hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

1210 Commits

Author SHA1 Message Date
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Asger Feldthaus
17010e25a1 JS: Update another test 2020-06-15 13:55:46 +01:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Asger Feldthaus
c4179eb81d JS: Update test 2020-06-15 11:13:20 +01:00
semmle-qlci
b6b838774e Merge pull request #3704 from asger-semmle/js/cve-serve 
Approved by esbena
 2020-06-15 09:54:17 +01:00
Asger Feldthaus
315f3389d1 JS: Autoformat test 2020-06-12 19:58:05 +01:00
Asger Feldthaus
5548606f21 JS: Add test 2020-06-12 13:02:33 +01:00
semmle-qlci
2342d3dba3 Merge pull request #3662 from asger-semmle/js/package-export-fixes 
Approved by esbena
 2020-06-12 12:18:23 +01:00
Asger Feldthaus
4c536dde20 JS: Propagate locally returned functions out of calls 2020-06-12 10:07:37 +01:00
Asger Feldthaus
6531db3cca JS: Add test 2020-06-12 09:56:38 +01:00
semmle-qlci
5c2f1169d0 Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction 
Approved by erik-krogh, esbena
 2020-06-12 07:39:26 +01:00
Asger Feldthaus
f23c6030aa JS: Restrict domValueRef to known DOM property names 2020-06-10 15:14:23 +01:00
Asger Feldthaus
bb2b7fb6fb JS: Add test with class stored in global variable 2020-06-10 15:14:23 +01:00
Asger Feldthaus
36c4803694 JS: Add test 2020-06-10 14:08:33 +01:00
Asger Feldthaus
0345036420 JS: Fix 'match' call in StringOps::RegExpTest 2020-06-09 10:07:36 +01:00
Asger Feldthaus
53280a6b11 JS: Add test demonstrating new flow 2020-06-08 14:25:21 +01:00
Esben Sparre Andreasen
872ee13ba6 JS: formatting 2020-06-08 10:04:37 +02:00
Esben Sparre Andreasen
fa35a6a694 JS: formatting 2020-06-08 08:13:58 +02:00
Esben Sparre Andreasen
f618d430e7 JS: simplify HTTP::ContainerCollection, and improve expressivity(!) 2020-06-04 14:34:52 +02:00
Esben Sparre Andreasen
44ebf84f4c JS: more express tests 2020-06-04 14:33:03 +02:00
Max Schaefer
9549b01e3c JavaScript: Turn on experimental language features for two tests. 
All other tests already pass with experimental features turned on, so once this is merged we can do so by default.
 2020-06-04 11:27:31 +01:00
semmle-qlci
70131e6ac8 Merge pull request #3598 from asger-semmle/js/regexp-test 
Approved by esbena
 2020-06-04 09:05:21 +01:00
Esben Sparre Andreasen
afee864295 JS: make use of the colletions type tracking steps 2020-06-03 08:19:34 +02:00
Esben Sparre Andreasen
36b7574ac1 JS: add additional route handler registration tests 2020-06-03 08:18:11 +02:00
Esben Sparre Andreasen
117f009d17 JS: use HTTP::RouteHandlerCandidateContainer in Express 2020-06-03 08:18:11 +02:00
Esben Sparre Andreasen
606f8274c7 JS: add tests for various route handler registration patterns 2020-06-03 08:16:58 +02:00
Asger Feldthaus
8a38633639 JS: Handle exec() == undefined 2020-06-02 16:52:07 +01:00
Esben Sparre Andreasen
f9ed64fc45 Merge branch 'master' into js/membershiptest 2020-06-02 08:54:44 +02:00
Asger Feldthaus
fa1a6eefa7 JS: Add StringOps::RegExpTest 2020-06-01 11:43:50 +01:00
semmle-qlci
be5b343a0c Merge pull request #3564 from max-schaefer/js/reflective-argument-access 
Approved by asgerf
 2020-05-26 12:09:13 +01:00
semmle-qlci
4b0354c4bc Merge pull request #3555 from max-schaefer/js/require-flow 
Approved by asgerf
 2020-05-26 10:54:21 +01:00
Max Schaefer
7ddf5ced23 JavaScript: Update expected output for unrelated tests. 2020-05-26 10:49:30 +01:00
semmle-qlci
4b56229ca0 Merge pull request #3527 from esbena/js/fastify 
Approved by asgerf
 2020-05-26 10:44:59 +01:00
semmle-qlci
df205b617e Merge pull request #3539 from asger-semmle/js/capture-level-flow 
Approved by erik-krogh
 2020-05-26 10:42:14 +01:00
Max Schaefer
9d3a9d71f1 JavaScript: Add basic support for reasoning about reflective parameter accesses. 
Currently, only `arguments[c]` for a constant value `c` is supported.

This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.
 2020-05-26 09:59:29 +01:00
Max Schaefer
a39e8b4802 JavaScript: Add test for FlowSteps::argumentPassing predicate. 2020-05-26 09:51:06 +01:00
Max Schaefer
573fdaa424 JavaScript: Track require through local data flow. 2020-05-24 20:00:10 +01:00
semmle-qlci
b9ecf1a304 Merge pull request #3447 from erik-krogh/LibCmdInjection 
Approved by asgerf, mchammer01
 2020-05-22 17:10:57 +01:00
Asger Feldthaus
75be3b7ecb JS: Add test case for missed captured flow 2020-05-21 16:14:13 +01:00
Esben Sparre Andreasen
b31f83a5af JS: fixup expected output 2020-05-21 13:47:16 +02:00
Esben Sparre Andreasen
c400b45cd6 JS: make the Fastify model support isUserControlledObject 2020-05-21 13:42:28 +02:00
Esben Sparre Andreasen
a76c70d2d7 JS: model fastify 2020-05-21 13:42:27 +02:00
semmle-qlci
c15d22d9f8 Merge pull request #3516 from asger-semmle/js/typescript-3.9.2 
Approved by erik-krogh
 2020-05-20 11:31:57 +01:00
semmle-qlci
2bbc1c2af0 Merge pull request #3478 from erik-krogh/PromiseAll 
Approved by asgerf, esbena
 2020-05-20 11:03:05 +01:00
semmle-qlci
29b8a0db92 Merge pull request #3508 from asger-semmle/js/shared-data-flow-node 
Approved by esbena
 2020-05-20 10:58:09 +01:00
Erik Krogh Kristensen
b71919299b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-19 14:03:03 +02:00
Esben Sparre Andreasen
76bce40a8b JS: test fixups 2020-05-19 13:12:34 +02:00
Asger Feldthaus
525b9871e0 JS: Update benign test output changes 2020-05-19 11:07:08 +01:00
Erik Krogh Kristensen
0275ea955b update expected output 2020-05-19 10:29:07 +02:00