Erik Krogh Kristensen
|
7cf7a44fda
|
autoformat
|
2020-11-12 22:33:00 +01:00 |
|
Erik Krogh Kristensen
|
49be7e959f
|
Merge branch 'main' into jwt
|
2020-11-12 21:36:09 +01:00 |
|
Erik Krogh Kristensen
|
99d03bab24
|
only flag the secret key in JWT
|
2020-11-12 21:36:05 +01:00 |
|
Asger Feldthaus
|
4d3d982bde
|
JS: Autoformat date-functions file
|
2020-11-12 10:07:30 +00:00 |
|
CodeQL CI
|
f9d62adcb2
|
Merge pull request #4567 from asgerf/js/date-functions
Approved by erik-krogh
|
2020-11-11 11:17:30 +00:00 |
|
Jonas Jensen
|
fc764db8e1
|
Merge pull request #4643 from nickrolfe/getFileBySourceArchiveName
Replace getEncodedFile with shared getFileBySourceArchiveName predicate
|
2020-11-10 17:36:29 +01:00 |
|
Nick Rolfe
|
ac4a1f1d9b
|
Update comment to be a QLDoc comment
|
2020-11-10 14:14:27 +00:00 |
|
Nick Rolfe
|
1e1eb7ee33
|
Replace getEncodedFile with shared getFileBySourceArchiveName predicate
While also making it work with paths for databases created on Windows.
|
2020-11-10 13:55:27 +00:00 |
|
Anders Schack-Mulligen
|
89ef6ea4eb
|
C++/C#/Java/JavaScript/Python: Autoformat set literals.
|
2020-11-10 13:32:27 +01:00 |
|
Erik Krogh Kristensen
|
ae7c7607f1
|
fix typos in documentation strings
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2020-11-10 10:41:39 +01:00 |
|
Erik Krogh Kristensen
|
5ecae55e77
|
add keys used by jsonwebtoken as CredentialsExpr
|
2020-11-10 10:41:39 +01:00 |
|
Erik Krogh Kristensen
|
e75259d3a6
|
model the verify function in jsonwebtoken
|
2020-11-10 10:41:39 +01:00 |
|
Erik Krogh Kristensen
|
6732493377
|
add model for jwt-decode
|
2020-11-10 10:41:36 +01:00 |
|
CodeQL CI
|
1e048d8045
|
Merge pull request #4609 from asgerf/js/destructuring-export
Approved by erik-krogh
|
2020-11-09 15:47:00 +00:00 |
|
Asger Feldthaus
|
acb30e73bc
|
JS: More precise handling of default import fallback
|
2020-11-06 12:04:41 +00:00 |
|
Asger Feldthaus
|
9e25bbc4ed
|
JS: Add support for moment-timezone as well
|
2020-11-06 09:13:52 +00:00 |
|
Asger Feldthaus
|
9418c6c8fe
|
JS: Add support for dateformat package
|
2020-11-06 09:13:52 +00:00 |
|
CodeQL CI
|
9f2eb84f2b
|
Merge pull request #4624 from erik-krogh/concatFix
Approved by asgerf
|
2020-11-06 09:11:41 +00:00 |
|
Asger Feldthaus
|
39c8226fba
|
JS: Autoformat
|
2020-11-06 09:06:20 +00:00 |
|
Asger Feldthaus
|
790526b529
|
JS: Some fixes and address review comments
|
2020-11-06 09:06:20 +00:00 |
|
Asger Feldthaus
|
8a3fba05e9
|
JS: Add steps through date-formatting functions
|
2020-11-06 09:06:18 +00:00 |
|
Asger Feldthaus
|
d07e69e529
|
JS: Improve handling of destructuring export declaration
|
2020-11-05 23:51:44 +00:00 |
|
CodeQL CI
|
a908e5938e
|
Merge pull request #4574 from erik-krogh/jsdom
Approved by asgerf
|
2020-11-05 22:13:39 +00:00 |
|
Erik Krogh Kristensen
|
9137759d7c
|
calculate the size of the concatenation before doing the actual concatenation in Expr.qll
|
2020-11-05 22:55:52 +01:00 |
|
Erik Krogh Kristensen
|
e124ba66b4
|
moving jsdom sink to js/xss
|
2020-11-05 16:10:33 +01:00 |
