hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

6172 Commits

Author SHA1 Message Date
Asger Feldthaus
18cfe72e99 JS: Add model of d3 2021-03-11 10:05:05 +00:00
CodeQL CI
25f4b76788 Merge pull request #5045 from erik-krogh/bindRoute 
Approved by asgerf
 2021-03-11 01:39:26 -08:00
Erik Krogh Kristensen
ee9613fa79 import the Stages module from where it is used 2021-03-10 16:30:38 +01:00
Erik Krogh Kristensen
81efd726cb renamings - and simplifications of qldoc 2021-03-10 15:42:50 +01:00
Erik Krogh Kristensen
d3fca0a107 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-10 15:24:05 +01:00
Erik Krogh Kristensen
c993f9a3a3 add instance methods in the same class to localFieldStep 2021-03-10 15:19:07 +01:00
Erik Krogh Kristensen
ea6d3bde9c Update javascript/ql/src/semmle/javascript/dataflow/internal/CallGraphs.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2021-03-10 15:00:48 +01:00
Asger Feldthaus
fbca06f4e1 JS: Move TaintMetrics.qll into internal folder 2021-03-10 11:53:44 +00:00
Erik Krogh Kristensen
49b1bfc41b add a step for referencing instance/static methods on classes 2021-03-10 10:57:28 +01:00
Erik Krogh Kristensen
518bfa4d41 move getAnInstanceMemberAccess to ClassNode 2021-03-09 16:37:36 +01:00
Erik Krogh Kristensen
11793800ad support subrouters, and engine registrations with file extensions 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
70b8cdee9b add qhelp 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
28951e98c4 add engine filter to js/template-object-injection 2021-03-09 16:17:33 +01:00
Erik Krogh Kristensen
b30484dd69 behaviour preserving refactorization into modules 2021-03-09 16:17:29 +01:00
Erik Krogh Kristensen
caf1dbdc46 move TemplateObjectInjection out of experimental 2021-03-09 11:29:45 +01:00
Erik Krogh Kristensen
25ef3edb20 combine stages by introducing extended stages 2021-03-08 20:48:15 +01:00
Anders Schack-Mulligen
aeb13146d2 Merge pull request #5275 from Marcono1234/marcono1234/included-qhelp-files 
Use `.inc.qhelp` extension for included help files
 2021-03-08 16:26:32 +01:00
Jaroslav Lobačevski
673e64909a github actions queries 2021-03-06 10:27:11 +02:00
CodeQL CI
d7b9251b0d Merge pull request #5262 from max-schaefer/event-handler-receiver-is-dom-element 
Approved by asgerf
 2021-03-05 02:04:59 -08:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
CodeQL CI
15049ca853 Merge pull request #5183 from erik-krogh/next 
Approved by asgerf
 2021-03-04 04:57:43 -08:00
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
CodeQL CI
342c7abd74 Merge pull request #5301 from asgerf/js/ajv-model 
Approved by erik-krogh
 2021-03-04 01:27:38 -08:00
Taus
c1fd48468a Merge pull request #5286 from RasmusWL/share-crypto-algorithms 
Python/JS: Share modeling of crypto algorithms
 2021-03-03 17:00:01 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Rasmus Wriedt Larsen
c3175ae7b1 Python/JS: Sync CryptoAlgorithms.qll 2021-03-03 14:18:33 +01:00
Erik Krogh Kristensen
b9450c901a remove development comment 2021-03-03 11:18:09 +01:00
Erik Krogh Kristensen
95a1edcabc refactor FunctionStyleClass to get a better join-order 2021-03-02 15:22:38 +01:00
Erik Krogh Kristensen
4d33407f6c optimize getACalleeValue 2021-03-02 15:21:36 +01:00
Asger F
919ee38049 Update javascript/ql/src/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-02 14:02:35 +00:00
Asger F
6c884f86d2 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-03-02 14:01:59 +00:00
Asger Feldthaus
5d27cd934d JS: Move Source def into customizations lib 2021-03-02 13:52:33 +00:00
Asger Feldthaus
d916118ea4 JS: Move ExceptionXss source into Xss.qll 2021-03-02 13:16:10 +00:00
Erik Krogh Kristensen
47f4faa4e2 use local dataflow instead of type-inference for mayHaveBooleanValue 2021-03-02 14:06:38 +01:00
Erik Krogh Kristensen
ae56285331 use callgraph instead of type-inference for array taint-steps 2021-03-02 14:06:09 +01:00
Erik Krogh Kristensen
b20ce8bfca use callgraph instead of TypeInference in Testing.qll 2021-03-02 14:04:23 +01:00
Asger Feldthaus
31721b5fe3 JS: Fix missing qldoc 2021-03-02 12:39:05 +00:00
Asger Feldthaus
0bd60c1989 JS: Autoformat 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
24199a5499 JS: Add query for resource exhaustion from deep object handling 2021-03-02 12:39:04 +00:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
1f02594ccc rename and move getAPropertyNameInterpretedAsJavaScriptUrl 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
5b5baced9a add support for replace in Next.js router 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
0e7e3e6178 support Next.js pages that export React components 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a5cf024c9f add support for getServerSideProps in Next.js 2021-03-02 12:25:49 +01:00