hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayCallerJava
Commit Graph

104 Commits

Author SHA1 Message Date
Napalys
171a84609e Applied copilot suggestion. 2025-04-10 14:13:48 +02:00
Napalys
ce2fc25cdb Added make-dir model as data 2025-04-09 14:42:29 +02:00
Napalys Klicius
f02783a9c6 Merge pull request #19210 from Napalys/js/mkdirp 
JS: Modeling of `mkdirp` functions
 2025-04-09 13:43:37 +02:00
Napalys
b8802a29f4 Added open package model as data. 2025-04-08 08:12:30 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys
533f1a93e2 JS: Added test cases for mkdirp. 2025-04-03 10:45:12 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
e1bf054056 Added support for lutimes, opendir, and statfs functions from fs-extra. 2025-03-28 08:37:30 +01:00
Napalys
55c74b2bac Added support for emptydir functions from fs-extra. 2025-03-28 08:37:28 +01:00
Napalys
e386448f60 Added support for missing rm functions from fs-extra 2025-03-28 08:37:22 +01:00
Napalys
7a08f32e16 Added support for cp functions from fs-extra. 2025-03-28 08:36:26 +01:00
Napalys
ae645e49ba Added support for @hapi/hapi server. 2025-03-26 11:41:11 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
87518ba60e JS: Update tainted-sendFile.js 
This file was added on main while this branch was in progress. Porting the whole file in one step.
 2025-02-28 13:29:25 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
f8dc7eb25b JS: Update output from tests that changed on main 2024-12-19 15:25:47 +01:00
Asger F
8818fcc207 JS: Benign test output changes 2024-11-26 15:47:13 +01:00
Asger F
a2dd47aeb2 JS: Update test output 
These files conflicted and have been regenerated.
 2024-08-22 14:27:15 +02:00
Asger F
c3806a2210 JS: Messy test output updates 
These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking
changes in the data flow library. I wanted the breaking-change updates to live in their own commits,
not just eaten by a merge resolution commit, so the test output became broken for a while.

The '#select' result set is unchanged in all of these, so they should be safe to accept.
 2024-06-27 11:59:56 +02:00
Asger F
5e7d1d5c2c Merge branch 'main' into js/shared-dataflow-merged 2024-03-13 14:27:16 +01:00
Max Schaefer
d147faba4e Update qhelp for js/path-injection. 2023-11-20 11:58:00 +00:00
Asger F
65e9706c8e JS: Port TaintedPath 2023-10-13 13:15:03 +02:00
Asger F
fe90146a16 JS: Add test for path.join with spread argument 2023-07-10 12:07:07 +02:00
Asger F
06bc0f6957 JS: Add test for fs/promises 2023-07-10 12:05:03 +02:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
erik-krogh
aa56ca37ae make the alert messages of taint-tracking queries more consistent 2022-09-05 14:04:52 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
Erik Krogh Kristensen
7cef4322e7 add model for chownr 2022-06-29 22:09:23 +02:00
Stephan Brandauer
fb66ccff39 handlebars taint step: conservatively assume unknown templates have no flow to helpers 2022-04-13 09:27:59 +02:00
Stephan Brandauer
9c3fcb6268 precise tracking of handlebars arguments 2022-03-28 17:26:43 +02:00
Stephan Brandauer
0bd9e9f298 add handlebars taint step 2022-03-24 11:46:16 +01:00
Stephan Brandauer
4ee290acd3 update test for 'node:' prefix 2022-01-25 14:25:44 +01:00
Esben Sparre Andreasen
9ffc02944d add file write model for express-fileupload mv 2021-12-10 15:05:34 +01:00
Asger Feldthaus
5f4c1dd19b JS: Support regexp-based path traversal check 2021-11-02 14:12:05 +01:00
Asger Feldthaus
83edcf515b JS: Add test for regexp-based sanitizer 2021-11-02 14:12:04 +01:00
Erik Krogh Kristensen
32ac8778bd add the cwd option to shell executions as a sink to js/path-injection 2021-08-23 07:32:05 +02:00
CodeQL CI
a02a82caac Merge pull request #6284 from erik-krogh/qs 
Approved by asgerf
 2021-07-16 02:11:59 -07:00
Erik Krogh Kristensen
14b26f2a68 add mkdirp as a sink for tainted-path 2021-07-14 19:32:22 +02:00
Erik Krogh Kristensen
f462c9bb76 add taint through the parseqs library 2021-07-14 17:22:35 +02:00
Erik Krogh Kristensen
bec1818fc7 add taint through the normalize-url library 2021-07-14 17:15:14 +02:00
Erik Krogh Kristensen
193ddfc771 add taint through the qs library 2021-07-14 16:56:51 +02:00
CodeQL CI
436168aa4f Merge pull request #6267 from erik-krogh/read-pkg 
Approved by asgerf
 2021-07-14 01:01:33 -07:00
Erik Krogh Kristensen
07bc5856db add the cwd option from read-pkg as sink for path-injection 2021-07-12 23:43:15 +02:00
Erik Krogh Kristensen
899e54fbc9 add support for the slash library 2021-07-12 16:36:54 +02:00
Erik Krogh Kristensen
4360e5dcbc add model of the thenify library 2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen
61cc415a32 add model of the util.promisify library 2021-06-22 11:55:58 +02:00
Erik Krogh Kristensen
2f3ea4412f add model of the pify library 2021-06-22 11:55:54 +02:00