hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

11357 Commits

Author SHA1 Message Date
semmle-qlci
44e4b25f42 Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen
0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen
b4952e7bfd JS: improve and expose SensitiveActions::HeuristicNames 2018-08-20 08:27:42 +02:00
Esben Sparre Andreasen
804c06bd59 JS: add models of logging frameworks 2018-08-20 08:27:42 +02:00
Robert Marsh
aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00
Robert Marsh
4da9d6d795 JavaScript: add support for Electron http client 2018-08-17 10:16:51 -07:00
Asger F
3806e4b1aa JavaScript: add tests for "import" types 2018-08-17 14:26:32 +01:00
Asger F
c902a4e880 TypeScript: add classes for "import" types 2018-08-17 14:26:32 +01:00
Asger F
875b6d0155 TypeScript: add "import" types to dbscheme 2018-08-17 14:26:32 +01:00
Asger F
4dc1462b6b JavaScript: fix performance issue in ServerSideUrlRedirect.qll 2018-08-17 14:02:19 +01:00
semmle-qlci
6132b2c419 Merge pull request #34 from esben-semmle/js/twitter_text-library 
Approved by xiemaisi
 2018-08-15 14:45:52 +01:00
semmle-qlci
8e5059f43a Merge pull request #58 from xiemaisi/js/demote-heterogeneous-comparison 
Approved by asger-semmle
 2018-08-15 09:01:24 +01:00
Max Schaefer
105b6c9d84 Merge pull request #59 from tibbes/js/fix-qhelp-typo 
JS: fix typo in qhelp (parameter type confusion)
 2018-08-15 08:36:25 +01:00
Esben Sparre Andreasen
a025dafcf5 JS: classify twitter-text library instances 2018-08-15 08:51:31 +02:00
Max Schaefer
303b0a0027 JavaScript: Demote HeterogenousComparison to warning level. 2018-08-14 15:54:07 +01:00
Julian Tibble
5456ffb64c JS: fix typo in qhelp (parameter type confusion) 2018-08-14 13:07:20 +01:00
Max Schaefer
886329689f JavaScript: Teach globalVarRef about top-level this and the global npm package. 2018-08-14 09:15:15 +01:00
Max Schaefer
9de527fbe2 Merge pull request #49 from asger-semmle/array-map-taint 
JavaScript: add taint steps through Array 'join' and 'map' methods
 2018-08-14 08:07:54 +01:00
Max Schaefer
e67f36732a JavaScript: Update expected test output due to changes in Node.js detector. 2018-08-13 14:08:14 +01:00
Asger F
d9ba5a1cab JavaScript: add test cases for new array steps 2018-08-13 12:27:12 +01:00
Asger F
66dcd7d4c7 JavaScript: add taint step from return value of 'map' callback 2018-08-13 12:15:24 +01:00
Asger F
0c124d2f8c JavaScript: add taint step through 'join' 2018-08-13 12:12:25 +01:00
semmle-qlci
c0fe0a1d24 Merge pull request #46 from asger-semmle/html-sanitizers 
Approved by xiemaisi
 2018-08-13 10:16:15 +01:00
semmle-qlci
3d0748c542 Merge pull request #48 from xiemaisi/js/webview-sinks 
Approved by asger-semmle
 2018-08-13 09:37:33 +01:00
Max Schaefer
199990feea JavaScript: Add WebView-related taint sinks for CodeInjection, DomBasedXss and ServerSideUrlRedirect. 2018-08-10 15:59:27 +01:00
Max Schaefer
3ce82aff02 JavaScript: Add basic modelling of React Native WebViews. 2018-08-10 15:59:27 +01:00
semmle-qlci
945413a791 Merge pull request #42 from tibbes/qhelp/fix-links 
Approved by jbj, xiemaisi
 2018-08-10 13:00:17 +01:00
semmle-qlci
