codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
Asger F	c1e9eec267	JS: Modernize jQuery attribute defs	2019-10-07 08:29:42 +01:00
Asger F	284a24c18e	JS: Update tests with deprecation warning	2019-10-07 08:29:42 +01:00
Asger F	fb181c2d14	JS: Use type info and type tracking in jQuery	2019-10-07 08:29:42 +01:00
Erik Krogh Kristensen	b741a65e9b	documentation changes based on review Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-10-04 14:42:16 +02:00
Erik Krogh Kristensen	c0b7538cf0	made the blacklist for methods named "function" work again	2019-10-02 14:56:41 +02:00
Erik Krogh Kristensen	584b9d4e30	update expected test output	2019-10-01 15:53:37 +02:00
Erik Krogh Kristensen	1e2aad5a29	fix pointer in .qlref, and update expected test results	2019-10-01 14:56:00 +02:00
Erik Krogh Kristensen	aa1368741b	rename suspicious-method-name to suspicious-method-name-declaration	2019-10-01 14:37:07 +02:00
Erik Krogh Kristensen	0320f0f26b	add query for detecting suspisous method names in TypeScript	2019-09-30 13:05:50 +02:00
Erik Krogh Kristensen	7fb8f8453d	fix for when the concatenation root is in parentheses	2019-09-26 16:35:38 +02:00
Erik Krogh Kristensen	69365ccd03	remove false positive in missingSpaceInAppend by requring the presence of a word-like fragment	2019-09-26 12:59:05 +02:00
Asger F	c2f6855a7b	JS: Update tests	2019-09-26 10:17:58 +01:00
Asger F	b4f67f20af	JS: Extract types and signatures for functions	2019-09-26 10:17:58 +01:00
Asger F	405d43d539	JS: Merge CallSignatureTypes test	2019-09-26 10:17:58 +01:00
Asger F	97494290de	JS: Add getOverloadIndex()	2019-09-26 10:17:58 +01:00
Asger F	8ca294ae41	JS: Merge TypeScript/CallSignatures test	2019-09-26 10:17:58 +01:00
Max Schaefer	d4fca84898	JavaScript: Improve XSS sanitizer detection. We now use local data flow to detect more regexp-based sanitizers.	2019-09-23 17:07:06 +01:00
semmle-qlci	825a3d2917	Merge pull request #1954 from asger-semmle/type-tracking-through-captured-vars Approved by xiemaisi	2019-09-23 12:10:30 +01:00
semmle-qlci	e2c941c577	Merge pull request #1916 from erik-krogh/taintedLength Approved by asger-semmle, xiemaisi	2019-09-23 11:47:48 +01:00
Max Schaefer	149ae5d7ab	JavaScript: Fix IllegalInvocation. This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.	2019-09-23 07:44:14 +01:00
Asger F	1ce0a48996	JS: Update tests	2019-09-20 15:41:36 +01:00
semmle-qlci	6f2e485ace	Merge pull request #1950 from xiemaisi/js/rate-limiter-flexible Approved by esben-semmle	2019-09-19 12:45:45 +01:00
Asger F	e724f92ee8	JS: Also summarize loads	2019-09-18 16:18:10 +01:00
Asger F	ffc69cb61e	JS: Summarize functions in type tracking	2019-09-18 16:17:59 +01:00
Asger F	3479f02082	JS: Add test showing lack of flow out of inner function	2019-09-18 16:17:22 +01:00
Max Schaefer	3970ead7ab	JavaScript: Add support for `rate-limiter-flexible` package.	2019-09-18 12:25:33 +01:00
Esben Sparre Andreasen	ac6554b7da	Merge branch 'master' into js/improve-getAResponseDataNode	2019-09-17 13:18:41 +02:00
Esben Sparre Andreasen	a5645e168a	JS: exclude keys from whitelist	2019-09-16 10:13:18 +02:00
Esben Sparre Andreasen	0e2d2f8662	JS: whitelist some hardcoded dummy-passwords in two queries	2019-09-16 10:11:43 +02:00
Esben Sparre Andreasen	aa3f4a7048	JS: change passwords in tests	2019-09-16 10:09:59 +02:00
Erik Krogh Kristensen	9dc9adda64	fix capitalization in test case Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:54:18 +01:00
Erik Krogh Kristensen	3fb64abb09	fix consistency and spelling in the documentation suggestions from the documentation team Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>	2019-09-13 14:52:11 +01:00
Erik Krogh Kristensen	c4f27ed4cc	rename TaintedLength to LoopBoundInjection	2019-09-13 11:12:01 +01:00
semmle-qlci	d0d3882121	Merge pull request #1919 from esben-semmle/js/fixup-1 Approved by asger-semmle, xiemaisi	2019-09-13 10:40:38 +01:00
semmle-qlci	1313821a25	Merge pull request #1904 from erik-semmle/passportModel Approved by asger-semmle, esben-semmle	2019-09-13 10:38:14 +01:00
Erik Krogh Kristensen	5b2b60f132	change DOS to DoS, and other small documentation fixes Co-Authored-By: Max Schaefer <max@semmle.com>	2019-09-13 10:26:01 +01:00
Erik Krogh Kristensen	119b1ffb80	changes based on review from max	2019-09-12 16:30:42 +01:00
Erik Krogh Kristensen	3d359bc8dc	Merge remote-tracking branch 'upstream/master' into taintedLength	2019-09-12 15:24:36 +01:00
Erik Krogh Kristensen	30f1bcf5bc	updated query ID and expected output	2019-09-12 15:24:33 +01:00
semmle-qlci	72db219c13	Merge pull request #1910 from xiemaisi/js/unused-index-variable Approved by esben-semmle, shati-semmle	2019-09-11 14:33:32 +01:00
Max Schaefer	500cde68c3	JavaScript: Add new query `UnusedIndexVariable`.	2019-09-11 11:36:50 +01:00
Esben Sparre Andreasen	9aa0e711b2	JS: update expected output	2019-09-11 12:33:41 +02:00
Erik Krogh Kristensen	bec522f0df	small changes based on review feedback	2019-09-11 11:26:59 +01:00
Esben Sparre Andreasen	ee106ccff9	JS: simplify `asExpr().getStringValue()` calls	2019-09-11 10:56:57 +02:00
Esben Sparre Andreasen	aab17850d1	JS: eliminate redundant `ConstantString` casts	2019-09-11 10:56:49 +02:00
semmle-qlci	16c95d8c5e	Merge pull request #1876 from esben-semmle/js/more-delimiter-stripping-whitelisting Approved by xiemaisi	2019-09-11 09:16:57 +01:00
Esben Sparre Andreasen	f3de75ae07	JS: update a js/code-injection test	2019-09-11 09:45:54 +02:00
Esben Sparre Andreasen	f7bfc472c1	JS: treat server responses as untrusted for command injections	2019-09-11 09:38:18 +02:00
Erik Krogh Kristensen	97fc10e669	Add query for detecting potential DOS form a tainted .length property	2019-09-10 14:59:48 +01:00
semmle-qlci	df1bf4a95b	Merge pull request #1907 from asger-semmle/mongoose-types Approved by xiemaisi	2019-09-10 12:05:57 +01:00

1 2 3 4 5 ...

1119 Commits