codeql

mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00

Author	SHA1	Message	Date
Napalys	62194f5337	JS: add test cases RegExp with unknown flags	2024-11-28 11:26:57 +01:00
Napalys	e673348ed3	JS: now RegExp with unknown flags is not flagged as an issue within password Clear text storage of sensitive information	2024-11-28 11:26:56 +01:00
Napalys	a2c46749c6	JS: fixed issue where MaskingReplacer would work only with regexp literals but not objects	2024-11-28 11:26:55 +01:00
Napalys	1ca57cfb9d	JS: add test cases with RegExp object for MaskingReplacer, currently gives wrong results	2024-11-28 11:26:54 +01:00
Napalys	c71778f1aa	JS: xss does not flag anymore replace with RegExp unknown flags	2024-11-28 11:26:53 +01:00
Napalys	dbae553146	JS: add xss test cases with unknownflags for replace using RegExp	2024-11-28 11:26:52 +01:00
Napalys	fe28657c7d	JS: add test cases with unknown flags for double escaping, works as expected.	2024-11-28 11:26:51 +01:00
Napalys	98fd97799c	JS: imcomplete sanization now handles properly maybe global	2024-11-28 11:26:50 +01:00
Napalys	1ae174849f	JS: incomplete sanitization now also works with RegExp objects	2024-11-28 11:26:48 +01:00
Napalys	76318035ff	JS: Add test cases for RegExp object usage in replace within incomplete sanitization	2024-11-28 11:26:47 +01:00
Napalys	9c2366a660	JS: Added tests for ReDos with unknownFlags, everything seems to be good	2024-11-28 11:26:46 +01:00
Napalys	875478c1c6	JS: Fixed path query not flagging new RegExp with DotRemovingReplaceCall	2024-11-28 11:26:45 +01:00
Napalys	aa557cf950	JS: Added tests for DotRemovingReplaceCall with RegExp Object.	2024-11-28 11:26:44 +01:00
Napalys	a0df33c3ac	JS: UnsafeShellCommand Using unknown flags in the RegExp object is no longer flagged as bad sanitization to reduce false positives.	2024-11-28 11:26:43 +01:00
Napalys	155f1fca85	JS: Added test cases for unsafe shell command sanitization with RegExpr Object, instead of literal	2024-11-28 11:26:42 +01:00
Napalys	23b18aeca9	JS: Now unknown flags are not flagged in taint paths	2024-11-28 11:26:41 +01:00
Napalys	eca7a88615	JS: Fixed docs description	2024-11-28 11:26:40 +01:00
Napalys	7db6f7c721	JS: Added test cases with new RegExp for Tainted paths, currently works only with literals	2024-11-28 11:26:39 +01:00
Napalys	faef9dd877	JS: protyte poluting now treats unknownFlags as potentially good sanitization.	2024-11-28 11:26:38 +01:00
Napalys	41fef0f2b3	JS: Added test cases which cover new RegExp creation with replace on protytpe pulluting	2024-11-28 11:26:37 +01:00
Napalys	18c7b18f82	JS: Now BadHtmlSanitizers new RegExp with unknown flags is also flagged.	2024-11-28 11:26:36 +01:00
Napalys	89f3b6f8d3	JS: Added test case for bad sanitizer with unknown flags, currently not flagged.	2024-11-28 11:26:35 +01:00
Napalys	38be0e4c0a	JS: Now BadHtmlSanitizers also flags new RegExp as potential issue	2024-11-28 11:26:34 +01:00
Napalys	41f21d429b	JS: Added test case which is not flagged but should be abusing new RegExp with global flag	2024-11-28 11:26:33 +01:00
