hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,671 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

6742 Commits

Author SHA1 Message Date
Asger Feldthaus
af1b04de9c JS: Restrict what property names that are considered public exports 2021-10-01 11:42:03 +02:00
Erik Krogh Kristensen
5a1eb1995c add change note 2021-10-01 11:13:41 +02:00
Erik Krogh Kristensen
694016dcbe add missing qldoc 2021-10-01 09:01:57 +02:00
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
51b56a9e28 add cwe 090 (ldap injection) and cwe 943 (Improper Neutralization of Special Elements in Data Query Logic) to SqlInjection.ql 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
d4de5e3248 refactoring and renamings in the ldap model 2021-10-01 09:01:14 +02:00
Erik Krogh Kristensen
bcf4626fd0 remove ldap examples from experimental folder 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
9b5ff66b68 naively port tests from ldap examples 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
2b286a856c naively move ldap into the SQL injection query 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
94e2676c0f naive conversion of ldapjs model to API node 2021-10-01 09:00:10 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
Erik Krogh Kristensen
8d556ed1e1 Update python/ql/lib/semmle/python/security/BadTagFilterQuery.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-28 23:04:28 +02:00
luciaromeroML
1fc58e51a3 adding suggestion that removes sanitizer for unknown base urls 2021-09-27 17:37:36 -03:00
luciaromeroML
1f2618b893 new test case for unknown base url 2021-09-27 17:37:11 -03:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Erik Krogh Kristensen
805d1d170c do not filter away regular expressions with lookbehinds 2021-09-22 17:14:29 +02:00
Tom Hvitved
364dab6990 Remove CODEQL_REDUCE_FILES_FOLDERS_RELATIONS 2021-09-22 09:43:56 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
c40ffab093 make isStartState public in ReDoSUtil 2021-09-21 12:14:21 +02:00
Erik Krogh Kristensen
672e4a3d72 cache TopLevel::isMinified 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
60993214d5 cache isInterpretedAsRegExp 2021-09-21 12:13:37 +02:00
luciaromeroML
f348a5ce47 adding comments to some functions 2021-09-17 18:25:14 -03:00
luciaromeroML
25065bc986 simplifying sentence 2021-09-17 18:07:04 -03:00
luciaromeroML
0b0ac8317c format ql code 2021-09-17 18:05:52 -03:00
valeria-meli
054218a381 Merge branch 'main' into javascript/ssrf 2021-09-17 17:08:52 -03:00
Erik Krogh Kristensen
5c73fed83a fix dbsheme upgrade from TypeScript 4.4 PR 2021-09-15 22:38:27 +02:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
CodeQL CI
b228398b87 Merge pull request #6587 from erik-krogh/ts44 
Approved by asgerf
 2021-09-15 04:00:13 -07:00
Erik Krogh Kristensen
cf149bd8c8 add static_initializer as a stmt_parent 2021-09-15 11:54:30 +02:00
Erik Krogh Kristensen
0b83d033d7 add @static_initializer in the stats file 2021-09-15 11:33:05 +02:00
CodeQL CI
220f2ded85 Merge pull request #6698 from asgerf/js/template-self-assignment 
Approved by esbena
 2021-09-15 01:08:39 -07:00
Asger Feldthaus
b5db4047a0 JS: Exclude template files in SelfAssignment 2021-09-15 08:59:47 +02:00
Erik Krogh Kristensen
5a7785776c add upgrade script 2021-09-14 20:43:07 +02:00
Erik Krogh Kristensen
fdbf5f73b1 add JS support for static initializers 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
cc0d86403e revert some type changes that are no longer needed 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
48b763c7e9 add qldoc to StaticInitializer::getBody 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
7ce87a7118 remove stray import 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
c8c7a1f772 remove the body field from StaticInitializer and relax the valuye type on MemberDefinition 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
e3ed6c2523 refactor StaticInitializer into it's own class 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
23e28ae5d4 fix typo in comment 
Co-authored-by: Asger F <asgerf@github.com>
 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
2a03a84315 remove TODO comment 
Co-authored-by: Asger F <asgerf@github.com>
 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
ffd51e725f add getter for static initializer blocks 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
9585481d0b add support for static initializer blocks in TypeScript 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
59f15eb4eb add tests for TypeScript 4.4 types 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
02a0eed8ee add basic support for TypeScript 4.4 2021-09-14 20:40:45 +02:00
Erik Krogh Kristensen
3b6c8c5191 Merge branch 'main' into clipBoard 2021-09-14 20:21:37 +02:00
CodeQL CI
136d04390d Merge pull request #6695 from erik-krogh/js-add-cwes 
Approved by esbena
 2021-09-14 11:19:35 -07:00