hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

3856 Commits

Author SHA1 Message Date
Asger Feldthaus
b9cd157c0f JS: Autoformat 2020-06-12 15:36:02 +01:00
Esben Sparre Andreasen
678bb7c128 JS: simplify loop detection 2020-06-12 14:56:08 +02:00
Asger Feldthaus
eaf6be5fea JS: Fix lazy qldoc 2020-06-12 13:29:35 +01:00
Erik Krogh Kristensen
01c51eea89 Merge pull request #3680 from erik-krogh/bad-code-sanitizer 
JS: Add query to detect bad code sanitizers
 2020-06-12 14:00:21 +02:00
Asger Feldthaus
4795b87daa JS: Add model of Micro 2020-06-12 12:45:11 +01:00
Asger Feldthaus
230f78afb6 JS: Step through path.{format, parse} 2020-06-12 12:26:45 +01:00
semmle-qlci
2342d3dba3 Merge pull request #3662 from asger-semmle/js/package-export-fixes 
Approved by esbena
 2020-06-12 12:18:23 +01:00
Erik Krogh Kristensen
f0ec2eb37b add missing qldoc 2020-06-12 11:47:53 +02:00
Erik Krogh Kristensen
c9fc1a378d Merge pull request #3663 from erik-krogh/bad-crypto 
JS: Introduce query to detect biased random number generators
 2020-06-12 11:32:12 +02:00
Erik Krogh Kristensen
1751fb6c47 add missing qldoc 2020-06-12 11:30:22 +02:00
Erik Krogh Kristensen
adabd2daca add qldoc and customizations module 2020-06-12 11:26:49 +02:00
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Erik Krogh Kristensen
908edb39b9 unsecure -> insecure 2020-06-12 11:02:26 +02:00
Erik Krogh Kristensen
86b23b239e Merge pull request #3656 from erik-krogh/destruct-yargs 
JS: support rest-patterns inside property patterns
 2020-06-12 10:57:24 +02:00
Erik Krogh Kristensen
57d2226080 typo 2020-06-12 10:55:29 +02:00
Erik Krogh Kristensen
9780fcf8fe fix ftp protocol regexp 2020-06-12 10:54:56 +02:00
Erik Krogh Kristensen
3f957103ed improve alert message - and autoformat 2020-06-12 10:53:19 +02:00
Erik Krogh Kristensen
056a7e87ff refactor into customizations module - and move curl download to a ClientRequest 2020-06-12 10:51:09 +02:00
Erik Krogh Kristensen
8225adcaea move TODOs 2020-06-12 10:28:06 +02:00
Erik Krogh Kristensen
02c4a0477d add tests for js/build-artifact-leak 2020-06-12 10:21:37 +02:00
Jonas Jensen
abd05bcff1 Merge pull request #3596 from robertbrignull/more-suites 
Add more code-scanning suites
 2020-06-12 09:08:20 +02:00
Esben Sparre Andreasen
1bdae109c5 Merge pull request #3686 from esbena/js/insecure-http-options 
JS: add query js/disabling-certificate-validation
 2020-06-12 08:40:12 +02:00
semmle-qlci
5c2f1169d0 Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction 
Approved by erik-krogh, esbena
 2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen
243e3ad9e3 Merge pull request #3672 from esbena/js/server-crashing-route-handler 
JS: add initial version of ServerCrash.ql
 2020-06-12 08:38:37 +02:00
Erik Krogh Kristensen
5b491313ad add simple query for detecting sensitive files downloaded over unsecure connection 2020-06-11 23:19:28 +02:00
Erik Krogh Kristensen
065cb04202 make PropNode private again 2020-06-11 23:19:03 +02:00
Erik Krogh Kristensen
ef72c03ca9 use simpler taint-step for DestructingPattern 2020-06-11 23:16:46 +02:00
Esben Sparre Andreasen
169c8909df formatting 2020-06-11 13:28:26 +02:00
Esben Sparre Andreasen
bc7f02156b JS: replace class with two predicates (and improve alert message) 2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841 less heuristics when flagging division that is rounded 2020-06-11 12:55:13 +02:00
Erik Krogh Kristensen
f1b24ba901 use type inference to detect string concatenations 2020-06-11 12:34:58 +02:00
Esben Sparre Andreasen
2e059376fd JS: add query js/disabling-certificate-validation 2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
f634c62af5 remove redundant check 2020-06-11 12:18:41 +02:00
Erik Krogh Kristensen
c375a0c611 fix compilation and update expected output 2020-06-11 11:16:38 +02:00
Erik Krogh Kristensen
1124816f73 fixing FPs in js/biased-cryptographic-random 2020-06-11 11:06:02 +02:00
Asger Feldthaus
4bb2e8b637 JS: Update test externs and include array indices 2020-06-11 09:53:55 +01:00
ubuntu
e8b05b70c4 Added support for detecting unsafe methods used for origin verification 2020-06-10 23:11:03 +02:00
ubuntu
cf3142e083 Updated qhelp with a third example 2020-06-10 23:09:35 +02:00
ubuntu
92f9f320f9 Added new example of an unsafe event.origin verification 2020-06-10 23:07:05 +02:00
Erik Krogh Kristensen
aa3482cbae improve detection of duplicate results with js/code-injection 2020-06-10 22:58:02 +02:00
Erik Krogh Kristensen
5142670138 don't import AdditionalSinks, refactor sink out in new HeuristicSinks instead 2020-06-10 22:30:45 +02:00
Esben Sparre Andreasen
d6ae905eac JS: remove speculative property access sink from js/server-crash 2020-06-10 21:40:12 +02:00
semmle-qlci
b841cacb83 Merge pull request #3676 from max-schaefer/js/global-access-paths-minor-fixes 
Approved by erik-krogh
 2020-06-10 20:02:55 +01:00
Erik Krogh Kristensen
373a437d71 add query to detect improperly sanitized code 2020-06-10 19:50:12 +02:00
Erik Krogh Kristensen
5c31b94761 autoformat and update expected output 2020-06-10 18:00:56 +02:00
Max Schaefer
0f2186c844 JavaScript: Fix a few typos. 2020-06-10 16:44:24 +01:00
Asger Feldthaus
f23c6030aa JS: Restrict domValueRef to known DOM property names 2020-06-10 15:14:23 +01:00
Asger Feldthaus
07e90ff65f JS: Autoformat 2020-06-10 14:03:01 +01:00
semmle-qlci
df79f2adc5 Merge pull request #3655 from asger-semmle/js/string-ops-regexp-test-fix 
Approved by esbena
 2020-06-10 13:35:22 +01:00
Esben Sparre Andreasen
1d396524a3 JS: add initial version of ServerCrash.ql 2020-06-10 14:25:56 +02:00