hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,668 Commits 1,672 Branches 157 Tags
esbena/query-result-test
Commit Graph

5161 Commits

Author SHA1 Message Date
Asger Feldthaus
d07e69e529 JS: Improve handling of destructuring export declaration 2020-11-05 23:51:44 +00:00
CodeQL CI
a908e5938e Merge pull request #4574 from erik-krogh/jsdom 
Approved by asgerf
 2020-11-05 22:13:39 +00:00
Erik Krogh Kristensen
9137759d7c calculate the size of the concatenation before doing the actual concatenation in Expr.qll 2020-11-05 22:55:52 +01:00
Erik Krogh Kristensen
e124ba66b4 moving jsdom sink to js/xss 2020-11-05 16:10:33 +01:00
CodeQL CI
89a808cafe Merge pull request #4552 from erik-krogh/tsImport 
Approved by asgerf
 2020-11-05 09:23:58 +00:00
CodeQL CI
b55f18bffd Merge pull request #4549 from erik-krogh/pruneReturn 
Approved by asgerf
 2020-11-05 09:13:21 +00:00
CodeQL CI
c85f817cee Merge pull request #4579 from erik-krogh/redos 
Approved by asgerf
 2020-11-05 08:38:44 +00:00
Erik Krogh Kristensen
342b6a4f2d Update javascript/ql/src/semmle/javascript/security/performance/SuperlinearBackTracking.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-11-04 22:37:56 +01:00
Erik Krogh Kristensen
e16fa0668a update expected output 2020-11-04 18:24:31 +01:00
Asger Feldthaus
5eb3067f58 JS: Add test case 2020-11-04 16:50:23 +00:00
Erik Krogh Kristensen
03c46c9be0 autoformat 2020-11-04 16:18:24 +01:00
Erik Krogh Kristensen
b02004430c prune results that end with newline, where the input cannot contain newlines 2020-11-03 14:48:39 +01:00
Erik Krogh Kristensen
120faf9d1a add a code injection sink for JSDOM when "runScripts" is set to "dangerously" 2020-11-03 14:29:00 +01:00
Erik Krogh Kristensen
e6e4a485c8 add JSDOM.fromUrl() as a request forgery sink 2020-11-02 17:05:56 +01:00
CodeQL CI
4a59e69722 Merge pull request #4564 from asgerf/js/react-hooks 
Approved by esbena
 2020-10-30 21:00:31 +00:00
Asger Feldthaus
c7667d372e JS: Address review comments 2020-10-30 16:25:30 +00:00
Erik Krogh Kristensen
39028f62a3 add test for outDir 2020-10-30 10:37:10 +01:00
Asger Feldthaus
6ab7846e81 JS: Restrict getAContextInput 2020-10-30 09:28:06 +00:00
Erik Krogh Kristensen
ebc4856456 detect more expensive regexps in js/polynomial-redos 2020-10-30 09:52:13 +01:00
CodeQL CI
7856e784e1 Merge pull request #4566 from asgerf/js/classnames 
Approved by erik-krogh
 2020-10-29 11:00:06 +00:00
Asger Feldthaus
fee944ac2a Merge branch 'js/react-hooks' of github.com:asgerf/codeql into js/react-hooks 2020-10-29 10:38:21 +00:00
Asger Feldthaus
a4a6e3beb3 JS: Update dataflow tests 2020-10-29 10:38:09 +00:00
Asger Feldthaus
4343fbff0e Merge branch 'js/classnames' of github.com:asgerf/codeql into js/classnames 2020-10-28 17:00:14 +00:00
Asger Feldthaus
469767d279 JS: Fix test output 2020-10-28 17:00:05 +00:00
Asger F
581441d585 Update javascript/ql/src/semmle/javascript/frameworks/React.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-10-28 16:29:15 +00:00
Asger Feldthaus
f99db23e7b JS: Add test and fix for contextType 2020-10-28 16:23:36 +00:00
Asger F
056ce38dad Update javascript/ql/src/semmle/javascript/frameworks/Classnames.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-10-28 14:35:37 +00:00
Asger Feldthaus
081017ea8a JS: Autoformat 2020-10-28 13:58:02 +00:00
Asger Feldthaus
3d86e855f3 JS: Add model of classnames and clsx 2020-10-28 13:56:35 +00:00
Asger Feldthaus
7ee3846142 JS: Add missing qldoc 2020-10-28 12:43:48 +00:00
Asger Feldthaus
7a3f0095f6 JS: Autoformat 2020-10-28 11:57:23 +00:00
Asger Feldthaus
d116b424f4 JS: Add model of react hooks and react-router 2020-10-28 11:57:11 +00:00
Asger Feldthaus
42c03ab2fd JS: Add flow steps through dynamic imports 2020-10-28 11:57:08 +00:00
Erik Krogh Kristensen
75d996a0f9 make promisify smaller 2020-10-28 11:59:21 +01:00
Erik Krogh Kristensen
bce06d3194 add test that promisify is not imprecise 2020-10-28 11:59:03 +01:00
Erik Krogh Kristensen
c49d5081cc Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-10-28 11:45:58 +01:00
Asger Feldthaus
a9adb2912a JS: Improve lodash model 2020-10-28 10:09:41 +00:00
Asger Feldthaus
9fc5c0bdb8 JS: Update ComposedFunctions 2020-10-28 10:09:40 +00:00
Erik Krogh Kristensen
2e514c4d7b add model for Node Redis 2020-10-28 09:52:54 +01:00
Asger Feldthaus
7345df63c0 JS: Include DataFlow::AdditionalFlowStep in TaintSteps metric 2020-10-27 08:41:50 +00:00
Erik Krogh Kristensen
33465dbe6b refactor parameterPropRead and reachesReturn to get a slight performance improvement 2020-10-26 16:49:49 +01:00
Asger Feldthaus
c353f61091 JS: Add test case 2020-10-26 09:58:37 +00:00
Asger Feldthaus
f6c0972523 JS: Guard other uses of Gson.fromJson 2020-10-26 09:54:55 +00:00
Asger Feldthaus
fc12b0bb5e JS: Do not crash on empty package.json file 2020-10-26 09:54:51 +00:00
Erik Krogh Kristensen
0b41a59dbf add support for imports into "outDir" from tsconfig.json 2020-10-25 22:51:21 +01:00
toufik-airane
7d2741a287 Add newline 2020-10-23 17:42:55 +02:00
toufik-airane
3ccdc2c518 Update ElectronShellOpenExternalSink location 
Move the class ElectronShellOpenExternalSink to
ClientSideUrlRedirect.qll. It's been to be a more appropriate location.
 2020-10-23 17:39:03 +02:00
toufik-airane
e87790b828 Add ElectronShellOpenExternalSink class 
Add ElectronShellOpenExternalSink class to detect untrusted input
interpreted by `openExternal` function call in `electron` module.

Based on the #14 Electron Security checklist:
https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content
 2020-10-23 15:41:03 +02:00
Aditya Sharad
9ff5142529 Merge pull request #4525 from adityasharad/js/autobuild-github-hidden-folder 
JavaScript: Include .github hidden folders in autobuild
 2020-10-21 07:10:42 -07:00
CodeQL CI
da58306f2d Merge pull request #4506 from asgerf/js/separate-jquery-config 
Approved by esbena
 2020-10-21 03:13:42 -07:00