hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,673 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Porcuiney Hairs
beb15e27eb remove tests 2021-03-02 18:13:33 +05:30
Mathias Vorreiter Pedersen
23d3109071 C++: Use taintedWithPath in more tests. This is the predicate that's currently hooked up to the new IR taint tracking library. 2021-03-02 13:40:39 +01:00
Asger Feldthaus
fd9604c5ef JS: Update expected output for poly ReDoS 2021-03-02 12:39:05 +00:00
Asger Feldthaus
31721b5fe3 JS: Fix missing qldoc 2021-03-02 12:39:05 +00:00
Asger Feldthaus
05594f2936 JS: Change note 2021-03-02 12:39:05 +00:00
Asger Feldthaus
0bd60c1989 JS: Autoformat 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Asger Feldthaus
7afa755597 JS: Add ajv error as source of ExceptionXss 2021-03-02 12:39:04 +00:00
Asger Feldthaus
24199a5499 JS: Add query for resource exhaustion from deep object handling 2021-03-02 12:39:04 +00:00
Asger Feldthaus
b978359803 JS: Add schema validation as TaintedObject sanitizer 2021-03-02 12:39:04 +00:00
Tamas Vajk
fa2f345611 Revert "Simplify MissingCallTarget for calli" 
This reverts commit 3b82abd7c7.
 2021-03-02 12:58:42 +01:00
Erik Krogh Kristensen
55985c969b add change note 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
ecccb8a409 only flag React elements in ClientSideUrlRedirect if it's a HTML element, or known link class 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
36049f05f8 update Next.js xss example such that the attack is viable 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
1f02594ccc rename and move getAPropertyNameInterpretedAsJavaScriptUrl 2021-03-02 12:25:50 +01:00
Erik Krogh Kristensen
5b5baced9a add support for replace in Next.js router 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
97032f8627 add ClientSideUrlRedirect sink for Next.js routers 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a79c30a818 support NextJS API endpoints 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
0e7e3e6178 support Next.js pages that export React components 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
1fdbbb682d support Next.js page request/response objects 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
a5cf024c9f add support for getServerSideProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
af262a035d add support for getInitialProps in Next.js 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
d63fcaf7f1 add step from getStaticProps to the component render function 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
9d7bb57d8a add parameter values from Next as a RemoteFlowSource 2021-03-02 12:25:49 +01:00
Erik Krogh Kristensen
41a0c0b55e support React links in js/client-side-unvalidated-url-redirection 2021-03-02 12:25:49 +01:00
Francis Alexander
4384f78595 Play stubs improvements, cleanup and return values 2021-03-02 16:50:16 +05:30
CodeQL CI
79839d2304 Merge pull request #5267 from erik-krogh/httpProxy 
Approved by asgerf
 2021-03-02 02:46:50 -08:00
Owen Mansel-Chan
6460ce3f83 Add @codeql-go as code owners for the shared data-flow library files 2021-03-02 10:39:47 +00:00
Anders Schack-Mulligen
b0fa8dfeae Merge pull request #4214 from porcupineyhairs/springViewManipulation 
[Java] Add QL for detecting Spring View Manipulation Vulnerabilities.
 2021-03-02 11:31:42 +01:00
Mathias Vorreiter Pedersen
6ba35f4aac C++: Fix function renaming and accept test change. 2021-03-02 11:31:24 +01:00
Mathias Vorreiter Pedersen
9f02c144a8 C++: Remove files that were incorrectly added when resolving merge conflicts. 2021-03-02 11:14:49 +01:00
CodeQL CI
2957131853 Merge pull request #5258 from erik-krogh/nextPerf 
Approved by asgerf
 2021-03-02 02:04:20 -08:00
CodeQL CI
9ea8f8201c Merge pull request #5265 from erik-krogh/cacheRemote 
Approved by asgerf
 2021-03-02 02:03:09 -08:00
Mathias Vorreiter Pedersen
ffc6af73b7 C++: Accept test changes. 2021-03-02 11:00:43 +01:00
Mathias Vorreiter Pedersen
748f5344ff Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-02 10:43:37 +01:00
Anders Schack-Mulligen
394c82d564 Apply suggestions from code review 
Adjust qldoc.
 2021-03-02 10:17:07 +01:00
Tamas Vajk
faf69d65da Fix merge error 2021-03-02 09:23:15 +01:00
Tamas Vajk
3b82abd7c7 Simplify MissingCallTarget for calli 2021-03-02 09:21:24 +01:00
Tamas Vajk
7ae640ce16 Fix OS specific tests 2021-03-02 09:21:24 +01:00
Tamas Vajk
f2e667173c C#: Add calli IL opcode extraction 2021-03-02 09:21:24 +01:00
Tamas Vajk
17109a36ce Fix extraction error due to missing DLL 2021-03-02 09:21:24 +01:00
Tamas Vajk
6205ec233c Fix more failing tests 2021-03-02 09:21:24 +01:00
Tamas Vajk
2b1c6faefd Fix failing test 2021-03-02 09:21:24 +01:00
Tamas Vajk
4f383be13b Fix new (nullability) compiler warnings 2021-03-02 09:21:24 +01:00
Tamas Vajk
71f095d6d4 Upgrade projects to .net 5 2021-03-02 09:20:31 +01:00
Aditya Sharad
dbed4a1a8b Actions: Add workflow to request docs review 
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.

Only runs when the PR base is github/codeql, to prevent notifications from forks.
 2021-03-01 17:15:03 -08:00
luchua-bc
95d1994196 Query to check sensitive cookies without the HttpOnly flag set 2021-03-01 22:06:52 +00:00
Robert Marsh
2b382d588a C++: autoformat Operand.qll 2021-03-01 11:13:04 -08:00
Calum Grant
cee96775b8 Merge pull request #5305 from asgerf/js/tuple-type-rest-index-stats 
JS: Regenerate stats for tuple_type_rest_index
codeql-cli/v2.4.5 		2021-03-01 17:43:55 +00:00
Porcuiney Hairs
5151a528ac Include suggestions from review 2021-03-01 22:59:30 +05:30