|
CodeQL CI
|
89a808cafe
|
Merge pull request #4552 from erik-krogh/tsImport
Approved by asgerf
|
2020-11-05 09:23:58 +00:00 |
|
CodeQL CI
|
b55f18bffd
|
Merge pull request #4549 from erik-krogh/pruneReturn
Approved by asgerf
|
2020-11-05 09:13:21 +00:00 |
|
CodeQL CI
|
c85f817cee
|
Merge pull request #4579 from erik-krogh/redos
Approved by asgerf
|
2020-11-05 08:38:44 +00:00 |
|
Erik Krogh Kristensen
|
342b6a4f2d
|
Update javascript/ql/src/semmle/javascript/security/performance/SuperlinearBackTracking.qll
Co-authored-by: Asger F <asgerf@github.com>
|
2020-11-04 22:37:56 +01:00 |
|
Erik Krogh Kristensen
|
03c46c9be0
|
autoformat
|
2020-11-04 16:18:24 +01:00 |
|
Erik Krogh Kristensen
|
b02004430c
|
prune results that end with newline, where the input cannot contain newlines
|
2020-11-03 14:48:39 +01:00 |
|
Erik Krogh Kristensen
|
120faf9d1a
|
add a code injection sink for JSDOM when "runScripts" is set to "dangerously"
|
2020-11-03 14:29:00 +01:00 |
|
Erik Krogh Kristensen
|
e6e4a485c8
|
add JSDOM.fromUrl() as a request forgery sink
|
2020-11-02 17:05:56 +01:00 |
|
CodeQL CI
|
4a59e69722
|
Merge pull request #4564 from asgerf/js/react-hooks
Approved by esbena
|
2020-10-30 21:00:31 +00:00 |
|
Asger Feldthaus
|
c7667d372e
|
JS: Address review comments
|
2020-10-30 16:25:30 +00:00 |
|
Asger Feldthaus
|
6ab7846e81
|
JS: Restrict getAContextInput
|
2020-10-30 09:28:06 +00:00 |
|
Erik Krogh Kristensen
|
ebc4856456
|
detect more expensive regexps in js/polynomial-redos
|
2020-10-30 09:52:13 +01:00 |
|
CodeQL CI
|
7856e784e1
|
Merge pull request #4566 from asgerf/js/classnames
Approved by erik-krogh
|
2020-10-29 11:00:06 +00:00 |
|
Asger F
|
581441d585
|
Update javascript/ql/src/semmle/javascript/frameworks/React.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-10-28 16:29:15 +00:00 |
|
Asger Feldthaus
|
f99db23e7b
|
JS: Add test and fix for contextType
|
2020-10-28 16:23:36 +00:00 |
|
Asger F
|
056ce38dad
|
Update javascript/ql/src/semmle/javascript/frameworks/Classnames.qll
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
|
2020-10-28 14:35:37 +00:00 |
|
Asger Feldthaus
|
081017ea8a
|
JS: Autoformat
|
2020-10-28 13:58:02 +00:00 |
|
Asger Feldthaus
|
3d86e855f3
|
JS: Add model of classnames and clsx
|
2020-10-28 13:56:35 +00:00 |
|
Asger Feldthaus
|
7ee3846142
|
JS: Add missing qldoc
|
2020-10-28 12:43:48 +00:00 |
|
Asger Feldthaus
|
7a3f0095f6
|
JS: Autoformat
|
2020-10-28 11:57:23 +00:00 |
|
Asger Feldthaus
|
d116b424f4
|
JS: Add model of react hooks and react-router
|
2020-10-28 11:57:11 +00:00 |
|
Asger Feldthaus
|
42c03ab2fd
|
JS: Add flow steps through dynamic imports
|
2020-10-28 11:57:08 +00:00 |
|
Erik Krogh Kristensen
|
75d996a0f9
|
make promisify smaller
|
2020-10-28 11:59:21 +01:00 |
|
Erik Krogh Kristensen
|
c49d5081cc
|
Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
Co-authored-by: Asger F <asgerf@github.com>
|
2020-10-28 11:45:58 +01:00 |
|
Asger Feldthaus
|
a9adb2912a
|
JS: Improve lodash model
|
2020-10-28 10:09:41 +00:00 |
|