hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,572 Commits 1,672 Branches 157 Tags
henrymercer/benjamin-button
Commit Graph

6739 Commits

Author SHA1 Message Date
Max Schaefer
2189ab030d Revert "JS: Recognize DomSanitizer from @angular/core" 
This reverts commit ff1d0cc4c7.
 2021-11-25 17:18:34 +00:00
Henry Mercer
667305e27e Remove NoSQL sinks since September 2018 2021-11-25 17:18:34 +00:00
Esben Sparre Andreasen
79b9d05576 Remove additional Xss sinks 2021-11-25 17:18:33 +00:00
Esben Sparre Andreasen
894ef629f4 Remove additional SQL sinks 2021-11-25 17:18:33 +00:00
Esben Sparre Andreasen
16e5d70027 Remove additional path-injection sinks 2021-11-25 17:18:33 +00:00
Esben Sparre Andreasen
07a1cbe499 Remove pseudo-properties 2021-11-25 17:18:33 +00:00
Esben Sparre Andreasen
662153464e Remove 2020 sinks from SqlInjection.ql 2021-11-25 17:18:33 +00:00
Esben Sparre Andreasen
8cd3b13d84 Remove 2020 sinks from Xss.ql 2021-11-25 17:18:33 +00:00
Esben Sparre Andreasen
7d5205acee Remove 2020 sinks from TaintedPath.ql 2021-11-25 17:18:33 +00:00
Henry Mercer
29eb66d772 JS: Add ML models to .gitignore 2021-11-25 17:06:37 +00:00
Henry Mercer
2af509595b JS: Add ML models specification to ATM query pack definition 
This will allow us to resolve the ATM machine learning models that will
be distributed within this pack.
 2021-11-25 16:42:38 +00:00
Erik Krogh Kristensen
1e752f305d apply the explicit this patch to new code 2021-11-24 15:26:19 +01:00
Erik Krogh Kristensen
08ce03cd93 Merge branch 'main' into explicit-this 2021-11-24 15:24:58 +01:00
Erik Krogh Kristensen
87a1ccd428 Merge branch 'main' into getRubyInSync 2021-11-23 20:20:37 +01:00
Henry Mercer
245edd41ff Merge pull request #7186 from github/henrymercer/rename-available-models-predicate 
JS: [Internal only] Rename the available ML models external predicate
 2021-11-22 18:26:46 +00:00
Henry Mercer
8ba864e897 JS: Rename the available ML models external predicate 2021-11-19 12:56:03 +00:00
Anders Schack-Mulligen
1f3f7e9ccc Merge pull request #7169 from erik-krogh/useMatches 
use matches instead of regexpMatch/prefix/suffix
 2021-11-19 11:42:47 +01:00
Erik Krogh Kristensen
ee858d840e get ReDoSUtil in sync for ruby 2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen
011fc20963 use matches instead of regexpMatch 2021-11-18 15:41:25 +01:00
Erik Krogh Kristensen
2af7817691 use min() instead of rank[1] 2021-11-18 14:26:55 +01:00
Erik Krogh Kristensen
1cca377e7d Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Erik Krogh Kristensen
474c808373 Merge pull request #7137 from erik-krogh/functionExport 
JS: recognize library inputs when the library exports "through" a function
 2021-11-17 09:49:02 +01:00
Erik Krogh Kristensen
a7cd097ca2 Merge pull request #6756 from erik-krogh/extractBigReg 
JS: extract regexp literals for string concatenations
 2021-11-16 13:33:21 +01:00
Erik Krogh Kristensen
b9ea4a8709 recognize library inputs when the library exports "through" a function 2021-11-15 22:43:38 +01:00
Erik Krogh Kristensen
12c24c07df improve the got model 2021-11-15 21:52:12 +01:00
Erik Krogh Kristensen
0023b885f5 update expected output 2021-11-15 13:50:12 +01:00
Erik Krogh Kristensen
2163648b39 fix location off-by-ones with regexp parsing 2021-11-15 13:43:39 +01:00
CodeQL CI
c8b8a2874f Merge pull request #7119 from github/max-schaefer/api-graphs-property-copies 
Approved by asgerf
 2021-11-15 04:09:16 -08:00
Erik Krogh Kristensen
f0c5a80d1a apply the explicit this patch to new code 2021-11-13 21:03:54 +01:00
Erik Krogh Kristensen
0ff36cd083 Merge branch 'main' into explicit-this 2021-11-13 21:01:25 +01:00
Erik Krogh Kristensen
eef7709982 Merge pull request #7057 from erik-krogh/cwe598 
JS: add js/sensitive-get-query query
 2021-11-12 16:03:21 +01:00
Erik Krogh Kristensen
80919e39a2 Merge branch 'main' into extractBigReg 2021-11-12 11:45:49 +01:00
Erik Krogh Kristensen
e09c12430d Merge pull request #7105 from erik-krogh/flagJqueryUI 
JS: have the aliasPropertyPresenceStep step over extend calls
 2021-11-11 14:05:11 +01:00
CodeQL CI
34cc61e51f Merge pull request #7083 from asgerf/js/type-track-object-literals-with-methods 
Approved by erik-krogh
 2021-11-11 04:35:55 -08:00
Erik Krogh Kristensen
b513033e0f Merge pull request #7021 from erik-krogh/cwe326 
JS: Add insufficient key size query
 2021-11-11 12:17:04 +01:00
Erik Krogh Kristensen
891694b50a Merge pull request #5908 from erik-krogh/protoLib 
JS: Add library input as source to js/prototype-polluting-assignment
 2021-11-11 12:04:05 +01:00
Erik Krogh Kristensen
140a70f9df Merge pull request #7029 from erik-krogh/cwe384 
JS: add js/session-fixation query
 2021-11-11 11:59:52 +01:00
Erik Krogh Kristensen
9a11c13e11 update expected output 2021-11-11 11:56:30 +01:00
Asger F
7d8284a41c Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-11-11 10:42:49 +01:00
Erik Krogh Kristensen
5d901ef728 move extend aliasing to getAnAliasedSourceNode 2021-11-10 18:08:50 +01:00
Erik Krogh Kristensen
2d907f825e have the aliasPropertyPresenceStep step over extend calls 2021-11-10 16:26:00 +01:00
Erik Krogh Kristensen
55434653f5 add CWE-532 to the clear-text-logging query 2021-11-10 14:15:49 +01:00
Erik Krogh Kristensen
98da532c46 dont extract regular expressions from strings that are leaves in a string concat 2021-11-10 14:11:48 +01:00
Max Schaefer
a8c4455b20 Factor out an auxiliary predicate. 2021-11-10 10:17:59 +00:00
Erik Krogh Kristensen
ab5d9459c7 Update javascript/ql/src/Security/CWE-384/SessionFixation.qhelp 
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
 2021-11-10 08:24:46 +01:00
CodeQL CI
d9d304fc13 Merge pull request #7076 from asgerf/js/tainted-path-regexp-guard2 
Approved by erik-krogh
 2021-11-09 03:40:37 -08:00
Erik Krogh Kristensen
56a7c8b163 fix typo in change note 
Co-authored-by: Asger F <asgerf@github.com>
 2021-11-09 12:06:29 +01:00
Erik Krogh Kristensen
8727060ca7 add comment about modes of operation 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 11:15:12 +01:00
Asger Feldthaus
87aa39cef2 JS: Limited tracking of object literals with methods 2021-11-09 11:06:41 +01:00
Asger F
0c6680b2c0 Revert "JS: Skip files with unsupported file encoding" 2021-11-09 09:07:54 +00:00