hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,668 Commits 1,672 Branches 157 Tags
esbena/query-result-test
Commit Graph

5161 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
Erik Krogh Kristensen
b0be0eb805 fix qhelp links 2020-06-17 11:50:44 +02:00
Erik Krogh Kristensen
fa0a8c3423 add documentation examples as tests 2020-06-17 11:37:32 +02:00
Erik Krogh Kristensen
b42824640d add qhelp for js/exposure-of-private-files 2020-06-17 11:29:24 +02:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
Erik Krogh Kristensen
639907967f add home/rootdir as leaking folders 2020-06-17 10:46:42 +02:00
Erik Krogh Kristensen
6675ddae12 add more libraries that serve static files to js/exposure-of-private-files 2020-06-17 10:00:59 +02:00
Erik Krogh Kristensen
fb5e13b456 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-16 23:45:45 +02:00
Erik Krogh Kristensen
d811518a2e fixed from doc review, and add fixed example for js/biased-cryptographic-random using a secure library 2020-06-16 23:26:54 +02:00
Erik Krogh Kristensen
210e71cd93 update expected output 2020-06-16 21:52:59 +02:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
Erik Krogh Kristensen
5ce17bea60 add qhelp for js/bad-code-sanitization 2020-06-16 16:23:41 +02:00
Erik Krogh Kristensen
a0951f76b6 add additional taint steps when type-tracking RemoteFlowSource 2020-06-16 14:55:07 +02:00
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
Erik Krogh Kristensen
696879653a add qhelp to js/biased-cryptographic-random 2020-06-16 11:10:09 +02:00
Erik Krogh Kristensen
5e060fa6a8 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:47:40 +02:00
Erik Krogh Kristensen
315faaffee small corrections in documentation 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:40:27 +02:00
Asger Feldthaus
23d28967a7 JS: Autoformat 2020-06-15 20:40:17 +01:00
Asger Feldthaus
3242f5ed94 JS: Include qhelp example in test suite 2020-06-15 17:37:26 +01:00
Asger Feldthaus
824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
Asger Feldthaus
f380898126 JS: Add test showing duplicate alerts 2020-06-15 16:40:37 +01:00
Asger Feldthaus
51d143d6f1 JS: Add test with destructuring pattern that looks like type annotations 2020-06-15 16:35:36 +01:00
Erik Krogh Kristensen
3ef5dc74a1 add backtracking to find division that end up being rounded 2020-06-15 17:10:10 +02:00
Erik Krogh Kristensen
e8db624e74 add .jar and .war to the list of sensitive files for js/insecure-download 2020-06-15 16:48:07 +02:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Erik Krogh Kristensen
d2716c532c qhelp 2020-06-15 14:59:48 +02:00
Asger Feldthaus
17010e25a1 JS: Update another test 2020-06-15 13:55:46 +01:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Erik Krogh Kristensen
fe9aa241a1 add qhelp 2020-06-15 13:47:39 +02:00
Erik Krogh Kristensen
4d1920eec1 add .js and .py files to js/insecure-download 2020-06-15 12:48:50 +02:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
Asger Feldthaus
c4179eb81d JS: Update test 2020-06-15 11:13:20 +01:00
semmle-qlci
b6b838774e Merge pull request #3704 from asger-semmle/js/cve-serve 
Approved by esbena
 2020-06-15 09:54:17 +01:00
Asger Feldthaus
c7f74e47e2 JS: Autoformat 2020-06-15 09:51:42 +01:00
Asger Feldthaus
315f3389d1 JS: Autoformat test 2020-06-12 19:58:05 +01:00
Asger F
d844e0025a Merge pull request #3651 from esbena/js/bad-multicharacter-sanitization 
JS: initial version of IncompleteMultiCharacterSanitization.ql
 2020-06-12 16:25:22 +01:00
Asger Feldthaus
b9cd157c0f JS: Autoformat 2020-06-12 15:36:02 +01:00
Esben Sparre Andreasen
678bb7c128 JS: simplify loop detection 2020-06-12 14:56:08 +02:00
Asger Feldthaus
eaf6be5fea JS: Fix lazy qldoc 2020-06-12 13:29:35 +01:00
Asger Feldthaus
5548606f21 JS: Add test 2020-06-12 13:02:33 +01:00
Erik Krogh Kristensen
01c51eea89 Merge pull request #3680 from erik-krogh/bad-code-sanitizer 
JS: Add query to detect bad code sanitizers
 2020-06-12 14:00:21 +02:00
Asger Feldthaus
4795b87daa JS: Add model of Micro 2020-06-12 12:45:11 +01:00
Asger Feldthaus
230f78afb6 JS: Step through path.{format, parse} 2020-06-12 12:26:45 +01:00
semmle-qlci
2342d3dba3 Merge pull request #3662 from asger-semmle/js/package-export-fixes 
Approved by esbena
 2020-06-12 12:18:23 +01:00
Erik Krogh Kristensen
f0ec2eb37b add missing qldoc 2020-06-12 11:47:53 +02:00