hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,252 Commits 1,671 Branches 157 Tags
revert-4653-feature/csharp9-relational-pattern
Commit Graph

786 Commits

Author SHA1 Message Date
CodeQL CI
4be158b362 Merge pull request #4708 from erik-krogh/emptyName 
Approved by asgerf
 2020-11-24 17:34:55 +00:00
Erik Krogh Kristensen
33dab1717e treat nodes with type "Location" as a location source - but not if we can track it from an original node with type "Location" 2020-11-23 17:03:50 +01:00
Erik Krogh Kristensen
f7f9beeefd avoid reporting empty names in js/exposure-of-private-files 2020-11-23 14:24:42 +01:00
Erik Krogh Kristensen
02d5fbf46b remove superfluous space 2020-11-23 14:22:16 +01:00
Asger Feldthaus
f737f34dcd JS: Add UntrustedDataToExternalApi query 2020-11-19 13:42:25 +00:00
Erik Krogh Kristensen
49be7e959f Merge branch 'main' into jwt 2020-11-12 21:36:09 +01:00
Erik Krogh Kristensen
99d03bab24 only flag the secret key in JWT 2020-11-12 21:36:05 +01:00
Erik Krogh Kristensen
5ecae55e77 add keys used by jsonwebtoken as CredentialsExpr 2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
e75259d3a6 model the verify function in jsonwebtoken 2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
6732493377 add model for jwt-decode 2020-11-10 10:41:36 +01:00
Asger Feldthaus
24714c41be JS: Update test output after rebase 2020-11-06 09:14:03 +00:00
Asger Feldthaus
7bf21d80b2 JS: Shift line numbers in test file 2020-11-06 09:13:52 +00:00
Asger Feldthaus
9418c6c8fe JS: Add support for dateformat package 2020-11-06 09:13:52 +00:00
Asger Feldthaus
790526b529 JS: Some fixes and address review comments 2020-11-06 09:06:20 +00:00
Asger Feldthaus
8a3fba05e9 JS: Add steps through date-formatting functions 2020-11-06 09:06:18 +00:00
Erik Krogh Kristensen
e124ba66b4 moving jsdom sink to js/xss 2020-11-05 16:10:33 +01:00
Erik Krogh Kristensen
120faf9d1a add a code injection sink for JSDOM when "runScripts" is set to "dangerously" 2020-11-03 14:29:00 +01:00
Erik Krogh Kristensen
e6e4a485c8 add JSDOM.fromUrl() as a request forgery sink 2020-11-02 17:05:56 +01:00
CodeQL CI
4a59e69722 Merge pull request #4564 from asgerf/js/react-hooks 
Approved by esbena
 2020-10-30 21:00:31 +00:00
CodeQL CI
7856e784e1 Merge pull request #4566 from asgerf/js/classnames 
Approved by erik-krogh
 2020-10-29 11:00:06 +00:00
Asger Feldthaus
469767d279 JS: Fix test output 2020-10-28 17:00:05 +00:00
Asger Feldthaus
f99db23e7b JS: Add test and fix for contextType 2020-10-28 16:23:36 +00:00
Asger Feldthaus
3d86e855f3 JS: Add model of classnames and clsx 2020-10-28 13:56:35 +00:00
Asger Feldthaus
d116b424f4 JS: Add model of react hooks and react-router 2020-10-28 11:57:11 +00:00
Erik Krogh Kristensen
bce06d3194 add test that promisify is not imprecise 2020-10-28 11:59:03 +01:00
Erik Krogh Kristensen
2e514c4d7b add model for Node Redis 2020-10-28 09:52:54 +01:00
CodeQL CI
da58306f2d Merge pull request #4506 from asgerf/js/separate-jquery-config 
Approved by esbena
 2020-10-21 03:13:42 -07:00
Erik Krogh Kristensen
e061c6a006 add support for more custom CSRF checking middlewares 2020-10-20 15:16:14 +02:00
Asger Feldthaus
8779b7c1ce JS: Update expected output after rebase 2020-10-20 11:10:30 +01:00
Asger Feldthaus
28a73c1e18 JS: Add test case 2020-10-20 10:53:15 +01:00
Asger Feldthaus
6aac353777 JS: Update test output 2020-10-20 10:53:12 +01:00
Asger Feldthaus
50a015c73e JS: Move $() sink into separate dataflow config 2020-10-20 10:52:33 +01:00
CodeQL CI
4c5ecb4093 Merge pull request #4478 from erik-krogh/homegrownCsrf 
Approved by asgerf
 2020-10-19 11:04:10 -07:00
CodeQL CI
5ead4244fe Merge pull request #4450 from asgerf/js/angular 
Approved by erik-krogh
 2020-10-19 07:25:59 -07:00
Erik Krogh Kristensen
ce95676130 add express.csrf as an CSRF protecting middleware 2020-10-19 15:39:02 +02:00
CodeQL CI
2e52cbeb4a Merge pull request #4499 from max-schaefer/js/module_compile 
Approved by asgerf
 2020-10-19 03:06:21 -07:00
Max Schaefer
e1d90e90ad JavaScript: Add modelling for Module.prototype._compile. 2020-10-19 09:42:17 +01:00
Asger Feldthaus
4137d3f971 JS: Split CWE-079 tests into their own folders 2020-10-16 17:32:36 +01:00
Asger Feldthaus
4337c5adaf JS: Workaround ascii PR check 2020-10-16 07:12:29 +01:00
Asger Feldthaus
afd82e202d JS: Add Angular2 model 2020-10-16 07:12:29 +01:00
Erik Krogh Kristensen
8206933e85 add test for home grown CSRF protection 2020-10-15 14:51:02 +02:00
Max Schaefer
4100ab2919 JavaScript: Add another test to show that flow through functions still works. 2020-10-14 10:03:27 +01:00
Max Schaefer
1c04c07f07 JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction. 2020-10-14 10:03:04 +01:00
Max Schaefer
cd33d358aa JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. 
The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.
 2020-10-12 14:50:47 +01:00
CodeQL CI
e95b665556 Merge pull request #4363 from erik-krogh/nosql-api 
Approved by max-schaefer
 2020-10-05 12:01:34 -07:00
Erik Krogh Kristensen
abdbe92720 refactor the NoSQL model to use API graphs 2020-10-02 10:42:49 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
CodeQL CI
d7add29dc2 Merge pull request #4359 from erik-krogh/cookieWrites 
Approved by esbena
 2020-09-29 06:32:01 -07:00
CodeQL CI
11f39a9d88 Merge pull request #4342 from erik-krogh/track-where-prop 
Approved by asgerf
 2020-09-29 02:09:53 -07:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00