hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,672 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

3856 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c4f61134f1 include the source of cryptographically random number in alert message 2020-06-10 13:32:46 +02:00
Erik Krogh Kristensen
7e8fd80327 use steps from InsecureRandomness, and use small-steps 2020-06-10 12:27:50 +02:00
Erik Krogh Kristensen
9029dbacf5 refactor isAdditionalTaintStep to a utility predicate in InsecureRandomness 2020-06-10 10:55:30 +02:00
Erik Krogh Kristensen
9189f23403 add support for secure-random 2020-06-10 10:39:02 +02:00
Erik Krogh Kristensen
16ec405724 add explanations about modulo by power of 2 2020-06-10 10:38:47 +02:00
Erik Krogh Kristensen
111f6d406c introduce query to detect biased random number generators 2020-06-10 10:00:10 +02:00
Erik Krogh Kristensen
733e04c1eb Move rest-pattern inside property-pattern step to a taint-step 2020-06-10 09:02:22 +02:00
Erik Krogh Kristensen
2f9124f754 add missing qldoc 2020-06-09 23:32:58 +02:00
Erik Krogh Kristensen
eb00da5b31 improve readability 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-09 20:02:46 +02:00
Asger Feldthaus
a923a404ab JS: Explicitly handle export declarations in PackageExports 2020-06-09 18:28:15 +01:00
Asger Feldthaus
806c9a372e JS: Resolve package.json main module differently 2020-06-09 18:28:15 +01:00
Erik Krogh Kristensen
b8a9ac39f4 add lValueFlowStep for rest-pattern nested inside a property-pattern (and removed old incorrect approach) 2020-06-09 18:16:00 +02:00
Erik Krogh Kristensen
b6e0e6645f Merge pull request #3645 from erik-krogh/infExposure 
JS: add query to detect accidential leak of private files
 2020-06-09 17:38:31 +02:00
Erik Krogh Kristensen
a7f6f045d2 add taint-steps for copying properties of an object 2020-06-09 17:16:13 +02:00
Erik Krogh Kristensen
7050d9d7bb remove dead FlowLabel 2020-06-09 17:15:55 +02:00
Erik Krogh Kristensen
2af8739bb6 simplify web.DefinePlugin sink 2020-06-09 17:15:35 +02:00
Erik Krogh Kristensen
90596167b1 add taint-step for Array.reduce 2020-06-09 17:15:00 +02:00
Erik Krogh Kristensen
be71ddf7bb introduce basic BuildArtifactLeak query 2020-06-09 15:27:55 +02:00
Erik Krogh Kristensen
896a9b05f6 refactor CleartextLogging to allow for reuse 2020-06-09 15:03:07 +02:00
Erik Krogh Kristensen
b510e470b1 support rest-patterns inside property patterns 2020-06-09 13:28:56 +02:00
Asger Feldthaus
0345036420 JS: Fix 'match' call in StringOps::RegExpTest 2020-06-09 10:07:36 +01:00
Erik Krogh Kristensen
c2fbcea96f base the chaining on yargs on the methods that are NOT chained 2020-06-09 10:22:25 +02:00
Esben Sparre Andreasen
2d2468463b JS: initial version of IncompleteMultiCharacterSanitization.ql 2020-06-09 08:59:59 +02:00
Erik Krogh Kristensen
167239e745 add query to detect accidential leak of private files 2020-06-08 23:41:14 +02:00
ubuntu
ab65ec40c0 Add Codeql to detect missing 'Message.origin' validation when using postMessage API 2020-06-08 20:18:34 +02:00
Erik Krogh Kristensen
0f06f04e32 extend support for yargs for js/indirect-command-line-injection 2020-06-08 16:45:09 +02:00
Asger Feldthaus
2d9b9fa584 JS: Use PreCallGraphStep in select array steps 2020-06-08 13:45:28 +01:00
Asger Feldthaus
3d2bbbd3db JS: Add PreCallGraphStep extension point 2020-06-08 13:45:28 +01:00
Asger Feldthaus
1f2ab605bd JS: Add store/load steps to AdditionalTypeTrackingStep 2020-06-08 13:45:28 +01:00
semmle-qlci
ff6936caa7 Merge pull request #3625 from erik-krogh/CVE714 
Approved by asgerf
 2020-06-05 12:21:10 +01:00
semmle-qlci
69a1e11c06 Merge pull request #3609 from erik-krogh/CredFN 
Approved by asgerf, esbena
 2020-06-05 10:49:01 +01:00
Erik Krogh Kristensen
82cf53897f TypeOfCheck -> TypeOfUndefinedSanitizer 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-05 11:35:39 +02:00
Erik Krogh Kristensen
05d7be8e23 autoformat 2020-06-05 09:59:45 +02:00
Erik Krogh Kristensen
96ca4cf7eb add missing quote 2020-06-04 19:45:24 +00:00
Erik Krogh Kristensen
815671f5d0 add sanitizer guard for typeof undefined 2020-06-04 21:32:26 +02:00
Erik Krogh Kristensen
ed4e1bbbdf don't have a MembershipTestBarrierGuard in Configuration.qll 2020-06-04 16:13:49 +02:00
Erik Krogh Kristensen
b7a3c4a3d6 autoformat 2020-06-04 16:07:28 +02:00
Esben Sparre Andreasen
f618d430e7 JS: simplify HTTP::ContainerCollection, and improve expressivity(!) 2020-06-04 14:34:52 +02:00
Erik Krogh Kristensen
550c578c3c use MemberShipTest in TaintedPath 2020-06-04 10:51:08 +02:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Erik Krogh Kristensen
7c26efbc12 case insensitive authorization header 2020-06-03 15:23:51 +02:00
Erik Krogh Kristensen
b508ad41c8 don't have a separate fetch module 2020-06-03 15:20:06 +02:00
Erik Krogh Kristensen
46cd0143d8 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-03 15:18:10 +02:00
Esben Sparre Andreasen
8316121a44 JS: formatting 2020-06-03 15:02:36 +02:00
Erik Krogh Kristensen
28a1900612 treat all writes to Authorization as a CredentialsExpr 2020-06-03 13:55:49 +02:00
Erik Krogh Kristensen
6466ab19a0 Update javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:51:04 +02:00
Erik Krogh Kristensen
f8caec76ab move the Fetch module to ClientRequests 2020-06-03 13:37:34 +02:00
Erik Krogh Kristensen
aa463d8298 mention fetch instead of node-fetch 2020-06-03 13:33:43 +02:00
Erik Krogh Kristensen
1b53cd4bd9 update docstring of FetchAuthorization 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-03 13:31:16 +02:00
Erik Krogh Kristensen
a1940979ba support credentials in a Buffer 2020-06-03 12:02:00 +02:00