Geoffrey White	23ed48ea12	Swift: Add a couple more makeIterator() implementations to be safe.	2024-11-28 10:18:13 +00:00
Geoffrey White	1d43abfe4d	Swift: Model Collection.makeIterator().	2024-11-28 10:11:55 +00:00
Paolo Tranquilli	814218c7a8	Swift: extract variables as children of `ForEachStmt`	2024-11-28 11:03:46 +01:00
Tamas Vajk	5727fda07a	C#: Exclude `get`-only property accesses from `CallTargetStats`	2024-11-28 11:02:39 +01:00
Simon Friis Vindum	e8ddb6b180	Rust: Add `getStaticTarget` to `CallExprBase`	2024-11-28 10:57:07 +01:00
Edward Minnix III	1b224c1ab2	Merge pull request #17258 from egregius313/egregius313/go/mad/documentation Go: Models as Data Documentation	2024-11-27 22:55:50 -05:00
Mathias Vorreiter Pedersen	3c0af498db	C++: Fix bug introduced in an earlier commit and accept test changes. They all look good.	2024-11-27 19:04:25 +00:00
Óscar San José	1a0442c5a6	Adding correct wildcard	2024-11-27 19:34:34 +01:00
Óscar San José	5790f5d5dc	Include paths on pull_request event trigger for compile-queries.yml workflow	2024-11-27 18:37:12 +01:00
Mathias Vorreiter Pedersen	02428745bd	C++: Add change note.	2024-11-27 16:42:00 +00:00
Mathias Vorreiter Pedersen	19e7c37760	C++: Update the final test changes. Nothing exciting here.	2024-11-27 16:41:58 +00:00
Mathias Vorreiter Pedersen	d69de0cc76	C++: Add a MaD model for 'CRegKey' and mark query calls as local flow sources.	2024-11-27 16:41:57 +00:00
Mathias Vorreiter Pedersen	5aada39a4e	C++: Add failing tests for 'CRegKey'.	2024-11-27 16:41:55 +00:00
Mathias Vorreiter Pedersen	33212da876	C++: Add a MaD model for 'CAtlTemporaryFile' and mark reads as local flow sources.	2024-11-27 16:41:53 +00:00
Mathias Vorreiter Pedersen	67ba85a0a3	C++: Add failing tests for 'CAtlTemporaryFile'.	2024-11-27 16:41:52 +00:00
Mathias Vorreiter Pedersen	3709151353	C++: Add a MaD model for 'CAtlFileMappingBase' and mark reads as local flow sources.	2024-11-27 16:41:51 +00:00
Mathias Vorreiter Pedersen	ac0599cf75	C++: Add a failing test with 'CAtlFileMapping'.	2024-11-27 16:41:50 +00:00
Mathias Vorreiter Pedersen	74eae4a18d	C++: Add a MaD model for 'CAtlFile' and mark reads as local flow sources.	2024-11-27 16:41:48 +00:00
Mathias Vorreiter Pedersen	dee47f2111	C++: Add a failing test with 'CAtlFile'.	2024-11-27 16:41:47 +00:00
Mathias Vorreiter Pedersen	e73fccdb4a	C++: Add more types that we'll need for later.	2024-11-27 16:41:46 +00:00
Mathias Vorreiter Pedersen	300e3eaba6	C++: Add MaD model for 'CUrl'.	2024-11-27 16:41:45 +00:00
Mathias Vorreiter Pedersen	1ea879a880	C++: Add failing tests for 'CUrl'.	2024-11-27 16:41:43 +00:00
Mathias Vorreiter Pedersen	74b6c9dcc7	C++: Add MaD model for 'CSimpleMap'.	2024-11-27 16:41:42 +00:00
Mathias Vorreiter Pedersen	12674ea2e6	C++: Add failing tests with 'CSimpleMap'.	2024-11-27 16:41:41 +00:00
Mathias Vorreiter Pedersen	02b88d5dbd	C++: Add MaD model for 'CSimpleArray'.	2024-11-27 16:41:40 +00:00
Mathias Vorreiter Pedersen	029c0134eb	C++: Add failing tests with 'CSimpleArray'.	2024-11-27 16:41:38 +00:00

... 97 98 99 100 101 ...

78658 Commits