hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,879 Commits 1,672 Branches 157 Tags
rc/1.24
Commit Graph

14 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00
Erik Krogh Kristensen
8ea6070120 add indirect command injection sink for a concatenated array 2020-02-07 11:04:34 +01:00
Max Schaefer
8aae1f443f JavaScript: Use type tracking instead of auxiliary data-flow configuration to track indirect command arguments. 2019-10-31 12:13:55 +00:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Max Schaefer
dc1d1c2f22 JavaScript: Update expected output. 2019-10-29 15:30:06 +00:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
Esben Sparre Andreasen
5a983cb535 JS: add query js/shell-command-injection-from-environment 2019-10-21 23:31:55 +02:00
Esben Sparre Andreasen
f7bfc472c1 JS: treat server responses as untrusted for command injections 2019-09-11 09:38:18 +02:00
Esben Sparre Andreasen
299d4c6e93 JS: add additional SystemCommandExecutors 2019-06-11 09:38:10 +02:00
Asger F
50a77ea843 JS: update test expectations 2019-03-06 08:41:03 +00:00
Max Schaefer
f9d704bdcf JavaScript: Add example of indirect command injection. 2019-01-11 10:24:41 +00:00
Esben Sparre Andreasen
376ed7a4d2 JS: generalize js/command-line-injection to handle ConstantString 2018-12-11 13:39:15 +01:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00