2478c6e150 Merge pull request #43 from xiemaisi/js/odasa-7275 
Approved by
 2018-08-10 12:52:05 +01:00
Asger F
1add8b0766 JavaScript: add doc comment 2018-08-10 12:27:39 +01:00
Asger Feldthaus
2b5684d1b9 JavaScript: Add library for HTML sanitizers 2018-08-10 12:27:39 +01:00
Julian Tibble
98e866e967 C++, JS: fix broken links in query help 2018-08-10 08:40:22 +01:00
Asger F
b00938e9b3 Make NodeJSLib use moduleMember for ES6-compatibility 2018-08-09 15:10:21 +01:00
Max Schaefer
e32dc08cd0 Merge pull request #31 from esben-semmle/js/fewer-alerts-for-incomplete-object-initialization 
JS: change alert location for js/incomplete-object-initialization
 2018-08-09 13:58:11 +01:00
Max Schaefer
41da997651 JavaScript: Teach IncompleteSanitization to recognize incomplete URL {en,de}coding. 2018-08-09 12:44:16 +01:00
Max Schaefer
badb167962 Merge pull request #35 from esben-semmle/js/classify-application-insight 
JS: classify the ApplicationInsights library instance
 2018-08-09 08:12:12 +01:00
Max Schaefer
0de9eed71c Merge pull request #32 from asger-semmle/export-import-flow 
TypeScript: bugfixes for import-assign statement
 2018-08-08 16:35:43 +01:00
Esben Sparre Andreasen
2589cf70c9 JS: classify the ApplicationInsights library instance 2018-08-08 15:39:22 +02:00
Max Schaefer
355302eac4 Merge pull request #29 from esben-semmle/js/fixup-angularjs-filter-argument-index 
JS: fix an off-by-one error in the AngularJS expression AST
 2018-08-08 14:03:55 +01:00
Max Schaefer
854dc0cbeb Merge pull request #28 from esben-semmle/js/whitelist-empty-functions 
JS: permit some calls with spurious arguments to empty functions
 2018-08-08 14:03:18 +01:00
Asger F
94bac1253d TypeScript: bugfixes for import-assign statement 2018-08-08 12:02:28 +01:00
Esben Sparre Andreasen
8ee943f264 JS: restrict alert location to a single line 2018-08-08 10:50:42 +02:00
Esben Sparre Andreasen
e1947f04df JS: change alert location for js/incomplete-object-initialization 2018-08-08 10:43:52 +02:00
Esben Sparre Andreasen
4e98ce21b4 JS: permit some calls with spurious arguments to empty functions 2018-08-08 10:13:02 +02:00
Max Schaefer
1a5585c83c Merge pull request #21 from esben-semmle/js/urilibraries-members 
JS: refactor UriLibraries.qll models to use `DataFlow::moduleMember`
 2018-08-08 09:08:04 +01:00
Esben Sparre Andreasen
343b922c29 JS: fix an off-by-one error in the AngularJS expression AST 2018-08-08 09:58:57 +02:00
semmle-qlci
4d97570a1a Merge pull request #17 from xiemaisi/js/rename-unused-var 
Approved by esben-semmle
 2018-08-07 15:01:37 +01:00
Esben Sparre Andreasen
3b00b9b8da JS: refactor UriLibraries.qll models to use DataFlow::moduleMember 2018-08-07 12:58:09 +02:00
semmle-qlci
6533ddfeaf Merge pull request #20 from esben-semmle/js/more-auth-calls-and-rate-limiters 
Approved by xiemaisi
 2018-08-07 09:42:07 +01:00
Esben Sparre Andreasen
c06edd3745 Merge pull request #15 from xiemaisi/js/call-graph-data-flow 
JavaScript: Lift call graph library to data flow graph.
 2018-08-07 07:56:08 +02:00
Esben Sparre Andreasen
b6951d8249 JS: add tests for improved js/missing-rate-limiting 2018-08-06 15:15:44 +02:00