hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,620 Commits 1,671 Branches 157 Tags
ginsbach/withInstanceof
Commit Graph

6036 Commits

Author SHA1 Message Date
Philip Ginsbach
8cdd8b6ae0 use instanceof extensions in javascript 2021-05-12 18:58:45 +01:00
Erik Krogh Kristensen
0194af9432 convert field based range pattern to casting based range pattern 2021-05-12 16:49:43 +02:00
CodeQL CI
922b276fac Merge pull request #5728 from asgerf/js/source-sink-queries 
Approved by erik-krogh
 2021-05-11 05:04:47 -07:00
yoff
a7f97895ac Merge pull request #5863 from erik-krogh/printReg 
JS: add printAst.ql support for regular expressions
 2021-05-11 12:45:49 +02:00
yoff
549c9eee1a Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00
CodeQL CI
a87731115a Merge pull request #5860 from max-schaefer/js/improve-sql-modelling 
Approved by asgerf
 2021-05-11 02:24:52 -07:00
CodeQL CI
beb66fc4db Merge pull request #5719 from asgerf/js/nestjs 
Approved by esbena
 2021-05-11 02:08:27 -07:00
CodeQL CI
a3d17a1437 Merge pull request #5769 from erik-krogh/libXss 
Approved by esbena
 2021-05-10 05:58:07 -07:00
Erik Krogh Kristensen
504c34ed2c use shouldPrint to filter out regular expressions from other files 2021-05-10 14:51:13 +02:00
Erik Krogh Kristensen
d6f9e37e39 add printAst.ql support for regular expressions 2021-05-10 13:31:00 +02:00
Max Schaefer
8f91e9eba0 JavaScript: Model chaining calls in sqlite3. 2021-05-10 10:58:58 +01:00
Asger F
f4e636dcd6 Update javascript/ql/src/semmle/javascript/frameworks/ClassValidator.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-10 10:08:10 +01:00
CodeQL CI
097b6e5e33 Merge pull request #5794 from erik-krogh/rxPipe 
Approved by asgerf
 2021-05-10 02:06:34 -07:00
Erik Krogh Kristensen
d913668943 move hasPathWithoutUnmatchedReturn to Configuration.qll 2021-05-10 10:55:33 +02:00
Erik Krogh Kristensen
b4e35f54d9 fix typo 2021-05-10 10:48:43 +02:00
Erik Krogh Kristensen
646bf99489 rewrite the qhelp to focus more on documenting unsafe functions 2021-05-10 10:48:40 +02:00
Asger Feldthaus
df5eab33f9 JS: Update relevantTaintSource() 2021-05-10 09:43:33 +01:00
Erik Krogh Kristensen
3fe5dd0f35 add comment about filtering away jQuery from the source 2021-05-10 10:05:18 +02:00
Erik Krogh Kristensen
b53759c5a0 corrections after code review 2021-05-06 22:49:25 +02:00
CodeQL CI
7a7586488a Merge pull request #5833 from erik-krogh/filterStep 
Approved by esbena
 2021-05-06 13:47:23 -07:00
Erik Krogh Kristensen
be69c3a458 Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-06 21:59:35 +02:00
Erik Krogh Kristensen
2d1ba59e6d Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-06 21:55:30 +02:00
Erik Krogh Kristensen
3815797dda add sanitizers from DOM and jQuery queries 2021-05-06 11:05:03 +02:00
Erik Krogh Kristensen
8ba5bddae8 add jQuery options objects as sources 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
5c37e6a435 add change note 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
7ef641e7b2 add qhelp 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
ee0140e704 share code between unsafe-shell and unsafe-html queries 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
23908f9ec2 remove flowpaths that has a returns without a matching call 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
6e754c70aa add test for js/html-constructed-from-input 2021-05-06 11:05:02 +02:00
Erik Krogh Kristensen
e86a3b5e57 add js/html-constructed-from-input query 2021-05-06 11:04:49 +02:00
Erik Krogh Kristensen
a400a1e9d4 split the markdown steps into a separate class 2021-05-06 10:44:39 +02:00
Erik Krogh Kristensen
4ac21e9f3f make the .filter step more precise 2021-05-05 14:53:09 +02:00
CodeQL CI
69cd9dfb7d Merge pull request #5826 from erik-krogh/moreLib 
Approved by esbena
 2021-05-05 04:40:49 -07:00
Erik Krogh Kristensen
ab53f3b380 add array.filter() as a taint-step 2021-05-05 12:03:14 +02:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen
fc3f5adbbb more source code examples in PackageExports.qll 2021-05-05 11:48:41 +02:00
Erik Krogh Kristensen
28eef264e5 recognize the define(..) call in PackageExports.qll 2021-05-05 11:23:25 +02:00
Erik Krogh Kristensen
3ca670146e remove outdated comment 2021-05-05 11:10:45 +02:00
Rasmus Wriedt Larsen
dc4a0c1d38 Python/JS: Fix typo 2021-05-05 10:13:54 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore 
Approved by esbena
 2021-05-04 04:16:15 -07:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00
CodeQL CI
6931d9a6f7 Merge pull request #5785 from edvraa/httponlyjs 
Approved by esbena
 2021-05-03 23:14:26 -07:00
edvraa
6fa2f1e653 update test message 2021-05-04 00:32:01 +03:00
Edwin
27c680e28b Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2021-05-03 16:41:09 +03:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
000826af11 typo 2021-05-03 12:18:43 +03:00
edvraa
65183cde80 Move to experimental 2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6 Comments added 2021-05-03 09:55:04 +03:00
edvraa
a24c1c8114 fix comment 2021-05-03 00:36:38 +03:00