de3 JavaScript: Fix DomMethodCallExpr.interpretsArgumentsAsHTML. 2019-08-28 11:22:03 +01:00
semmle-qlci
bb4f00d770 Merge pull request #1015 from esben-semmle/js/cli-cli 
Approved by xiemaisi
 2019-08-02 09:57:19 +01:00
Esben Sparre Andreasen
bf4a324a86 JS: add query js/indirect-command-line-injection 2019-07-31 09:24:25 +02:00
Asger F
378b0bfb74 JS: Do not treat the empty string as a credential 2019-07-30 17:29:12 +01:00
Max Schaefer
8b3e647ae9 JavaScript: Do not taint for-in loop variable. 2019-07-23 10:52:55 +01:00
Asger F
57dac1d0d5 JS: Update test output to reflect new edge relation 2019-06-25 16:41:29 +01:00
Esben Sparre Andreasen
59b7b0757a JS: make Express' res/req extend Node's res/req 2019-06-12 12:45:01 +02:00
Esben Sparre Andreasen
299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Max Schaefer
d723ab76d8 JavaScript: Fix getDelimiterMatchingRegexp to work on multi-line strings. 2019-06-05 08:09:19 +01:00
Max Schaefer
a4876270ec JavaScript: Tweak PasswordInConfigurationFile alerts. 
Only highlight first line, and include the password in the alert
message.
 2019-06-05 08:09:19 +01:00
semmle-qlci
80ff63a3bb Merge pull request #1387 from esben-semmle/js/unanchored-url-regex 
Approved by mc-semmle, xiemaisi
 2019-06-03 17:27:08 +01:00
Esben Sparre Andreasen
bf51c54338 JS: add RegExpPatternSource::getAParse to hide the subclasses 2019-06-03 14:23:22 +02:00
Max Schaefer
d8a101df6d JavaScript: Shrink Configurations.qll some more. 2019-06-03 10:32:25 +01:00
Esben Sparre Andreasen
7018a38691 JS: improve tests and regexp for js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
3289c629f7 JS: address minor review comments 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
0fa73b8331 JS: add query js/regex/missing-regexp-anchor 2019-06-03 08:29:52 +02:00
Esben Sparre Andreasen
69db54a03a JS: add anchors to js/incomplete-hostname-regexp examples 2019-06-03 08:27:49 +02:00
Max Schaefer
3097037a6f Merge pull request #1290 from esben-semmle/js/semver-lib 
JS: add SemVer library
 2019-05-31 08:09:24 +01:00
semmle-qlci
0fa06e5c8d Merge pull request #1180 from asger-semmle/tainted-path-squashed 
Approved by xiemaisi
 2019-05-30 17:20:19 +01:00
Max Schaefer
3c8aea26da JavaScript: Update expected test output. 2019-05-30 15:05:43 +01:00