hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,671 Branches 157 Tags
cs/assembly-prefix
Commit Graph

1713 Commits

Author SHA1 Message Date
semmle-qlci
d0d3882121 Merge pull request #1919 from esben-semmle/js/fixup-1 
Approved by asger-semmle, xiemaisi
 2019-09-13 10:40:38 +01:00
semmle-qlci
1313821a25 Merge pull request #1904 from erik-semmle/passportModel 
Approved by asger-semmle, esben-semmle
 2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen
5b2b60f132 change DOS to DoS, and other small documentation fixes 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen
c2efb0afe7 two tiny qldoc changes 2019-09-12 16:58:07 +01:00
Erik Krogh Kristensen
119b1ffb80 changes based on review from max 2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen
3d359bc8dc Merge remote-tracking branch 'upstream/master' into taintedLength 2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen
30f1bcf5bc updated query ID and expected output 2019-09-12 15:24:33 +01:00
Erik Krogh Kristensen
2db0cdf4e2 two small qhelp fixes 2019-09-12 10:00:08 +01:00
semmle-qlci
72db219c13 Merge pull request #1910 from xiemaisi/js/unused-index-variable 
Approved by esben-semmle, shati-semmle
 2019-09-11 14:33:32 +01:00
Erik Krogh Kristensen
493a31d98d more fixes based on review 2019-09-11 12:53:59 +01:00
Max Schaefer
500cde68c3 JavaScript: Add new query UnusedIndexVariable. 2019-09-11 11:36:50 +01:00
Erik Krogh Kristensen
bec522f0df small changes based on review feedback 2019-09-11 11:26:59 +01:00
Esben Sparre Andreasen
086c473c18 JS: sharpen js/http-to-file-access 2019-09-11 12:05:33 +02:00
Esben Sparre Andreasen
0e31cad027 JS: simplify this.getStringValue() to getStringValue() 2019-09-11 10:56:49 +02:00
Esben Sparre Andreasen
ee106ccff9 JS: simplify asExpr().getStringValue() calls 2019-09-11 10:56:57 +02:00
Esben Sparre Andreasen
aab17850d1 JS: eliminate redundant ConstantString casts 2019-09-11 10:56:49 +02:00
semmle-qlci
16c95d8c5e Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting 
Approved by xiemaisi
 2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen
e41080fb40 JS: add RemoteServerResponse as a heuristic remote flow source 2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen
3e42b078e8 JS: minor additions to ClientRequest::getAResponseDataNode 2019-09-11 09:24:59 +02:00
Erik Krogh Kristensen
72bbd4ded1 fix spelling mistake 2019-09-10 17:13:44 +01:00
Erik Krogh Kristensen
62d1f66fda avoid extending the abstract LoopStmt class 2019-09-10 17:08:00 +01:00
Erik Krogh Kristensen
6bb9781466 remove <br/> tags 2019-09-10 16:57:15 +01:00
Erik Krogh Kristensen
97fc10e669 Add query for detecting potential DOS form a tainted .length property 2019-09-10 14:59:48 +01:00
semmle-qlci
df1bf4a95b Merge pull request #1907 from asger-semmle/mongoose-types 
Approved by xiemaisi
 2019-09-10 12:05:57 +01:00
Max Schaefer
bdba647bf5 Merge pull request #1893 from erik-semmle/addXLinkHref 
JS: add xlink:href as xss target when using setAttribute
 2019-09-09 15:56:47 +01:00
Asger F
ea446f2aa1 JS: Use type info in mongodb/mongoose model 2019-09-09 15:35:26 +01:00
Asger F
8e397ad203 JS: Use type tracking in mongodb/mongoose model 2019-09-09 15:35:23 +01:00
semmle-qlci
e899250e87 Merge pull request #1894 from asger-semmle/fp-incorrect-suffix-check 
Approved by xiemaisi
 2019-09-09 15:33:47 +01:00
semmle-qlci
89cba089b4 Merge pull request #1892 from asger-semmle/event-handler-sink 
Approved by esben-semmle
 2019-09-09 15:33:21 +01:00
Erik Krogh Kristensen
03b210a8e1 made the two Passport classes in the Express model private 2019-09-09 13:04:47 +01:00
semmle-qlci
2283195ebd Merge pull request #1871 from asger-semmle/type-tracking-through-imports 
Approved by xiemaisi
 2019-09-09 12:25:06 +01:00
Erik Krogh Kristensen
26f6b1d186 add model for passport.use in the Express model 2019-09-09 12:01:11 +01:00
Asger F
631ff27d31 JS: Use ValueNode for all ImportSpecifiers 2019-09-09 10:53:13 +01:00
Asger F
61e1d793df JS: Fixes in DeadStoreOfLocal 2019-09-09 10:51:21 +01:00
Asger F
afcdc12e7b JS: Use ValueNode, not SSA node, to model NamedImportSpecifier 2019-09-09 10:51:17 +01:00
Esben Sparre Andreasen
2a22471975 JS: address review comments 2019-09-09 10:31:40 +02:00
Esben Sparre Andreasen
5d6997c1c9 JS: additional extraction metrics cleanup 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
03d38ca54b JS: simplify cache interaction 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
6dbe827dd3 JS: add QL classes for the extraction metrics 2019-09-09 09:05:12 +02:00
Esben Sparre Andreasen
7fcde4c130 JS: add extraction metrics to the dbscheme 2019-09-09 09:05:12 +02:00
Asger F
7007698de4 JS: Fix the FP 2019-09-06 15:39:40 +01:00
Erik Krogh Kristensen
ccdc821c5d add xlink:href as xss target when using setAttribute 2019-09-06 14:43:47 +01:00
Asger F
fa95871f46 JS: Add event handler sink to code injection 2019-09-06 14:33:00 +01:00
Anders Schack-Mulligen
ca45fb5a60 JavaScript: Autoformat. 2019-09-06 09:04:51 +02:00
semmle-qlci
33329f95c2 Merge pull request #1874 from asger-semmle/express-types 
Approved by esben-semmle, xiemaisi
 2019-09-05 16:42:28 +01:00
semmle-qlci
fd2e8486e4 Merge pull request #1862 from asger-semmle/prototype-pollution-angular-merge 
Approved by esben-semmle
 2019-09-05 12:50:58 +01:00
semmle-qlci
e6bfe2bd5d Merge pull request #1873 from asger-semmle/type-inf-consistency 
Approved by xiemaisi
 2019-09-05 12:46:59 +01:00
Asger F
61c4d30dd6 JS: Use express module instead 2019-09-05 12:09:24 +01:00
Esben Sparre Andreasen
a9665f53b8 JS: whitelist quote stripping for js/incomplete-sanitization 2019-09-05 09:47:49 +01:00